Sign upLogin

caidooss/grafana-auth-proxy

View on GitHub
Star

Showing 6 of 8 total issues

Function main has 94 lines of code (exceeds 50 allowed). Consider refactoring.
Open

func main() {
    var err error

    // Load .env file
    err = godotenv.Load(".env")
Severity: Major
Found in main.go - About 2 hrs to fix

    Function createRequestsHandler has 54 lines of code (exceeds 50 allowed). Consider refactoring.
    Open

    func createRequestsHandler(c *cli.Context) (*RequestsHandler, error) {
    // Prepare token extractor
    extractors := make([]extraction.Extractor, 0, 2)

    cookieName := c.String("cookie")
    Severity: Minor
    Found in main.go - About 1 hr to fix

      Function createRequestsHandler has 9 return statements (exceeds 4 allowed).
      Open

      func createRequestsHandler(c *cli.Context) (*RequestsHandler, error) {
    // Prepare token extractor
    extractors := make([]extraction.Extractor, 0, 2)

    cookieName := c.String("cookie")
      Severity: Major
      Found in main.go - About 55 mins to fix

        Method TokenValidator.Validate has 6 return statements (exceeds 4 allowed).
        Open

        func (tv *TokenValidator) Validate(tokenString string) (*jwt.Token, error) {
    // Extract token
    token, err := jwt.Parse(tokenString, tv.getTokenAssociatedPublicKey)
    if err != nil {
        switch err.(type) {
        Severity: Major
        Found in pkg/validation/validation.go - About 40 mins to fix

          Method TokenValidator.getTokenAssociatedPublicKey has 6 return statements (exceeds 4 allowed).
          Open

          func (tv *TokenValidator) getTokenAssociatedPublicKey(token *jwt.Token) (interface{}, error) {
    // Verify ALG: it should at least be not "none". We decided to restrict it further to a set of trusted algorithms.
    // See vulnerability: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
    algHeader := token.Header["alg"]
    if algHeader == nil {
          Severity: Major
          Found in pkg/validation/validation.go - About 40 mins to fix

            Method headerExtractor.Extract has 5 return statements (exceeds 4 allowed).
            Open

            func (he *headerExtractor) Extract(r *http.Request) (string, error) {
    // Extract header
    header := r.Header.Get(he.headerName)
    if header == "" {
        return "", errors.New(fmt.Sprintf("no header %s", he.headerName))
            Severity: Major
            Found in pkg/extraction/header.go - About 35 mins to fix
              Severity
              Category
              Status
              Source
              Language