Home / oauth2-proxy / oauth2-proxy
Repository Analysis

oauth2-proxy/oauth2-proxy

A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.

0.7 Likely human-written View on GitHub
0.7
Adjusted Score
0.7
Raw Score
100%
Time Factor
2026-05-23
Last Push
14,463
Stars
Go
Language
102,988
Lines of Code
737
Files
64
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 4LOW 60

Pattern Findings

64 matches across 4 categories. Click a row to expand file-level details.

Over-Commented Block40 hits · 40 pts
SeverityFileLineSnippet
LOWtestdata/openredirects.txt21/%5cgoogle.com
LOWtestdata/openredirects.txt41//%5cwww.whitelisteddomain.tld@google.com
LOWtestdata/openredirects.txt61////%5cexample.com
LOWtestdata/openredirects.txt81////example.com@google.com/%2e%2e%2f
LOWtestdata/openredirects.txt101////www.whitelisteddomain.tld@google.com/%2f..
LOWtestdata/openredirects.txt121///example.com//
LOWtestdata/openredirects.txt141///localdomain.pw//
LOWtestdata/openredirects.txt161//;@google.com
LOWtestdata/openredirects.txt181//google%00.com
LOWtestdata/openredirects.txt201//https://example.com@google.com//
LOWtestdata/openredirects.txt221//localdomain.pw:80#@www.whitelisteddomain.tld/
LOWcontrib/local-environment/docker-compose.yaml1# This docker-compose file can be used to bring up an example instance of oauth2-proxy
LOWcontrib/local-environment/docker-compose-keycloak.yaml1# This docker-compose file can be used to bring up an example instance of oauth2-proxy
LOWcontrib/local-environment/docker-compose-gitea.yaml1# This docker-compose file can be used to bring up an example instance of oauth2-proxy
LOWcontrib/local-environment/docker-compose-traefik.yaml1# This docker-compose file can be used to bring up an example instance of oauth2-proxy
LOWcontrib/local-environment/docker-compose-nginx.yaml1# This docker-compose file can be used to bring up an example instance of oauth2-proxy
LOW…rib/local-environment/docker-compose-alpha-config.yaml1# This docker-compose file can be used to bring up an example instance of oauth2-proxy
LOWpkg/middleware/stored_session.go21 // TODO: This should probably be configurable by the end user.
LOWpkg/apis/options/alpha_options.go1package options
LOWpkg/apis/options/alpha_options.go21 InjectRequestHeaders []Header `yaml:"injectRequestHeaders,omitempty"`
LOWpkg/apis/options/header.go21 // This option only applies to injected request headers.
LOWpkg/apis/options/server.go1package options
LOWpkg/apis/options/server.go41
LOWpkg/apis/options/upstreams.go61 ID string `yaml:"id,omitempty"`
LOWpkg/apis/options/upstreams.go81 RewriteTarget string `yaml:"rewriteTarget,omitempty"`
LOWpkg/apis/options/upstreams.go101 // Static will make all requests to this upstream have a static response.
LOWpkg/apis/options/app.go1package options
LOWpkg/apis/options/providers.go41 // for GoogleOptions.UseOrganizationID
LOWpkg/apis/options/providers.go81 // ADFSConfig holds all configurations for ADFS provider.
LOWpkg/apis/options/providers.go101 // must be set from the supported providers group,
LOWpkg/apis/options/providers.go281 AdminAPIUserScope string `yaml:"adminAPIUserScope,omitempty"`
LOWpkg/apis/options/providers.go301 // default set to 'false'
LOWpkg/apis/options/login_url_parameters.go1package options
LOWpkg/apis/options/login_url_parameters.go21// default:
LOWpkg/apis/options/login_url_parameters.go41// default: ["login"]
LOWpkg/apis/options/login_url_parameters.go61// as backslash is not considered to be an escape character. Alternatively
LOWpkg/apis/options/login_url_parameters.go81 // Allow specifies rules about how the default (if any) may be
LOWpkg/apis/sessions/interfaces.go21// Lock is an interface for controlling session locks
LOWpkg/app/redirect/director.go41}
LOWpkg/sessions/persistence/ticket.go21// saveFunc performs a persistent store's save functionality using
Fake / Example Data20 hits · 20 pts
SeverityFileLineSnippet
LOWoauthproxy_test.go1858 "name": "John Doe",
LOWoauthproxy_test.go2111 Email: "user@example.com",
LOWmain_test.go29google_admin_email="admin@example.com"
LOWmain_test.go172 AdminEmail: "admin@example.com",
LOWproviders/digitalocean_test.go95 b := testDigitalOceanBackend(`{"account": {"email": "user@example.com"}}`)
LOWproviders/digitalocean_test.go104 assert.Equal(t, "user@example.com", email)
LOWproviders/gitlab_test.go43 "email": "foo@bar.com",
LOWproviders/gitlab_test.go217 expectedValue: "foo@bar.com",
LOWcontrib/local-environment/dex.yaml29 - email: "admin@example.com"
LOWcontrib/local-environment/kubernetes/values.yaml35 - email: "admin@example.com"
LOW…b/local-environment/keycloak/oauth2-proxy-users-0.json7 "username": "admin@example.com",
LOW…b/local-environment/keycloak/oauth2-proxy-users-0.json8 "email": "admin@example.com",
LOWpkg/middleware/jwt_session_test.go39 "name": "John Doe",
LOWpkg/apis/sessions/session_state_test.go321 Email: "user@example.com",
LOWpkg/apis/sessions/session_state_test.go341 {"email", []string{"user@example.com"}},
LOWpkg/header/injector_test.go403 Email: "user@example.com",
LOWpkg/header/injector_test.go409 "X-Auth-Request-Email": []string{"user@example.com"},
LOWpkg/validation/options_test.go61 o.Providers[0].GoogleConfig.AdminEmail = "admin@example.com"
LOWpkg/validation/options_test.go84 o.Providers[0].GoogleConfig.AdminEmail = "admin@example.com"
LOWpkg/validation/options_test.go94 o.Providers[0].GoogleConfig.AdminEmail = "admin@example.com"
Self-Referential Comments2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMcontrib/local-environment/docker-compose-nginx.yaml6# This file is an extension of the main compose file and must be used with it
MEDIUM…rib/local-environment/docker-compose-alpha-config.yaml7# This file is an extension of the main compose file and must be used with it
AI Slop Vocabulary2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMpkg/apis/options/providers.go92 // or providers utilize OIDC configurations.
MEDIUMpkg/logger/logger.go404// These functions utilize the standard logger.