diff options
Diffstat (limited to 'vendor/github.com/labstack')
-rw-r--r-- | vendor/github.com/labstack/echo/v4/CHANGELOG.md | 14 | ||||
-rw-r--r-- | vendor/github.com/labstack/echo/v4/README.md | 5 | ||||
-rw-r--r-- | vendor/github.com/labstack/echo/v4/context.go | 2 | ||||
-rw-r--r-- | vendor/github.com/labstack/echo/v4/middleware/cors.go | 88 | ||||
-rw-r--r-- | vendor/github.com/labstack/gommon/bytes/bytes.go | 173 | ||||
-rw-r--r-- | vendor/github.com/labstack/gommon/log/log.go | 6 |
6 files changed, 229 insertions, 59 deletions
diff --git a/vendor/github.com/labstack/echo/v4/CHANGELOG.md b/vendor/github.com/labstack/echo/v4/CHANGELOG.md index e8f42200..8b71fb8e 100644 --- a/vendor/github.com/labstack/echo/v4/CHANGELOG.md +++ b/vendor/github.com/labstack/echo/v4/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +## v4.9.1 - 2022-10-12 + +**Fixes** + +* Fix logger panicing (when template is set to empty) by bumping dependency version [#2295](https://github.com/labstack/echo/issues/2295) + +**Enhancements** + +* Improve CORS documentation [#2272](https://github.com/labstack/echo/pull/2272) +* Update readme about supported Go versions [#2291](https://github.com/labstack/echo/pull/2291) +* Tests: improve error handling on closing body [#2254](https://github.com/labstack/echo/pull/2254) +* Tests: refactor some of the assertions in tests [#2275](https://github.com/labstack/echo/pull/2275) +* Tests: refactor assertions [#2301](https://github.com/labstack/echo/pull/2301) + ## v4.9.0 - 2022-09-04 **Security** diff --git a/vendor/github.com/labstack/echo/v4/README.md b/vendor/github.com/labstack/echo/v4/README.md index 17e6ed93..509b9735 100644 --- a/vendor/github.com/labstack/echo/v4/README.md +++ b/vendor/github.com/labstack/echo/v4/README.md @@ -11,12 +11,11 @@ ## Supported Go versions +Latest version of Echo supports last four Go major [releases](https://go.dev/doc/devel/release) and might work with older versions. + As of version 4.0.0, Echo is available as a [Go module](https://github.com/golang/go/wiki/Modules). Therefore a Go version capable of understanding /vN suffixed imports is required: -- 1.9.7+ -- 1.10.3+ -- 1.14+ Any of these versions will allow you to import Echo as `github.com/labstack/echo/v4` which is the recommended way of using Echo going forward. diff --git a/vendor/github.com/labstack/echo/v4/context.go b/vendor/github.com/labstack/echo/v4/context.go index a4ecfadf..5567100b 100644 --- a/vendor/github.com/labstack/echo/v4/context.go +++ b/vendor/github.com/labstack/echo/v4/context.go @@ -181,7 +181,7 @@ type ( // Logger returns the `Logger` instance. Logger() Logger - // Set the logger + // SetLogger Set the logger SetLogger(l Logger) // Echo returns the `Echo` instance. diff --git a/vendor/github.com/labstack/echo/v4/middleware/cors.go b/vendor/github.com/labstack/echo/v4/middleware/cors.go index 16259512..25cf983a 100644 --- a/vendor/github.com/labstack/echo/v4/middleware/cors.go +++ b/vendor/github.com/labstack/echo/v4/middleware/cors.go @@ -15,46 +15,85 @@ type ( // Skipper defines a function to skip middleware. Skipper Skipper - // AllowOrigin defines a list of origins that may access the resource. + // AllowOrigins determines the value of the Access-Control-Allow-Origin + // response header. This header defines a list of origins that may access the + // resource. The wildcard characters '*' and '?' are supported and are + // converted to regex fragments '.*' and '.' accordingly. + // + // Security: use extreme caution when handling the origin, and carefully + // validate any logic. Remember that attackers may register hostile domain names. + // See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + // // Optional. Default value []string{"*"}. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin AllowOrigins []string `yaml:"allow_origins"` // AllowOriginFunc is a custom function to validate the origin. It takes the // origin as an argument and returns true if allowed or false otherwise. If // an error is returned, it is returned by the handler. If this option is // set, AllowOrigins is ignored. + // + // Security: use extreme caution when handling the origin, and carefully + // validate any logic. Remember that attackers may register hostile domain names. + // See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + // // Optional. AllowOriginFunc func(origin string) (bool, error) `yaml:"allow_origin_func"` - // AllowMethods defines a list methods allowed when accessing the resource. - // This is used in response to a preflight request. + // AllowMethods determines the value of the Access-Control-Allow-Methods + // response header. This header specified the list of methods allowed when + // accessing the resource. This is used in response to a preflight request. + // // Optional. Default value DefaultCORSConfig.AllowMethods. - // If `allowMethods` is left empty will fill for preflight request `Access-Control-Allow-Methods` header value + // If `allowMethods` is left empty, this middleware will fill for preflight + // request `Access-Control-Allow-Methods` header value // from `Allow` header that echo.Router set into context. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods AllowMethods []string `yaml:"allow_methods"` - // AllowHeaders defines a list of request headers that can be used when - // making the actual request. This is in response to a preflight request. + // AllowHeaders determines the value of the Access-Control-Allow-Headers + // response header. This header is used in response to a preflight request to + // indicate which HTTP headers can be used when making the actual request. + // // Optional. Default value []string{}. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers AllowHeaders []string `yaml:"allow_headers"` - // AllowCredentials indicates whether or not the response to the request - // can be exposed when the credentials flag is true. When used as part of - // a response to a preflight request, this indicates whether or not the - // actual request can be made using credentials. - // Optional. Default value false. + // AllowCredentials determines the value of the + // Access-Control-Allow-Credentials response header. This header indicates + // whether or not the response to the request can be exposed when the + // credentials mode (Request.credentials) is true. When used as part of a + // response to a preflight request, this indicates whether or not the actual + // request can be made using credentials. See also + // [MDN: Access-Control-Allow-Credentials]. + // + // Optional. Default value false, in which case the header is not set. + // // Security: avoid using `AllowCredentials = true` with `AllowOrigins = *`. - // See http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + // See "Exploiting CORS misconfigurations for Bitcoins and bounties", + // https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials AllowCredentials bool `yaml:"allow_credentials"` - // ExposeHeaders defines a whitelist headers that clients are allowed to - // access. - // Optional. Default value []string{}. + // ExposeHeaders determines the value of Access-Control-Expose-Headers, which + // defines a list of headers that clients are allowed to access. + // + // Optional. Default value []string{}, in which case the header is not set. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Header ExposeHeaders []string `yaml:"expose_headers"` - // MaxAge indicates how long (in seconds) the results of a preflight request - // can be cached. - // Optional. Default value 0. + // MaxAge determines the value of the Access-Control-Max-Age response header. + // This header indicates how long (in seconds) the results of a preflight + // request can be cached. + // + // Optional. Default value 0. The header is set only if MaxAge > 0. + // + // See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age MaxAge int `yaml:"max_age"` } ) @@ -69,13 +108,22 @@ var ( ) // CORS returns a Cross-Origin Resource Sharing (CORS) middleware. -// See: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS +// See also [MDN: Cross-Origin Resource Sharing (CORS)]. +// +// Security: Poorly configured CORS can compromise security because it allows +// relaxation of the browser's Same-Origin policy. See [Exploiting CORS +// misconfigurations for Bitcoins and bounties] and [Portswigger: Cross-origin +// resource sharing (CORS)] for more details. +// +// [MDN: Cross-Origin Resource Sharing (CORS)]: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS +// [Exploiting CORS misconfigurations for Bitcoins and bounties]: https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html +// [Portswigger: Cross-origin resource sharing (CORS)]: https://portswigger.net/web-security/cors func CORS() echo.MiddlewareFunc { return CORSWithConfig(DefaultCORSConfig) } // CORSWithConfig returns a CORS middleware with config. -// See: `CORS()`. +// See: [CORS]. func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc { // Defaults if config.Skipper == nil { diff --git a/vendor/github.com/labstack/gommon/bytes/bytes.go b/vendor/github.com/labstack/gommon/bytes/bytes.go index 2f6bcec6..b07e31cd 100644 --- a/vendor/github.com/labstack/gommon/bytes/bytes.go +++ b/vendor/github.com/labstack/gommon/bytes/bytes.go @@ -12,19 +12,31 @@ type ( Bytes struct{} ) +// binary units (IEC 60027) const ( _ = 1.0 << (10 * iota) // ignore first value by assigning to blank identifier - KB - MB - GB - TB - PB - EB + KiB + MiB + GiB + TiB + PiB + EiB +) + +// decimal units (SI international system of units) +const ( + KB = 1000 + MB = KB * 1000 + GB = MB * 1000 + TB = GB * 1000 + PB = TB * 1000 + EB = PB * 1000 ) var ( - pattern = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]B?|B?)$`) - global = New() + patternBinary = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]iB?)$`) + patternDecimal = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]B?|B?)$`) + global = New() ) // New creates a Bytes instance. @@ -32,44 +44,97 @@ func New() *Bytes { return &Bytes{} } -// Format formats bytes integer to human readable string. +// Format formats bytes integer to human readable string according to IEC 60027. +// For example, 31323 bytes will return 30.59KB. +func (b *Bytes) Format(value int64) string { + return b.FormatBinary(value) +} + +// FormatBinary formats bytes integer to human readable string according to IEC 60027. // For example, 31323 bytes will return 30.59KB. -func (*Bytes) Format(b int64) string { +func (*Bytes) FormatBinary(value int64) string { + multiple := "" + val := float64(value) + + switch { + case value >= EiB: + val /= EiB + multiple = "EiB" + case value >= PiB: + val /= PiB + multiple = "PiB" + case value >= TiB: + val /= TiB + multiple = "TiB" + case value >= GiB: + val /= GiB + multiple = "GiB" + case value >= MiB: + val /= MiB + multiple = "MiB" + case value >= KiB: + val /= KiB + multiple = "KiB" + case value == 0: + return "0" + default: + return strconv.FormatInt(value, 10) + "B" + } + + return fmt.Sprintf("%.2f%s", val, multiple) +} + +// FormatDecimal formats bytes integer to human readable string according to SI international system of units. +// For example, 31323 bytes will return 31.32KB. +func (*Bytes) FormatDecimal(value int64) string { multiple := "" - value := float64(b) + val := float64(value) switch { - case b >= EB: - value /= EB + case value >= EB: + val /= EB multiple = "EB" - case b >= PB: - value /= PB + case value >= PB: + val /= PB multiple = "PB" - case b >= TB: - value /= TB + case value >= TB: + val /= TB multiple = "TB" - case b >= GB: - value /= GB + case value >= GB: + val /= GB multiple = "GB" - case b >= MB: - value /= MB + case value >= MB: + val /= MB multiple = "MB" - case b >= KB: - value /= KB + case value >= KB: + val /= KB multiple = "KB" - case b == 0: + case value == 0: return "0" default: - return strconv.FormatInt(b, 10) + "B" + return strconv.FormatInt(value, 10) + "B" } - return fmt.Sprintf("%.2f%s", value, multiple) + return fmt.Sprintf("%.2f%s", val, multiple) } // Parse parses human readable bytes string to bytes integer. -// For example, 6GB (6G is also valid) will return 6442450944. -func (*Bytes) Parse(value string) (i int64, err error) { - parts := pattern.FindStringSubmatch(value) +// For example, 6GiB (6Gi is also valid) will return 6442450944, and +// 6GB (6G is also valid) will return 6000000000. +func (b *Bytes) Parse(value string) (int64, error) { + + i, err := b.ParseBinary(value) + if err == nil { + return i, err + } + + return b.ParseDecimal(value) +} + +// ParseBinary parses human readable bytes string to bytes integer. +// For example, 6GiB (6Gi is also valid) will return 6442450944. +func (*Bytes) ParseBinary(value string) (i int64, err error) { + parts := patternBinary.FindStringSubmatch(value) if len(parts) < 3 { return 0, fmt.Errorf("error parsing value=%s", value) } @@ -81,8 +146,38 @@ func (*Bytes) Parse(value string) (i int64, err error) { } switch multiple { + case "KI", "KIB": + return int64(bytes * KiB), nil + case "MI", "MIB": + return int64(bytes * MiB), nil + case "GI", "GIB": + return int64(bytes * GiB), nil + case "TI", "TIB": + return int64(bytes * TiB), nil + case "PI", "PIB": + return int64(bytes * PiB), nil + case "EI", "EIB": + return int64(bytes * EiB), nil default: return int64(bytes), nil + } +} + +// ParseDecimal parses human readable bytes string to bytes integer. +// For example, 6GB (6G is also valid) will return 6000000000. +func (*Bytes) ParseDecimal(value string) (i int64, err error) { + parts := patternDecimal.FindStringSubmatch(value) + if len(parts) < 3 { + return 0, fmt.Errorf("error parsing value=%s", value) + } + bytesString := parts[1] + multiple := strings.ToUpper(parts[2]) + bytes, err := strconv.ParseFloat(bytesString, 64) + if err != nil { + return + } + + switch multiple { case "K", "KB": return int64(bytes * KB), nil case "M", "MB": @@ -95,15 +190,27 @@ func (*Bytes) Parse(value string) (i int64, err error) { return int64(bytes * PB), nil case "E", "EB": return int64(bytes * EB), nil + default: + return int64(bytes), nil } } // Format wraps global Bytes's Format function. -func Format(b int64) string { - return global.Format(b) +func Format(value int64) string { + return global.Format(value) +} + +// FormatBinary wraps global Bytes's FormatBinary function. +func FormatBinary(value int64) string { + return global.FormatBinary(value) +} + +// FormatDecimal wraps global Bytes's FormatDecimal function. +func FormatDecimal(value int64) string { + return global.FormatDecimal(value) } // Parse wraps global Bytes's Parse function. -func Parse(val string) (int64, error) { - return global.Parse(val) +func Parse(value string) (int64, error) { + return global.Parse(value) } diff --git a/vendor/github.com/labstack/gommon/log/log.go b/vendor/github.com/labstack/gommon/log/log.go index 06fa37e0..25f719aa 100644 --- a/vendor/github.com/labstack/gommon/log/log.go +++ b/vendor/github.com/labstack/gommon/log/log.go @@ -391,7 +391,7 @@ func (l *Logger) log(level Lvl, format string, args ...interface{}) { if err == nil { s := buf.String() i := buf.Len() - 1 - if s[i] == '}' { + if i >= 0 && s[i] == '}' { // JSON header buf.Truncate(i) buf.WriteByte(',') @@ -404,7 +404,9 @@ func (l *Logger) log(level Lvl, format string, args ...interface{}) { } } else { // Text header - buf.WriteByte(' ') + if len(s) > 0 { + buf.WriteByte(' ') + } buf.WriteString(message) } buf.WriteByte('\n') |