SEBA-902 single-olt tests;
Pin protoc-gen-go to 1.3.2 to resolve compatibility issue;
Run go mod tidy / go mod vendor on importer;
Add Go Module support to demotest
Change-Id: Ifde824fc9a6317b0adc1e12bea54ee1f9b788906
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go
index 8ad3e55..93ff1db 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/TGSExchange.go
@@ -60,7 +60,7 @@
return tgsReq, tgsRep, err
}
}
- tgsReq, err = messages.NewTGSReq(cl.Credentials.CName(), kdcRealm, cl.Config, tgt, sessionKey, tgsReq.ReqBody.SName, tgsReq.Renewal)
+ tgsReq, err = messages.NewTGSReq(cl.Credentials.CName(), realm, cl.Config, tgsRep.Ticket, tgsRep.DecryptedEncPart.Key, tgsReq.ReqBody.SName, tgsReq.Renewal)
if err != nil {
return tgsReq, tgsRep, err
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go
index 6e4c83c..cc93174 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/client.go
@@ -188,6 +188,18 @@
return nil
}
+// AffirmLogin will only perform an AS exchange with the KDC if the client does not already have a TGT.
+func (cl *Client) AffirmLogin() error {
+ _, endTime, _, _, err := cl.sessionTimes(cl.Credentials.Domain())
+ if err != nil || time.Now().UTC().After(endTime) {
+ err := cl.Login()
+ if err != nil {
+ return fmt.Errorf("could not get valid TGT for client's realm: %v", err)
+ }
+ }
+ return nil
+}
+
// realmLogin obtains or renews a TGT and establishes a session for the realm specified.
func (cl *Client) realmLogin(realm string) error {
if realm == cl.Credentials.Domain() {
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go
index 19d25e6..493fb2f 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/network.go
@@ -69,49 +69,47 @@
}
// dialKDCTCP establishes a UDP connection to a KDC.
-func dialKDCUDP(count int, kdcs map[int]string) (conn *net.UDPConn, err error) {
+func dialKDCUDP(count int, kdcs map[int]string) (*net.UDPConn, error) {
i := 1
for i <= count {
- udpAddr, e := net.ResolveUDPAddr("udp", kdcs[i])
- if e != nil {
- err = fmt.Errorf("error resolving KDC address: %v", e)
- return
+ udpAddr, err := net.ResolveUDPAddr("udp", kdcs[i])
+ if err != nil {
+ return nil, fmt.Errorf("error resolving KDC address: %v", err)
}
- conn, err = net.DialUDP("udp", nil, udpAddr)
+
+ conn, err := net.DialTimeout("udp", udpAddr.String(), 5*time.Second)
if err == nil {
- err = conn.SetDeadline(time.Now().Add(5 * time.Second))
- if err != nil {
- return
+ if err := conn.SetDeadline(time.Now().Add(5 * time.Second)); err != nil {
+ return nil, err
}
- return
+ // conn is guaranteed to be a UDPConn
+ return conn.(*net.UDPConn), nil
}
i++
}
- err = errors.New("error in getting a UDP connection to any of the KDCs")
- return
+ return nil, errors.New("error in getting a UDP connection to any of the KDCs")
}
// dialKDCTCP establishes a TCP connection to a KDC.
-func dialKDCTCP(count int, kdcs map[int]string) (conn *net.TCPConn, err error) {
+func dialKDCTCP(count int, kdcs map[int]string) (*net.TCPConn, error) {
i := 1
for i <= count {
- tcpAddr, e := net.ResolveTCPAddr("tcp", kdcs[i])
- if e != nil {
- err = fmt.Errorf("error resolving KDC address: %v", e)
- return
+ tcpAddr, err := net.ResolveTCPAddr("tcp", kdcs[i])
+ if err != nil {
+ return nil, fmt.Errorf("error resolving KDC address: %v", err)
}
- conn, err = net.DialTCP("tcp", nil, tcpAddr)
+
+ conn, err := net.DialTimeout("tcp", tcpAddr.String(), 5*time.Second)
if err == nil {
- err = conn.SetDeadline(time.Now().Add(5 * time.Second))
- if err != nil {
- return
+ if err := conn.SetDeadline(time.Now().Add(5 * time.Second)); err != nil {
+ return nil, err
}
- return
+ // conn is guaranteed to be a TCPConn
+ return conn.(*net.TCPConn), nil
}
i++
}
- err = errors.New("error in getting a TCP connection to any of the KDCs")
- return
+ return nil, errors.New("error in getting a TCP connection to any of the KDCs")
}
// sendKDCUDP sends bytes to the KDC via UDP.
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go
index e6d4180..da838ed 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/passwd.go
@@ -44,7 +44,7 @@
return false, err
}
if r.ResultCode != KRB5_KPASSWD_SUCCESS {
- return false, fmt.Errorf("error response from kdamin: %s", r.Result)
+ return false, fmt.Errorf("error response from kadmin: code: %d; result: %s; krberror: %v", r.ResultCode, r.Result, r.KRBError)
}
cl.Credentials.WithPassword(newPasswd)
return true, nil
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go
index 516c823..12c04c4 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/client/settings.go
@@ -38,7 +38,7 @@
// s := NewSettings(AssumePreAuthentication(true))
func AssumePreAuthentication(b bool) func(*Settings) {
return func(s *Settings) {
- s.disablePAFXFast = b
+ s.assumePreAuthentication = b
}
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go
index a58c234..a67989f 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/hosts.go
@@ -18,37 +18,41 @@
kdcs := make(map[int]string)
var count int
- // Use DNS to resolve kerberos SRV records if configured to do so in krb5.conf.
- if c.LibDefaults.DNSLookupKDC {
- proto := "udp"
- if tcp {
- proto = "tcp"
+ // Get the KDCs from the krb5.conf.
+ var ks []string
+ for _, r := range c.Realms {
+ if r.Realm != realm {
+ continue
}
- c, addrs, err := dnsutils.OrderedSRV("kerberos", proto, realm)
- if err != nil {
- return count, kdcs, err
- }
- if len(addrs) < 1 {
- return count, kdcs, fmt.Errorf("no KDC SRV records found for realm %s", realm)
- }
- count = c
- for k, v := range addrs {
- kdcs[k] = strings.TrimRight(v.Target, ".") + ":" + strconv.Itoa(int(v.Port))
- }
- } else {
- // Get the KDCs from the krb5.conf an order them randomly for preference.
- var ks []string
- for _, r := range c.Realms {
- if r.Realm == realm {
- ks = r.KDC
- break
- }
- }
- count = len(ks)
- if count < 1 {
- return count, kdcs, fmt.Errorf("no KDCs defined in configuration for realm %s", realm)
- }
+ ks = r.KDC
+ }
+ count = len(ks)
+
+ if count > 0 {
+ // Order the kdcs randomly for preference.
kdcs = randServOrder(ks)
+ return count, kdcs, nil
+ }
+
+ if !c.LibDefaults.DNSLookupKDC {
+ return count, kdcs, fmt.Errorf("no KDCs defined in configuration for realm %s", realm)
+ }
+
+ // Use DNS to resolve kerberos SRV records.
+ proto := "udp"
+ if tcp {
+ proto = "tcp"
+ }
+ index, addrs, err := dnsutils.OrderedSRV("kerberos", proto, realm)
+ if err != nil {
+ return count, kdcs, err
+ }
+ if len(addrs) < 1 {
+ return count, kdcs, fmt.Errorf("no KDC SRV records found for realm %s", realm)
+ }
+ count = index
+ for k, v := range addrs {
+ kdcs[k] = strings.TrimRight(v.Target, ".") + ":" + strconv.Itoa(int(v.Port))
}
return count, kdcs, nil
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go
index dbc61c3..8efe92d 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/config/krb5conf.go
@@ -119,6 +119,10 @@
// Parse the lines of the [libdefaults] section of the configuration into the LibDefaults struct.
func (l *LibDefaults) parseLines(lines []string) error {
for _, line := range lines {
+ //Remove comments after the values
+ if idx := strings.IndexAny(line, "#;"); idx != -1 {
+ line = line[:idx]
+ }
line = strings.TrimSpace(line)
if line == "" {
continue
@@ -333,6 +337,10 @@
if ignore && c > 0 && !strings.Contains(line, "{") && !strings.Contains(line, "}") {
continue
}
+ //Remove comments after the values
+ if idx := strings.IndexAny(line, "#;"); idx != -1 {
+ line = line[:idx]
+ }
line = strings.TrimSpace(line)
if line == "" {
continue
@@ -407,6 +415,10 @@
var start int
var c int
for i, l := range lines {
+ //Remove comments after the values
+ if idx := strings.IndexAny(l, "#;"); idx != -1 {
+ l = l[:idx]
+ }
l = strings.TrimSpace(l)
if l == "" {
continue
@@ -454,6 +466,10 @@
// Parse the lines of the [domain_realm] section of the configuration and add to the mapping.
func (d *DomainRealm) parseLines(lines []string) error {
for _, line := range lines {
+ //Remove comments after the values
+ if idx := strings.IndexAny(line, "#;"); idx != -1 {
+ line = line[:idx]
+ }
if strings.TrimSpace(line) == "" {
continue
}
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go
index 62acab7..beec066 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/credentials/credentials.go
@@ -288,6 +288,11 @@
return false
}
+// ValidUntil returns the credential's valid until date
+func (c *Credentials) ValidUntil() time.Time {
+ return c.validUntil
+}
+
// Attributes returns the Credentials' attributes map.
func (c *Credentials) Attributes() map[string]interface{} {
return c.attributes
diff --git a/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go b/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go
index 0c7fc38..22c0204 100644
--- a/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go
+++ b/vendor/gopkg.in/jcmturner/gokrb5.v7/keytab/keytab.go
@@ -141,6 +141,10 @@
// Unmarshal byte slice of Keytab data into Keytab type.
func (kt *Keytab) Unmarshal(b []byte) error {
+ if len(b) < 2 {
+ return fmt.Errorf("byte array is less than 2 bytes: %d", len(b))
+ }
+
//The first byte of the file always has the value 5
if b[0] != keytabFirstByte {
return errors.New("invalid keytab data. First byte does not equal 5")
@@ -165,7 +169,10 @@
*/
// n tracks position in the byte array
n := 2
- l := readInt32(b, &n, &endian)
+ l, err := readInt32(b, &n, &endian)
+ if err != nil {
+ return err
+ }
for l != 0 {
if l < 0 {
//Zero padded so skip over
@@ -173,23 +180,52 @@
n = n + int(l)
} else {
//fmt.Printf("Bytes for entry: %v\n", b[n:n+int(l)])
+ if n < 0 {
+ return fmt.Errorf("%d can't be less than zero", n)
+ }
+ if n+int(l) > len(b) {
+ return fmt.Errorf("%s's length is less than %d", b, n+int(l))
+ }
eb := b[n : n+int(l)]
n = n + int(l)
ke := newKeytabEntry()
// p keeps track as to where we are in the byte stream
var p int
+ var err error
parsePrincipal(eb, &p, kt, &ke, &endian)
- ke.Timestamp = readTimestamp(eb, &p, &endian)
- ke.KVNO8 = uint8(readInt8(eb, &p, &endian))
- ke.Key.KeyType = int32(readInt16(eb, &p, &endian))
- kl := int(readInt16(eb, &p, &endian))
- ke.Key.KeyValue = readBytes(eb, &p, kl, &endian)
+ ke.Timestamp, err = readTimestamp(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ rei8, err := readInt8(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ ke.KVNO8 = uint8(rei8)
+ rei16, err := readInt16(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ ke.Key.KeyType = int32(rei16)
+ rei16, err = readInt16(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ kl := int(rei16)
+ ke.Key.KeyValue, err = readBytes(eb, &p, kl, &endian)
+ if err != nil {
+ return err
+ }
//The 32-bit key version overrides the 8-bit key version.
// To determine if it is present, the implementation must check that at least 4 bytes remain in the record after the other fields are read,
// and that the value of the 32-bit integer contained in those bytes is non-zero.
if len(eb)-p >= 4 {
// The 32-bit key may be present
- ke.KVNO = uint32(readInt32(eb, &p, &endian))
+ ri32, err := readInt32(eb, &p, &endian)
+ if err != nil {
+ return err
+ }
+ ke.KVNO = uint32(ri32)
}
if ke.KVNO == 0 {
// Handles if the value from the last 4 bytes was zero and also if there are not the 4 bytes present. Makes sense to put the same value here as KVNO8
@@ -199,11 +235,15 @@
kt.Entries = append(kt.Entries, ke)
}
// Check if there are still 4 bytes left to read
- if n > len(b) || len(b[n:]) < 4 {
+ // Also check that n is greater than zero
+ if n < 0 || n > len(b) || len(b[n:]) < 4 {
break
}
// Read the size of the next entry
- l = readInt32(b, &n, &endian)
+ l, err = readInt32(b, &n, &endian)
+ if err != nil {
+ return err
+ }
}
return nil
}
@@ -249,20 +289,41 @@
// Parse the Keytab bytes of a principal into a Keytab entry's principal.
func parsePrincipal(b []byte, p *int, kt *Keytab, ke *entry, e *binary.ByteOrder) error {
- ke.Principal.NumComponents = readInt16(b, p, e)
+ var err error
+ ke.Principal.NumComponents, err = readInt16(b, p, e)
+ if err != nil {
+ return err
+ }
if kt.version == 1 {
//In version 1 the number of components includes the realm. Minus 1 to make consistent with version 2
ke.Principal.NumComponents--
}
- lenRealm := readInt16(b, p, e)
- ke.Principal.Realm = string(readBytes(b, p, int(lenRealm), e))
+ lenRealm, err := readInt16(b, p, e)
+ if err != nil {
+ return err
+ }
+ realmB, err := readBytes(b, p, int(lenRealm), e)
+ if err != nil {
+ return err
+ }
+ ke.Principal.Realm = string(realmB)
for i := 0; i < int(ke.Principal.NumComponents); i++ {
- l := readInt16(b, p, e)
- ke.Principal.Components = append(ke.Principal.Components, string(readBytes(b, p, int(l), e)))
+ l, err := readInt16(b, p, e)
+ if err != nil {
+ return err
+ }
+ compB, err := readBytes(b, p, int(l), e)
+ if err != nil {
+ return err
+ }
+ ke.Principal.Components = append(ke.Principal.Components, string(compB))
}
if kt.version != 1 {
//Name Type is omitted in version 1
- ke.Principal.NameType = readInt32(b, p, e)
+ ke.Principal.NameType, err = readInt32(b, p, e)
+ if err != nil {
+ return err
+ }
}
return nil
}
@@ -315,12 +376,23 @@
}
// Read bytes representing a timestamp.
-func readTimestamp(b []byte, p *int, e *binary.ByteOrder) time.Time {
- return time.Unix(int64(readInt32(b, p, e)), 0)
+func readTimestamp(b []byte, p *int, e *binary.ByteOrder) (time.Time, error) {
+ i32, err := readInt32(b, p, e)
+ if err != nil {
+ return time.Time{}, err
+ }
+ return time.Unix(int64(i32), 0), nil
}
// Read bytes representing an eight bit integer.
-func readInt8(b []byte, p *int, e *binary.ByteOrder) (i int8) {
+func readInt8(b []byte, p *int, e *binary.ByteOrder) (i int8, err error) {
+ if *p < 0 {
+ return 0, fmt.Errorf("%d cannot be less than zero", *p)
+ }
+
+ if (*p + 1) > len(b) {
+ return 0, fmt.Errorf("%s's length is less than %d", b, *p+1)
+ }
buf := bytes.NewBuffer(b[*p : *p+1])
binary.Read(buf, *e, &i)
*p++
@@ -328,7 +400,15 @@
}
// Read bytes representing a sixteen bit integer.
-func readInt16(b []byte, p *int, e *binary.ByteOrder) (i int16) {
+func readInt16(b []byte, p *int, e *binary.ByteOrder) (i int16, err error) {
+ if *p < 0 {
+ return 0, fmt.Errorf("%d cannot be less than zero", *p)
+ }
+
+ if (*p + 2) > len(b) {
+ return 0, fmt.Errorf("%s's length is less than %d", b, *p+2)
+ }
+
buf := bytes.NewBuffer(b[*p : *p+2])
binary.Read(buf, *e, &i)
*p += 2
@@ -336,19 +416,36 @@
}
// Read bytes representing a thirty two bit integer.
-func readInt32(b []byte, p *int, e *binary.ByteOrder) (i int32) {
+func readInt32(b []byte, p *int, e *binary.ByteOrder) (i int32, err error) {
+ if *p < 0 {
+ return 0, fmt.Errorf("%d cannot be less than zero", *p)
+ }
+
+ if (*p + 4) > len(b) {
+ return 0, fmt.Errorf("%s's length is less than %d", b, *p+4)
+ }
+
buf := bytes.NewBuffer(b[*p : *p+4])
binary.Read(buf, *e, &i)
*p += 4
return
}
-func readBytes(b []byte, p *int, s int, e *binary.ByteOrder) []byte {
- buf := bytes.NewBuffer(b[*p : *p+s])
+func readBytes(b []byte, p *int, s int, e *binary.ByteOrder) ([]byte, error) {
+ if s < 0 {
+ return nil, fmt.Errorf("%d cannot be less than zero", s)
+ }
+ i := *p + s
+ if i > len(b) {
+ return nil, fmt.Errorf("%s's length is greater than %d", b, i)
+ }
+ buf := bytes.NewBuffer(b[*p:i])
r := make([]byte, s)
- binary.Read(buf, *e, &r)
+ if err := binary.Read(buf, *e, &r); err != nil {
+ return nil, err
+ }
*p += s
- return r
+ return r, nil
}
func isNativeEndianLittle() bool {
diff --git a/vendor/gopkg.in/yaml.v2/.travis.yml b/vendor/gopkg.in/yaml.v2/.travis.yml
index 9f55693..055480b 100644
--- a/vendor/gopkg.in/yaml.v2/.travis.yml
+++ b/vendor/gopkg.in/yaml.v2/.travis.yml
@@ -1,12 +1,16 @@
language: go
go:
- - 1.4
- - 1.5
- - 1.6
- - 1.7
- - 1.8
- - 1.9
- - tip
+ - "1.4.x"
+ - "1.5.x"
+ - "1.6.x"
+ - "1.7.x"
+ - "1.8.x"
+ - "1.9.x"
+ - "1.10.x"
+ - "1.11.x"
+ - "1.12.x"
+ - "1.13.x"
+ - "tip"
go_import_path: gopkg.in/yaml.v2
diff --git a/vendor/gopkg.in/yaml.v2/decode.go b/vendor/gopkg.in/yaml.v2/decode.go
index 91679b5..129bc2a 100644
--- a/vendor/gopkg.in/yaml.v2/decode.go
+++ b/vendor/gopkg.in/yaml.v2/decode.go
@@ -318,12 +318,41 @@
return out, false, false
}
+const (
+ // 400,000 decode operations is ~500kb of dense object declarations, or
+ // ~5kb of dense object declarations with 10000% alias expansion
+ alias_ratio_range_low = 400000
+
+ // 4,000,000 decode operations is ~5MB of dense object declarations, or
+ // ~4.5MB of dense object declarations with 10% alias expansion
+ alias_ratio_range_high = 4000000
+
+ // alias_ratio_range is the range over which we scale allowed alias ratios
+ alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
+)
+
+func allowedAliasRatio(decodeCount int) float64 {
+ switch {
+ case decodeCount <= alias_ratio_range_low:
+ // allow 99% to come from alias expansion for small-to-medium documents
+ return 0.99
+ case decodeCount >= alias_ratio_range_high:
+ // allow 10% to come from alias expansion for very large documents
+ return 0.10
+ default:
+ // scale smoothly from 99% down to 10% over the range.
+ // this maps to 396,000 - 400,000 allowed alias-driven decodes over the range.
+ // 400,000 decode operations is ~100MB of allocations in worst-case scenarios (single-item maps).
+ return 0.99 - 0.89*(float64(decodeCount-alias_ratio_range_low)/alias_ratio_range)
+ }
+}
+
func (d *decoder) unmarshal(n *node, out reflect.Value) (good bool) {
d.decodeCount++
if d.aliasDepth > 0 {
d.aliasCount++
}
- if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > 0.99 {
+ if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > allowedAliasRatio(d.decodeCount) {
failf("document contains excessive aliasing")
}
switch n.kind {
@@ -759,8 +788,7 @@
case mappingNode:
d.unmarshal(n, out)
case aliasNode:
- an, ok := d.doc.anchors[n.value]
- if ok && an.kind != mappingNode {
+ if n.alias != nil && n.alias.kind != mappingNode {
failWantMap()
}
d.unmarshal(n, out)
@@ -769,8 +797,7 @@
for i := len(n.children) - 1; i >= 0; i-- {
ni := n.children[i]
if ni.kind == aliasNode {
- an, ok := d.doc.anchors[ni.value]
- if ok && an.kind != mappingNode {
+ if ni.alias != nil && ni.alias.kind != mappingNode {
failWantMap()
}
} else if ni.kind != mappingNode {
diff --git a/vendor/gopkg.in/yaml.v2/scannerc.go b/vendor/gopkg.in/yaml.v2/scannerc.go
index 077fd1d..0b9bb60 100644
--- a/vendor/gopkg.in/yaml.v2/scannerc.go
+++ b/vendor/gopkg.in/yaml.v2/scannerc.go
@@ -626,30 +626,17 @@
func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
// While we need more tokens to fetch, do it.
for {
- // Check if we really need to fetch more tokens.
- need_more_tokens := false
-
- if parser.tokens_head == len(parser.tokens) {
- // Queue is empty.
- need_more_tokens = true
- } else {
- // Check if any potential simple key may occupy the head position.
- if !yaml_parser_stale_simple_keys(parser) {
+ if parser.tokens_head != len(parser.tokens) {
+ // If queue is non-empty, check if any potential simple key may
+ // occupy the head position.
+ head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
+ if !ok {
+ break
+ } else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
return false
+ } else if !valid {
+ break
}
-
- for i := range parser.simple_keys {
- simple_key := &parser.simple_keys[i]
- if simple_key.possible && simple_key.token_number == parser.tokens_parsed {
- need_more_tokens = true
- break
- }
- }
- }
-
- // We are finished.
- if !need_more_tokens {
- break
}
// Fetch the next token.
if !yaml_parser_fetch_next_token(parser) {
@@ -678,11 +665,6 @@
return false
}
- // Remove obsolete potential simple keys.
- if !yaml_parser_stale_simple_keys(parser) {
- return false
- }
-
// Check the indentation level against the current column.
if !yaml_parser_unroll_indent(parser, parser.mark.column) {
return false
@@ -837,29 +819,30 @@
"found character that cannot start any token")
}
-// Check the list of potential simple keys and remove the positions that
-// cannot contain simple keys anymore.
-func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool {
- // Check for a potential simple key for each flow level.
- for i := range parser.simple_keys {
- simple_key := &parser.simple_keys[i]
-
- // The specification requires that a simple key
- //
- // - is limited to a single line,
- // - is shorter than 1024 characters.
- if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) {
-
- // Check if the potential simple key to be removed is required.
- if simple_key.required {
- return yaml_parser_set_scanner_error(parser,
- "while scanning a simple key", simple_key.mark,
- "could not find expected ':'")
- }
- simple_key.possible = false
- }
+func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
+ if !simple_key.possible {
+ return false, true
}
- return true
+
+ // The 1.2 specification says:
+ //
+ // "If the ? indicator is omitted, parsing needs to see past the
+ // implicit key to recognize it as such. To limit the amount of
+ // lookahead required, the “:” indicator must appear at most 1024
+ // Unicode characters beyond the start of the key. In addition, the key
+ // is restricted to a single line."
+ //
+ if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
+ // Check if the potential simple key to be removed is required.
+ if simple_key.required {
+ return false, yaml_parser_set_scanner_error(parser,
+ "while scanning a simple key", simple_key.mark,
+ "could not find expected ':'")
+ }
+ simple_key.possible = false
+ return false, true
+ }
+ return true, true
}
// Check if a simple key may start at the current position and add it if
@@ -879,13 +862,14 @@
possible: true,
required: required,
token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
+ mark: parser.mark,
}
- simple_key.mark = parser.mark
if !yaml_parser_remove_simple_key(parser) {
return false
}
parser.simple_keys[len(parser.simple_keys)-1] = simple_key
+ parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
}
return true
}
@@ -900,19 +884,33 @@
"while scanning a simple key", parser.simple_keys[i].mark,
"could not find expected ':'")
}
+ // Remove the key from the stack.
+ parser.simple_keys[i].possible = false
+ delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
}
- // Remove the key from the stack.
- parser.simple_keys[i].possible = false
return true
}
+// max_flow_level limits the flow_level
+const max_flow_level = 10000
+
// Increase the flow level and resize the simple key list if needed.
func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
// Reset the simple key on the next level.
- parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
+ parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
+ possible: false,
+ required: false,
+ token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
+ mark: parser.mark,
+ })
// Increase the flow level.
parser.flow_level++
+ if parser.flow_level > max_flow_level {
+ return yaml_parser_set_scanner_error(parser,
+ "while increasing flow level", parser.simple_keys[len(parser.simple_keys)-1].mark,
+ fmt.Sprintf("exceeded max depth of %d", max_flow_level))
+ }
return true
}
@@ -920,11 +918,16 @@
func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
if parser.flow_level > 0 {
parser.flow_level--
- parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1]
+ last := len(parser.simple_keys) - 1
+ delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
+ parser.simple_keys = parser.simple_keys[:last]
}
return true
}
+// max_indents limits the indents stack size
+const max_indents = 10000
+
// Push the current indentation level to the stack and set the new level
// the current column is greater than the indentation level. In this case,
// append or insert the specified token into the token queue.
@@ -939,6 +942,11 @@
// indentation level.
parser.indents = append(parser.indents, parser.indent)
parser.indent = column
+ if len(parser.indents) > max_indents {
+ return yaml_parser_set_scanner_error(parser,
+ "while increasing indent level", parser.simple_keys[len(parser.simple_keys)-1].mark,
+ fmt.Sprintf("exceeded max depth of %d", max_indents))
+ }
// Create a token and insert it into the queue.
token := yaml_token_t{
@@ -989,6 +997,8 @@
// Initialize the simple key stack.
parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
+ parser.simple_keys_by_tok = make(map[int]int)
+
// A simple key is allowed at the beginning of the stream.
parser.simple_key_allowed = true
@@ -1270,7 +1280,11 @@
simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
// Have we found a simple key?
- if simple_key.possible {
+ if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
+ return false
+
+ } else if valid {
+
// Create the KEY token and insert it into the queue.
token := yaml_token_t{
typ: yaml_KEY_TOKEN,
@@ -1288,6 +1302,7 @@
// Remove the simple key.
simple_key.possible = false
+ delete(parser.simple_keys_by_tok, simple_key.token_number)
// A simple key cannot follow another simple key.
parser.simple_key_allowed = false
diff --git a/vendor/gopkg.in/yaml.v2/yaml.go b/vendor/gopkg.in/yaml.v2/yaml.go
index de85aa4..89650e2 100644
--- a/vendor/gopkg.in/yaml.v2/yaml.go
+++ b/vendor/gopkg.in/yaml.v2/yaml.go
@@ -89,7 +89,7 @@
return unmarshal(in, out, true)
}
-// A Decorder reads and decodes YAML values from an input stream.
+// A Decoder reads and decodes YAML values from an input stream.
type Decoder struct {
strict bool
parser *parser
diff --git a/vendor/gopkg.in/yaml.v2/yamlh.go b/vendor/gopkg.in/yaml.v2/yamlh.go
index e25cee5..f6a9c8e 100644
--- a/vendor/gopkg.in/yaml.v2/yamlh.go
+++ b/vendor/gopkg.in/yaml.v2/yamlh.go
@@ -579,6 +579,7 @@
simple_key_allowed bool // May a simple key occur at the current position?
simple_keys []yaml_simple_key_t // The stack of simple keys.
+ simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number
// Parser stuff