mirror of
https://github.com/golang/go
synced 2024-10-04 15:09:59 +00:00
all: avoid awkward wording from CL 236857
CL 236857 removed all uses of whitelist/blacklist, which is great. But it substituted awkward phrasing using allowlist/blocklist, especially as verbs or participles. This CL uses more standard English, like "allow the function" or "blocked functions" instead of "allowlist the function" or "blocklisted functions". Change-Id: I9106a2fdbd62751c4cbda3a77181358a8a6d0f13 Reviewed-on: https://go-review.googlesource.com/c/go/+/236917 Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
This commit is contained in:
parent
bddf75d888
commit
2cd2ff6f56
|
@ -267,7 +267,7 @@ and the <a href="/cmd/test2json/">test2json documentation</a>.
|
|||
|
||||
<p>
|
||||
Options specified by cgo using <code>#cgo CFLAGS</code> and the like
|
||||
are now checked against an allowlist of permitted options.
|
||||
are now checked against a list of permitted options.
|
||||
This closes a security hole in which a downloaded package uses
|
||||
compiler options like
|
||||
<span style="white-space: nowrap"><code>-fplugin</code></span>
|
||||
|
|
|
@ -96,7 +96,7 @@ func TestFormats(t *testing.T) {
|
|||
}
|
||||
|
||||
importPath := filepath.Join("cmd/compile", path)
|
||||
if blocklistedPackages[filepath.ToSlash(importPath)] {
|
||||
if ignoredPackages[filepath.ToSlash(importPath)] {
|
||||
return filepath.SkipDir
|
||||
}
|
||||
|
||||
|
@ -344,8 +344,7 @@ func collectPkgFormats(t *testing.T, pkg *build.Package) {
|
|||
for index, file := range files {
|
||||
ast.Inspect(file, func(n ast.Node) bool {
|
||||
if call, ok := n.(*ast.CallExpr); ok {
|
||||
// ignore blocklisted functions
|
||||
if blocklistedFunctions[nodeString(call.Fun)] {
|
||||
if ignoredFunctions[nodeString(call.Fun)] {
|
||||
return true
|
||||
}
|
||||
// look for an arguments that might be a format string
|
||||
|
@ -354,7 +353,7 @@ func collectPkgFormats(t *testing.T, pkg *build.Package) {
|
|||
// make sure we have enough arguments
|
||||
n := numFormatArgs(s)
|
||||
if i+1+n > len(call.Args) {
|
||||
t.Errorf("%s: not enough format args (blocklist %s?)", posString(call), nodeString(call.Fun))
|
||||
t.Errorf("%s: not enough format args (ignore %s?)", posString(call), nodeString(call.Fun))
|
||||
break // ignore this call
|
||||
}
|
||||
// assume last n arguments are to be formatted;
|
||||
|
@ -549,14 +548,14 @@ func formatReplace(in string, f func(i int, s string) string) string {
|
|||
return string(append(buf, in[i0:]...))
|
||||
}
|
||||
|
||||
// blocklistedPackages is the set of packages which can
|
||||
// ignoredPackages is the set of packages which can
|
||||
// be ignored.
|
||||
var blocklistedPackages = map[string]bool{}
|
||||
var ignoredPackages = map[string]bool{}
|
||||
|
||||
// blocklistedFunctions is the set of functions which may have
|
||||
// ignoredFunctions is the set of functions which may have
|
||||
// format-like arguments but which don't do any formatting and
|
||||
// thus may be ignored.
|
||||
var blocklistedFunctions = map[string]bool{}
|
||||
var ignoredFunctions = map[string]bool{}
|
||||
|
||||
func init() {
|
||||
// verify that knownFormats entries are correctly formatted
|
||||
|
|
|
@ -168,7 +168,7 @@ func gcBackendConcurrency(gcflags []string) int {
|
|||
CheckFlags:
|
||||
for _, flag := range gcflags {
|
||||
// Concurrent compilation is presumed incompatible with any gcflags,
|
||||
// except for a small allowlist of commonly used flags.
|
||||
// except for known commonly used flags.
|
||||
// If the user knows better, they can manually add their own -c to the gcflags.
|
||||
switch flag {
|
||||
case "-N", "-l", "-S", "-B", "-C", "-I":
|
||||
|
|
|
@ -634,15 +634,15 @@ func (l *Loader) checkdup(name string, r *oReader, li int, dup Sym) {
|
|||
}
|
||||
fmt.Fprintf(os.Stderr, "cmd/link: while reading object for '%v': duplicate symbol '%s', previous def at '%v', with mismatched payload: %s\n", r.unit.Lib, name, rdup.unit.Lib, reason)
|
||||
|
||||
// For the moment, allowlist DWARF subprogram DIEs for
|
||||
// For the moment, allow DWARF subprogram DIEs for
|
||||
// auto-generated wrapper functions. What seems to happen
|
||||
// here is that we get different line numbers on formal
|
||||
// params; I am guessing that the pos is being inherited
|
||||
// from the spot where the wrapper is needed.
|
||||
allowlist := strings.HasPrefix(name, "go.info.go.interface") ||
|
||||
allowed := strings.HasPrefix(name, "go.info.go.interface") ||
|
||||
strings.HasPrefix(name, "go.info.go.builtin") ||
|
||||
strings.HasPrefix(name, "go.debuglines")
|
||||
if !allowlist {
|
||||
if !allowed {
|
||||
l.strictDupMsgs++
|
||||
}
|
||||
}
|
||||
|
|
|
@ -411,16 +411,16 @@ overwrite:
|
|||
}
|
||||
fmt.Fprintf(os.Stderr, "cmd/link: while reading object for '%v': duplicate symbol '%s', previous def at '%v', with mismatched payload: %s\n", r.lib, dup, dup.Unit.Lib, reason)
|
||||
|
||||
// For the moment, allowlist DWARF subprogram DIEs for
|
||||
// For the moment, allow DWARF subprogram DIEs for
|
||||
// auto-generated wrapper functions. What seems to happen
|
||||
// here is that we get different line numbers on formal
|
||||
// params; I am guessing that the pos is being inherited
|
||||
// from the spot where the wrapper is needed.
|
||||
allowlist := (strings.HasPrefix(dup.Name, "go.info.go.interface") ||
|
||||
allowed := (strings.HasPrefix(dup.Name, "go.info.go.interface") ||
|
||||
strings.HasPrefix(dup.Name, "go.info.go.builtin") ||
|
||||
strings.HasPrefix(dup.Name, "go.isstmt.go.builtin") ||
|
||||
strings.HasPrefix(dup.Name, "go.debuglines"))
|
||||
if !allowlist {
|
||||
if !allowed {
|
||||
r.strictDupMsgs++
|
||||
}
|
||||
}
|
||||
|
|
|
@ -240,8 +240,7 @@ func htmlNameFilter(args ...interface{}) string {
|
|||
}
|
||||
s = strings.ToLower(s)
|
||||
if t := attrType(s); t != contentTypePlain {
|
||||
// TODO: Split attr and element name part filters so we can allowlist
|
||||
// attributes.
|
||||
// TODO: Split attr and element name part filters so we can recognize known attributes.
|
||||
return filterFailsafe
|
||||
}
|
||||
for _, r := range s {
|
||||
|
|
|
@ -503,7 +503,7 @@ func valueOrDefault(value, def string) string {
|
|||
|
||||
// NOTE: This is not intended to reflect the actual Go version being used.
|
||||
// It was changed at the time of Go 1.1 release because the former User-Agent
|
||||
// had ended up on a blocklist for some intrusion detection systems.
|
||||
// had ended up blocked by some intrusion detection systems.
|
||||
// See https://codereview.appspot.com/7532043.
|
||||
const defaultUserAgent = "Go-http-client/1.1"
|
||||
|
||||
|
|
|
@ -1698,9 +1698,9 @@ func (c *conn) closeWriteAndWait() {
|
|||
time.Sleep(rstAvoidanceDelay)
|
||||
}
|
||||
|
||||
// validNextProto reports whether the proto is not a blocklisted ALPN
|
||||
// protocol name. Empty and built-in protocol types are blocklisted
|
||||
// and can't be overridden with alternate implementations.
|
||||
// validNextProto reports whether the proto is a valid ALPN protocol name.
|
||||
// Everything is valid except the empty string and built-in protocol types,
|
||||
// so that those can't be overridden with alternate implementations.
|
||||
func validNextProto(proto string) bool {
|
||||
switch proto {
|
||||
case "", "http/1.1", "http/1.0":
|
||||
|
|
|
@ -18,12 +18,12 @@ var _cgo_sigaction unsafe.Pointer
|
|||
//go:nosplit
|
||||
//go:nowritebarrierrec
|
||||
func sigaction(sig uint32, new, old *sigactiont) {
|
||||
// The runtime package is explicitly blocklisted from sanitizer
|
||||
// instrumentation in racewalk.go, but we might be calling into instrumented C
|
||||
// functions here — so we need the pointer parameters to be properly marked.
|
||||
// racewalk.go avoids adding sanitizing instrumentation to package runtime,
|
||||
// but we might be calling into instrumented C functions here,
|
||||
// so we need the pointer parameters to be properly marked.
|
||||
//
|
||||
// Mark the input as having been written before the call and the output as
|
||||
// read after.
|
||||
// Mark the input as having been written before the call
|
||||
// and the output as read after.
|
||||
if msanenabled && new != nil {
|
||||
msanwrite(unsafe.Pointer(new), unsafe.Sizeof(*new))
|
||||
}
|
||||
|
|
|
@ -61,7 +61,7 @@ func debugCallCheck(pc uintptr) string {
|
|||
"debugCall16384",
|
||||
"debugCall32768",
|
||||
"debugCall65536":
|
||||
// These functions are allowlisted so that the debugger can initiate multiple function calls.
|
||||
// These functions are allowed so that the debugger can initiate multiple function calls.
|
||||
// See: https://golang.org/cl/161137/
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue