summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org')
-rw-r--r--vendor/golang.org/x/mod/module/module.go76
-rw-r--r--vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go3
-rw-r--r--vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go4
3 files changed, 59 insertions, 24 deletions
diff --git a/vendor/golang.org/x/mod/module/module.go b/vendor/golang.org/x/mod/module/module.go
index c1c5263c42..0e03014837 100644
--- a/vendor/golang.org/x/mod/module/module.go
+++ b/vendor/golang.org/x/mod/module/module.go
@@ -224,12 +224,16 @@ func firstPathOK(r rune) bool {
'a' <= r && r <= 'z'
}
-// pathOK reports whether r can appear in an import path element.
+// modPathOK reports whether r can appear in a module path element.
// Paths can be ASCII letters, ASCII digits, and limited ASCII punctuation: - . _ and ~.
-// This matches what "go get" has historically recognized in import paths.
+//
+// This matches what "go get" has historically recognized in import paths,
+// and avoids confusing sequences like '%20' or '+' that would change meaning
+// if used in a URL.
+//
// TODO(rsc): We would like to allow Unicode letters, but that requires additional
// care in the safe encoding (see "escaped paths" above).
-func pathOK(r rune) bool {
+func modPathOK(r rune) bool {
if r < utf8.RuneSelf {
return r == '-' || r == '.' || r == '_' || r == '~' ||
'0' <= r && r <= '9' ||
@@ -239,6 +243,17 @@ func pathOK(r rune) bool {
return false
}
+// modPathOK reports whether r can appear in a package import path element.
+//
+// Import paths are intermediate between module paths and file paths: we allow
+// disallow characters that would be confusing or ambiguous as arguments to
+// 'go get' (such as '@' and ' ' ), but allow certain characters that are
+// otherwise-unambiguous on the command line and historically used for some
+// binary names (such as '++' as a suffix for compiler binaries and wrappers).
+func importPathOK(r rune) bool {
+ return modPathOK(r) || r == '+'
+}
+
// fileNameOK reports whether r can appear in a file name.
// For now we allow all Unicode letters but otherwise limit to pathOK plus a few more punctuation characters.
// If we expand the set of allowed characters here, we have to
@@ -270,7 +285,7 @@ func fileNameOK(r rune) bool {
// CheckPath checks that a module path is valid.
// A valid module path is a valid import path, as checked by CheckImportPath,
-// with two additional constraints.
+// with three additional constraints.
// First, the leading path element (up to the first slash, if any),
// by convention a domain name, must contain only lower-case ASCII letters,
// ASCII digits, dots (U+002E), and dashes (U+002D);
@@ -280,8 +295,9 @@ func fileNameOK(r rune) bool {
// and must not contain any dots. For paths beginning with "gopkg.in/",
// this second requirement is replaced by a requirement that the path
// follow the gopkg.in server's conventions.
+// Third, no path element may begin with a dot.
func CheckPath(path string) error {
- if err := checkPath(path, false); err != nil {
+ if err := checkPath(path, modulePath); err != nil {
return fmt.Errorf("malformed module path %q: %v", path, err)
}
i := strings.Index(path, "/")
@@ -315,7 +331,7 @@ func CheckPath(path string) error {
//
// A valid path element is a non-empty string made up of
// ASCII letters, ASCII digits, and limited ASCII punctuation: - . _ and ~.
-// It must not begin or end with a dot (U+002E), nor contain two dots in a row.
+// It must not end with a dot (U+002E), nor contain two dots in a row.
//
// The element prefix up to the first dot must not be a reserved file name
// on Windows, regardless of case (CON, com1, NuL, and so on). The element
@@ -326,19 +342,29 @@ func CheckPath(path string) error {
// top-level package documentation for additional information about
// subtleties of Unicode.
func CheckImportPath(path string) error {
- if err := checkPath(path, false); err != nil {
+ if err := checkPath(path, importPath); err != nil {
return fmt.Errorf("malformed import path %q: %v", path, err)
}
return nil
}
+// pathKind indicates what kind of path we're checking. Module paths,
+// import paths, and file paths have different restrictions.
+type pathKind int
+
+const (
+ modulePath pathKind = iota
+ importPath
+ filePath
+)
+
// checkPath checks that a general path is valid.
// It returns an error describing why but not mentioning path.
// Because these checks apply to both module paths and import paths,
// the caller is expected to add the "malformed ___ path %q: " prefix.
// fileName indicates whether the final element of the path is a file name
// (as opposed to a directory name).
-func checkPath(path string, fileName bool) error {
+func checkPath(path string, kind pathKind) error {
if !utf8.ValidString(path) {
return fmt.Errorf("invalid UTF-8")
}
@@ -357,39 +383,45 @@ func checkPath(path string, fileName bool) error {
elemStart := 0
for i, r := range path {
if r == '/' {
- if err := checkElem(path[elemStart:i], fileName); err != nil {
+ if err := checkElem(path[elemStart:i], kind); err != nil {
return err
}
elemStart = i + 1
}
}
- if err := checkElem(path[elemStart:], fileName); err != nil {
+ if err := checkElem(path[elemStart:], kind); err != nil {
return err
}
return nil
}
// checkElem checks whether an individual path element is valid.
-// fileName indicates whether the element is a file name (not a directory name).
-func checkElem(elem string, fileName bool) error {
+func checkElem(elem string, kind pathKind) error {
if elem == "" {
return fmt.Errorf("empty path element")
}
if strings.Count(elem, ".") == len(elem) {
return fmt.Errorf("invalid path element %q", elem)
}
- if elem[0] == '.' && !fileName {
+ if elem[0] == '.' && kind == modulePath {
return fmt.Errorf("leading dot in path element")
}
if elem[len(elem)-1] == '.' {
return fmt.Errorf("trailing dot in path element")
}
- charOK := pathOK
- if fileName {
- charOK = fileNameOK
- }
for _, r := range elem {
- if !charOK(r) {
+ ok := false
+ switch kind {
+ case modulePath:
+ ok = modPathOK(r)
+ case importPath:
+ ok = importPathOK(r)
+ case filePath:
+ ok = fileNameOK(r)
+ default:
+ panic(fmt.Sprintf("internal error: invalid kind %v", kind))
+ }
+ if !ok {
return fmt.Errorf("invalid char %q", r)
}
}
@@ -406,7 +438,7 @@ func checkElem(elem string, fileName bool) error {
}
}
- if fileName {
+ if kind == filePath {
// don't check for Windows short-names in file names. They're
// only an issue for import paths.
return nil
@@ -444,7 +476,7 @@ func checkElem(elem string, fileName bool) error {
// top-level package documentation for additional information about
// subtleties of Unicode.
func CheckFilePath(path string) error {
- if err := checkPath(path, true); err != nil {
+ if err := checkPath(path, filePath); err != nil {
return fmt.Errorf("malformed file path %q: %v", path, err)
}
return nil
@@ -647,7 +679,7 @@ func EscapePath(path string) (escaped string, err error) {
// Versions are allowed to be in non-semver form but must be valid file names
// and not contain exclamation marks.
func EscapeVersion(v string) (escaped string, err error) {
- if err := checkElem(v, true); err != nil || strings.Contains(v, "!") {
+ if err := checkElem(v, filePath); err != nil || strings.Contains(v, "!") {
return "", &InvalidVersionError{
Version: v,
Err: fmt.Errorf("disallowed version string"),
@@ -706,7 +738,7 @@ func UnescapeVersion(escaped string) (v string, err error) {
if !ok {
return "", fmt.Errorf("invalid escaped version %q", escaped)
}
- if err := checkElem(v, true); err != nil {
+ if err := checkElem(v, filePath); err != nil {
return "", fmt.Errorf("invalid escaped version %q: %v", v, err)
}
return v, nil
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
index 2f078f73a5..fbcefb474e 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/aws.go
@@ -5,6 +5,7 @@
package externalaccount
import (
+ "bytes"
"context"
"crypto/hmac"
"crypto/sha256"
@@ -127,7 +128,7 @@ func canonicalHeaders(req *http.Request) (string, string) {
}
sort.Strings(headers)
- var fullHeaders strings.Builder
+ var fullHeaders bytes.Buffer
for _, header := range headers {
headerValue := strings.Join(lowerCaseHeaders[header], ",")
fullHeaders.WriteString(header)
diff --git a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
index 1b87c09f85..1a6e93cec7 100644
--- a/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
+++ b/vendor/golang.org/x/oauth2/google/internal/externalaccount/basecredentials.go
@@ -14,7 +14,9 @@ import (
)
// now aliases time.Now for testing
-var now = time.Now
+var now = func() time.Time {
+ return time.Now().UTC()
+}
// Config stores the configuration for fetching tokens with external credentials.
type Config struct {
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-20 15:55:20 +0000