diff options
author | Filippo Valsorda <filippo@golang.org> | 2018-07-02 17:50:42 -0400 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2018-07-02 22:36:31 +0000 |
commit | 0bad1bef406e987b7b749efc3bb7ab5d08b36a1c (patch) | |
tree | 34b9f97d1683622d58605928e4d75fb4df711ae5 /src/cmd/go/internal/get/vcs.go | |
parent | 3959ce667657defe1c99984adde93ca496953765 (diff) | |
parent | 7df09b4a03f9e53334672674ba7983d5e7128646 (diff) | |
download | go-dev.boringcrypto.go1.9.tar.gz go-dev.boringcrypto.go1.9.zip |
[dev.boringcrypto.go1.9] all: merge go1.9.7 into dev.boringcrypto.go1.9dev.boringcrypto.go1.9
Change-Id: I1f9769a0c2c7c090886afa31c86c403da29d2013
Diffstat (limited to 'src/cmd/go/internal/get/vcs.go')
-rw-r--r-- | src/cmd/go/internal/get/vcs.go | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/src/cmd/go/internal/get/vcs.go b/src/cmd/go/internal/get/vcs.go index 86d2e32efb..dcc7047211 100644 --- a/src/cmd/go/internal/get/vcs.go +++ b/src/cmd/go/internal/get/vcs.go @@ -767,8 +767,8 @@ func repoRootForImportDynamic(importPath string, security web.SecurityMode) (*re } } - if !strings.Contains(mmi.RepoRoot, "://") { - return nil, fmt.Errorf("%s: invalid repo root %q; no scheme", urlStr, mmi.RepoRoot) + if err := validateRepoRootScheme(mmi.RepoRoot); err != nil { + return nil, fmt.Errorf("%s: invalid repo root %q: %v", urlStr, mmi.RepoRoot, err) } rr := &repoRoot{ vcs: vcsByCmd(mmi.VCS), @@ -782,6 +782,36 @@ func repoRootForImportDynamic(importPath string, security web.SecurityMode) (*re return rr, nil } +// validateRepoRootScheme returns an error if repoRoot does not seem +// to have a valid URL scheme. At this point we permit things that +// aren't valid URLs, although later, if not using -insecure, we will +// restrict repoRoots to be valid URLs. This is only because we've +// historically permitted them, and people may depend on that. +func validateRepoRootScheme(repoRoot string) error { + end := strings.Index(repoRoot, "://") + if end <= 0 { + return errors.New("no scheme") + } + + // RFC 3986 section 3.1. + for i := 0; i < end; i++ { + c := repoRoot[i] + switch { + case 'a' <= c && c <= 'z' || 'A' <= c && c <= 'Z': + // OK. + case '0' <= c && c <= '9' || c == '+' || c == '-' || c == '.': + // OK except at start. + if i == 0 { + return errors.New("invalid scheme") + } + default: + return errors.New("invalid scheme") + } + } + + return nil +} + var fetchGroup singleflight.Group var ( fetchCacheMu sync.Mutex |