ory / fosite

85%

master: 71%

LAST BUILD ON BRANCH fix-cs

branch: fix-cs

CHANGE BRANCH

x

Reset

• fix-cs
• add-acr
• add-basic-ss
• add-jwt-auth
• add-licenses
• add-pkce
• aud
• aud-2
• banner
• close-144
• close-194
• closes-150
• closes-180
• closes-1801
• compose-expose
• contributing
• contributing-01-20-20-10-13-24
• contributing-01-20-20-10-24-59
• contributing-02-02-20-22-55-43
• contributing-03-18-20-19-08-24
• contributing-04-04-20-12-02-41
• contributing-04-04-20-15-45-22
• contributing-04-05-20-09-45-31
• contributing-04-12-20-10-41-32
• contributing-04-13-20-09-21-56
• contributing-04-16-20-19-31-31
• contributing-05-12-20-10-00-36
• contributing-05-15-19-12-38-49
• contributing-05-15-19-13-05-24
• contributing-05-23-19-11-57-12
• contributing-05-23-19-12-07-08
• contributing-05-23-19-12-10-52
• contributing-07-23-19-11-28-47
• contributing-07-23-19-11-35-28
• contributing-08-05-19-18-31-41
• contributing-08-10-19-00-48-22
• contributing-08-10-19-00-52-57
• contributing-08-11-19-13-19-43
• contributing-08-19-19-19-01-07
• contributing-10-15-18-20-32-24
• contributing-10-15-18-20-34-07
• contributing-10-15-18-20-36-17
• contributing-10-17-18-14-50-41
• cryptopasta
• fix-181
• fix-182
• fix-188
• fix-194
• fix-209
• fix-214
• fix-225
• fix-386
• fix-aud
• fix-auth-time
• fix-clone
• fix-code
• fix-codes
• fix-err
• fix-error
• fix-error-response-type
• fix-errors
• fix-hybrid
• fix-id-token-hint-expired
• fix-id-token-issues
• fix-idt-exp
• fix-introspect
• fix-introspection
• fix-jwt-extra
• fix-logrus
• fix-nonce
• fix-offline
• fix-pkce
• fix-public-none
• fix-refresh
• fix-response-type
• fix-scope-docs
• fix-scope-strategy
• fix-scopes
• fix-storage
• fix-tests
• fix-timing-maxage
• fix-uq-aud
• fix-ut
• improve-debug
• improve-error
• improve-oidc
• improve-oidc-checks
• improve-oidc-conformity
• improve-oidc-verify
• improve-prompt-age
• improve-tokenauthmessage
• introspect-token-type
• key-rotation
• master
• next-release
• oidc-conformity
• pkce
• re-export-converter
• redir-up
• redirect-secure-modify
• refresh-exp
• regression-150
• remove-details
• remove-jose
• revoke-tokens-2nd
• revoke-tokens-2nd-2
• rfc-errors
• rotate-hmac-key
• timing
• to-dep
• utc-everywhere
• v0.10.0
• v0.11.0
• v0.11.1
• v0.11.2
• v0.11.3
• v0.11.4
• v0.12.0
• v0.13.0
• v0.13.1
• v0.14.0
• v0.14.1
• v0.14.2
• v0.15.0
• v0.15.1
• v0.15.2
• v0.15.3
• v0.15.4
• v0.15.5
• v0.15.6
• v0.16.0
• v0.16.1
• v0.16.2
• v0.16.3
• v0.16.4
• v0.16.5
• v0.17.0
• v0.17.1
• v0.17.2
• v0.18.0
• v0.18.1
• v0.19.0
• v0.19.1
• v0.19.2
• v0.19.3
• v0.19.4
• v0.19.5
• v0.19.6
• v0.19.7
• v0.19.8
• v0.20.0
• v0.20.1
• v0.20.2
• v0.20.3
• v0.21.0
• v0.21.1
• v0.21.2
• v0.21.3
• v0.21.4
• v0.22.0
• v0.23.0
• v0.24.0
• v0.25.0
• v0.25.1
• v0.26.0
• v0.26.1
• v0.27.0
• v0.27.1
• v0.27.2
• v0.27.3
• v0.27.4
• v0.28.0
• v0.28.1
• v0.29.0
• v0.29.1
• v0.29.2
• v0.29.3
• v0.29.4
• v0.29.5
• v0.29.6
• v0.29.7
• v0.29.8
• v0.30.0
• v0.30.1
• v0.30.2
• v0.30.3
• v0.30.4
• v0.30.5
• v0.30.6
• v0.31.0
• v0.31.1
• v0.31.2
• v0.31.3
• v0.32.0
• v0.32.1
• v0.32.2
• v0.6.17
• v0.6.18
• v0.6.19
• v0.7.0
• v0.8.0
• v0.9.0
• v0.9.1
• v0.9.2
• v0.9.3
• v0.9.4
• v0.9.5
• v0.9.6
• v0.9.7
• write-debug

Build # 993

Build Type

push

travis-ci

Committed by arekkas

Commit Message

core: Sanitizes request body before sending it to the storage adapter

This release resolves a security issue (reported by [platform.sh](https://www.platform.sh)) related to potential storage implementations. This library used to pass
all of the request body from both authorize and token endpoints to the storage adapters. As some of these values
are needed in consecutive requests, some storage adapters chose to drop the full body to the database. This in turn caused,
with the addition of enabling POST-body based client authentication, the client secret to be leaked.

The issue has been resolved by sanitizing the request body and only including those values truly required by their
respective handlers. This lead to two breaking changes in the API:

1. The `fosite.Requester` interface has a new method `Sanitize(allowedParameters []string) Requester` which returns
a sanitized clone of the method receiver. If you do not use your own `fosite.Requester` implementation, this won't affect you.
2. If you use the PKCE handler, you will have to add three new methods to your storage implementation. The methods
to be added work exactly like, for example `CreateAuthorizeCodeSession`. The method signatures are as follows:
```go
type PKCERequestStorage interface {
	GetPKCERequestSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)
	CreatePKCERequestSession(ctx context.Context, signature string, requester fosite.Requester) error
	DeletePKCERequestSession(ctx context.Context, signature string) error
}
```

We encourage you to upgrade to this release and check your storage implementations and potentially remove old data.

We would like to thank [platform.sh](https://www.platform.sh) for sponsoring the development of a patch that resolves this
issue.

Run Details

2244 of 2626 relevant lines covered (85.45%)

139.86 hits per line