-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy patherrors.go
More file actions
80 lines (66 loc) · 2.18 KB
/
Copy patherrors.go
File metadata and controls
80 lines (66 loc) · 2.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package safehttp
import (
"errors"
"net/netip"
"net/url"
"strings"
)
var (
ErrBlocked = errors.New("safehttp: blocked request")
ErrInvalidURL = errors.New("safehttp: invalid url")
ErrBlockedScheme = errors.New("safehttp: blocked scheme")
ErrBlockedHost = errors.New("safehttp: blocked host")
ErrBlockedOrigin = errors.New("safehttp: blocked origin")
ErrBlockedPort = errors.New("safehttp: blocked port")
ErrBlockedMethod = errors.New("safehttp: blocked method")
ErrBlockedAddress = errors.New("safehttp: blocked address")
ErrBlockedNetwork = errors.New("safehttp: blocked network")
ErrBlockedRedirect = errors.New("safehttp: blocked redirect")
ErrBlockedCredentials = errors.New("safehttp: blocked credentials")
ErrBlockedHostHeader = errors.New("safehttp: blocked host header")
ErrBlockedTransport = errors.New("safehttp: blocked transport")
)
// BlockError describes a request, redirect, address, or response blocked by safehttp.
type BlockError struct {
// Reason is a short human-readable explanation of the decision.
Reason string
// URL is redacted before storage. It never includes URL credentials,
// query strings, or fragments.
URL string
// Scheme, Host, Port, Method, and Addr identify the checked input when they
// are known. Some errors only have one or two of these fields populated.
Scheme string
Host string
Port uint16
Method string
Addr netip.AddrPort
// Rule is diagnostic detail for the matched policy rule, such as a denied
// prefix, "private", "loopback", or a blocked network name. Use errors.Is
// with the ErrBlocked* sentinels for stable control flow.
Rule string
err error
}
func (e *BlockError) Error() string {
if e.Reason != "" {
return "safehttp: " + e.Reason
}
return ErrBlocked.Error()
}
func (e *BlockError) Unwrap() error {
return e.err
}
func (e *BlockError) Is(target error) bool {
return target == ErrBlocked
}
func newURLBlockError(kind error, reason string, u *url.URL) *BlockError {
err := &BlockError{
Reason: reason,
URL: redactURL(u),
err: kind,
}
if u != nil {
err.Scheme = strings.ToLower(u.Scheme)
err.Host = u.Hostname()
}
return err
}