oauth2-proxy/oauth2-proxy

View on GitHub

Showing 48 of 54 total issues

File oauthproxy.go has 992 lines of code (exceeds 500 allowed). Consider refactoring.
Open

package main

import (
    "context"
    "embed"
Severity: Major
Found in oauthproxy.go - About 1 day to fix

    File legacy_options.go has 665 lines of code (exceeds 500 allowed). Consider refactoring.
    Open

    package options
    
    import (
        "fmt"
        "net/url"
    Severity: Minor
    Found in pkg/apis/options/legacy_options.go - About 5 hrs to fix

      OAuthProxy has 30 methods (exceeds 20 allowed). Consider refactoring.
      Open

      type OAuthProxy struct {
          CookieOptions *options.Cookie
          Validator     func(string) bool
      
          SignInPath string
      Severity: Minor
      Found in oauthproxy.go - About 3 hrs to fix

        Function NewOAuthProxy has 116 lines of code (exceeds 50 allowed). Consider refactoring.
        Open

        func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthProxy, error) {
            sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
            if err != nil {
                return nil, fmt.Errorf("error initialising session store: %v", err)
            }
        Severity: Major
        Found in oauthproxy.go - About 3 hrs to fix

          Method LegacyProvider.convert has 109 lines of code (exceeds 50 allowed). Consider refactoring.
          Open

          func (l *LegacyProvider) convert() (Providers, error) {
              providers := Providers{}
          
              provider := Provider{
                  ClientID:                 l.ClientID,
          Severity: Major
          Found in pkg/apis/options/legacy_options.go - About 3 hrs to fix

            Method BitbucketProvider.GetEmailAddress has 83 lines of code (exceeds 50 allowed). Consider refactoring.
            Open

            func (p *BitbucketProvider) GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error) {
            
                var emails struct {
                    Values []struct {
                        Email   string `json:"email"`
            Severity: Major
            Found in providers/bitbucket.go - About 2 hrs to fix

              Function newProviderDataFromConfig has 73 lines of code (exceeds 50 allowed). Consider refactoring.
              Open

              func newProviderDataFromConfig(providerConfig options.Provider) (*ProviderData, error) {
                  p := &ProviderData{
                      Scope:            providerConfig.Scope,
                      ClientID:         providerConfig.ClientID,
                      ClientSecret:     providerConfig.ClientSecret,
              Severity: Minor
              Found in providers/providers.go - About 1 hr to fix

                Function Validate has 71 lines of code (exceeds 50 allowed). Consider refactoring.
                Open

                func Validate(o *options.Options) error {
                    msgs := validateCookie(o.Cookie)
                    msgs = append(msgs, validateSessionCookieMinimal(o)...)
                    msgs = append(msgs, validateRedisSessionStore(o)...)
                    msgs = append(msgs, prefixValues("injectRequestHeaders: ", validateHeaders(o.InjectRequestHeaders)...)...)
                Severity: Minor
                Found in pkg/validation/options.go - About 1 hr to fix

                  Method OAuthProxy.OAuthCallback has 70 lines of code (exceeds 50 allowed). Consider refactoring.
                  Open

                  func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
                      remoteAddr := ip.GetClientString(p.realClientIPParser, req, true)
                  
                      // finish the oauth cycle
                      err := req.ParseForm()
                  Severity: Minor
                  Found in oauthproxy.go - About 1 hr to fix

                    Method LoginGovProvider.Redeem has 55 lines of code (exceeds 50 allowed). Consider refactoring.
                    Open

                    func (p *LoginGovProvider) Redeem(ctx context.Context, _, code, codeVerifier string) (*sessions.SessionState, error) {
                        if code == "" {
                            return nil, ErrMissingCode
                        }
                    
                    
                    Severity: Minor
                    Found in providers/logingov.go - About 1 hr to fix

                      Function NewOAuthProxy has 12 return statements (exceeds 4 allowed).
                      Open

                      func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthProxy, error) {
                          sessionStore, err := sessions.NewSessionStore(&opts.Session, &opts.Cookie)
                          if err != nil {
                              return nil, fmt.Errorf("error initialising session store: %v", err)
                          }
                      Severity: Major
                      Found in oauthproxy.go - About 1 hr to fix

                        Function registerFlags has a Cognitive Complexity of 25 (exceeds 20 allowed). Consider refactoring.
                        Open

                        func registerFlags(v *viper.Viper, prefix string, flagSet *pflag.FlagSet, options interface{}) error {
                            val := reflect.ValueOf(options)
                            var typ reflect.Type
                            if val.Kind() == reflect.Ptr {
                                typ = val.Elem().Type()
                        Severity: Minor
                        Found in pkg/apis/options/load.go - About 1 hr to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Function newClaimInjector has a Cognitive Complexity of 24 (exceeds 20 allowed). Consider refactoring.
                        Open

                        func newClaimInjector(name string, source *options.ClaimSource) (valueInjector, error) {
                            switch {
                            case source.BasicAuthPassword != nil:
                                password, err := util.GetSecretValue(source.BasicAuthPassword)
                                if err != nil {
                        Severity: Minor
                        Found in pkg/header/injector.go - About 55 mins to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Method BitbucketProvider.GetEmailAddress has a Cognitive Complexity of 24 (exceeds 20 allowed). Consider refactoring.
                        Open

                        func (p *BitbucketProvider) GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error) {
                        
                            var emails struct {
                                Values []struct {
                                    Email   string `json:"email"`
                        Severity: Minor
                        Found in providers/bitbucket.go - About 55 mins to fix

                        Cognitive Complexity

                        Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                        A method's cognitive complexity is based on a few simple rules:

                        • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                        • Code is considered more complex for each "break in the linear flow of the code"
                        • Code is considered more complex when "flow breaking structures are nested"

                        Further reading

                        Method OAuthProxy.OAuthCallback has 9 return statements (exceeds 4 allowed).
                        Open

                        func (p *OAuthProxy) OAuthCallback(rw http.ResponseWriter, req *http.Request) {
                            remoteAddr := ip.GetClientString(p.realClientIPParser, req, true)
                        
                            // finish the oauth cycle
                            err := req.ParseForm()
                        Severity: Major
                        Found in oauthproxy.go - About 55 mins to fix

                          Similar blocks of code found in 2 locations. Consider refactoring.
                          Open

                          type Writer interface {
                              WriteSignInPage(rw http.ResponseWriter, req *http.Request, redirectURL string, statusCode int)
                              WriteErrorPage(rw http.ResponseWriter, opts ErrorPageOpts)
                              ProxyErrorHandler(rw http.ResponseWriter, req *http.Request, proxyErr error)
                              WriteRobotsTxt(rw http.ResponseWriter, req *http.Request)
                          Severity: Minor
                          Found in pkg/app/pagewriter/pagewriter.go and 1 other location - About 55 mins to fix
                          pkg/app/pagewriter/pagewriter.go on lines 110..115

                          Duplicated Code

                          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                          Tuning

                          This issue has a mass of 123.

                          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                          Refactorings

                          Further Reading

                          Similar blocks of code found in 2 locations. Consider refactoring.
                          Open

                          type WriterFuncs struct {
                              SignInPageFunc func(rw http.ResponseWriter, req *http.Request, redirectURL string, statusCode int)
                              ErrorPageFunc  func(rw http.ResponseWriter, opts ErrorPageOpts)
                              ProxyErrorFunc func(rw http.ResponseWriter, req *http.Request, proxyErr error)
                              RobotsTxtfunc  func(rw http.ResponseWriter, req *http.Request)
                          Severity: Minor
                          Found in pkg/app/pagewriter/pagewriter.go and 1 other location - About 55 mins to fix
                          pkg/app/pagewriter/pagewriter.go on lines 12..17

                          Duplicated Code

                          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                          Tuning

                          This issue has a mass of 123.

                          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                          Refactorings

                          Further Reading

                          Similar blocks of code found in 2 locations. Consider refactoring.
                          Open

                          func (p *OIDCProvider) RefreshSession(ctx context.Context, s *sessions.SessionState) (bool, error) {
                              if s == nil || s.RefreshToken == "" {
                                  return false, nil
                              }
                          
                          
                          Severity: Minor
                          Found in providers/oidc.go and 1 other location - About 50 mins to fix
                          providers/azure.go on lines 304..315

                          Duplicated Code

                          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                          Tuning

                          This issue has a mass of 121.

                          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                          Refactorings

                          Further Reading

                          Similar blocks of code found in 2 locations. Consider refactoring.
                          Open

                          func (p *AzureProvider) RefreshSession(ctx context.Context, s *sessions.SessionState) (bool, error) {
                              if s == nil || s.RefreshToken == "" {
                                  return false, nil
                              }
                          
                          
                          Severity: Minor
                          Found in providers/azure.go and 1 other location - About 50 mins to fix
                          providers/oidc.go on lines 125..136

                          Duplicated Code

                          Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

                          Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

                          When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

                          Tuning

                          This issue has a mass of 121.

                          We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

                          The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

                          If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

                          See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

                          Refactorings

                          Further Reading

                          Method storedSessionLoader.refreshSessionIfNeeded has 8 return statements (exceeds 4 allowed).
                          Open

                          func (s *storedSessionLoader) refreshSessionIfNeeded(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) error {
                              if !needsRefresh(s.refreshPeriod, session) {
                                  // Refresh is disabled or the session is not old enough, do nothing
                                  return nil
                              }
                          Severity: Major
                          Found in pkg/middleware/stored_session.go - About 50 mins to fix
                            Severity
                            Category
                            Status
                            Source
                            Language