fix: Snyk security recommendations (Golang). Fixes #8288

Signed-off-by: Alex Collins <alex_collins@intuit.com>
argoproj · Apr 1, 2022 · 996655f · 996655f
1 parent 221d998
commit 996655f
Showing 1 changed file with 0 additions and 8 deletions.
diff --git a/server/auth/sso/sso.go b/server/auth/sso/sso.go
@@ -243,7 +243,6 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
 	http.SetCookie(w, &http.Cookie{Name: state, MaxAge: 0})
 	if err != nil {
 		w.WriteHeader(400)
-		_, _ = w.Write([]byte(fmt.Sprintf("invalid state: %v", err)))
 		return
 	}
 	redirectOption := oauth2.SetAuthURLParam("redirect_uri", s.getRedirectUrl(r))
@@ -252,25 +251,21 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
 	oauth2Token, err := s.config.Exchange(oauth2Context, r.URL.Query().Get("code"), redirectOption)
 	if err != nil {
 		w.WriteHeader(401)
-		_, _ = w.Write([]byte(fmt.Sprintf("failed to exchange token: %v", err)))
 		return
 	}
 	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
 	if !ok {
 		w.WriteHeader(401)
-		_, _ = w.Write([]byte("failed to get id_token"))
 		return
 	}
 	idToken, err := s.idTokenVerifier.Verify(ctx, rawIDToken)
 	if err != nil {
 		w.WriteHeader(401)
-		_, _ = w.Write([]byte(fmt.Sprintf("failed to verify token: %v", err)))
 		return
 	}
 	c := &types.Claims{}
 	if err := idToken.Claims(c); err != nil {
 		w.WriteHeader(401)
-		_, _ = w.Write([]byte(fmt.Sprintf("failed to get claims: %v", err)))
 		return
 	}
 
@@ -281,7 +276,6 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
 		groups, err = c.GetCustomGroup(s.customClaimName)
 		if err != nil {
 			w.WriteHeader(401)
-			_, _ = w.Write([]byte(fmt.Sprintf("failed to get custom claim: %v", err)))
 			return
 		}
 	}
@@ -292,7 +286,6 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
 		groups, err = c.GetUserInfoGroups(oauth2Token.AccessToken, s.issuer, s.userInfoPath)
 		if err != nil {
 			w.WriteHeader(401)
-			_, _ = w.Write([]byte(fmt.Sprintf("failed to get groups claim: %v", err)))
 			return
 		}
 	}
@@ -314,7 +307,6 @@ func (s *sso) HandleCallback(w http.ResponseWriter, r *http.Request) {
 	raw, err := jwt.Encrypted(s.encrypter).Claims(argoClaims).CompactSerialize()
 	if err != nil {
 		w.WriteHeader(401)
-		_, _ = w.Write([]byte(fmt.Sprintf("failed to encode claims: %v", err)))
 		return
 	}
 	value := Prefix + raw