Affected by GO-2022-0495 and 16 other vulnerabilities

GO-2022-0495: DoS through large manifest files in Argo CD in github.com/argoproj/argo-cd

GO-2022-0497: Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

GO-2022-0498: Argo CD's external URLs for Deployments can include JavaScript in github.com/argoproj/argo-cd

GO-2022-0499: Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

GO-2022-0517: Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd

GO-2022-0518: Argo CD certificate verification is skipped for connections to OIDC providers in github.com/argoproj/argo-cd

GO-2023-1520: JWT audience claim is not verified in github.com/argoproj/argo-cd

GO-2023-1577: Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

GO-2023-1670: Argo CD authenticated but unauthorized users may enumerate Application names via the API in github.com/argoproj/argo-cd

GO-2023-2049: Argo CD cluster secret might leak in cluster details page in github.com/argoproj/argo-cd

GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

GO-2024-2792: Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd

GO-2024-2877: ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache in github.com/argoproj/argo-cd

GO-2024-2898: Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

GO-2024-3002: Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd

GO-2025-3427: ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd

GO-2025-3433: Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd

util

package

v2.3.4 Latest Latest Go to latest Published: May 18, 2022 License: Apache-2.0 Imports: 3 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

func MakeSignature(size int) ([]byte, error)
func Wait(timeout uint, f func(chan<- bool)) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MakeSignature ¶

func MakeSignature(size int) ([]byte, error)

MakeSignature generates a cryptographically-secure pseudo-random token, based on a given number of random bytes, for signing purposes.

func Wait ¶

func Wait(timeout uint, f func(chan<- bool)) bool

Wait takes a check interval and timeout and waits for a function to return `true`. Wait will return `true` on success and `false` on timeout. The passed function, in turn, should pass `true` (or anything, really) to the channel when it's done. Pass `0` as the timeout to run infinitely until completion.

Types ¶

This section is empty.

Source Files ¶

View all Source files

util.go

Directories ¶

Path	Synopsis
app
discovery
path
argo
diff
managedfields
normalizers Code generated by github.com/argoproj/argo-cd/hack/known_types.	Code generated by github.com/argoproj/argo-cd/hack/known_types.
assets
buffered_context
cache
appstate
cert Utility functions for managing HTTPS server certificates and SSH known host entries for ArgoCD	Utility functions for managing HTTPS server certificates and SSH known host entries for ArgoCD
cli
clusterauth
collections
config
crypto
db
mocks
dex
env
errors
exec
git
mocks
glob
gpg
grpc
hash
healthz
helm
mocks
http
io
files
path
jwt
ksonnet
kube
kustomize
localconfig
log
lua
notification
argocd
expression
expression/repo
expression/shared
expression/strings
expression/time
k8s
settings
oidc
password
profile
proxy
rand
rbac
resource
security
session
settings
stats
swagger
templates
text
label
tls
webhook

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL