diff --git a/src/go.mod b/src/go.mod index 7a0509ac4..393f585f5 100644 --- a/src/go.mod +++ b/src/go.mod @@ -13,7 +13,7 @@ require ( github.com/onsi/gomega v1.27.10 github.com/prometheus/client_model v0.4.0 github.com/prometheus/common v0.44.0 - github.com/valyala/fasthttp v1.48.0 + github.com/valyala/fasthttp v1.49.0 golang.org/x/net v0.14.0 google.golang.org/grpc v1.57.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/src/go.sum b/src/go.sum index b4b55494e..2f395e127 100644 --- a/src/go.sum +++ b/src/go.sum @@ -176,8 +176,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.48.0 h1:oJWvHb9BIZToTQS3MuQ2R3bJZiNSa2KiNdeI8A+79Tc= -github.com/valyala/fasthttp v1.48.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA= +github.com/valyala/fasthttp v1.49.0 h1:9FdvCpmxB74LH4dPb7IJ1cOSsluR07XG3I1txXWwJpE= +github.com/valyala/fasthttp v1.49.0/go.mod h1:k2zXd82h/7UZc3VOdJ2WaUqt1uZ/XpXAfE9i+HBC3lA= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/src/vendor/github.com/valyala/fasthttp/SECURITY.md b/src/vendor/github.com/valyala/fasthttp/SECURITY.md index 68d542043..d1ad42c14 100644 --- a/src/vendor/github.com/valyala/fasthttp/SECURITY.md +++ b/src/vendor/github.com/valyala/fasthttp/SECURITY.md @@ -7,28 +7,14 @@ For example, for now we skip CVE assignment. Please report to us any issues you find. This document explains how to do that and what to expect in return. -All security bugs in our releases should be reported by email to oss-security@highload.solutions. -This mail is delivered to a small security team. +All security bugs in our releases should be reported by email to erik@dubbelboer.com Your email will be acknowledged within 24 hours, and you'll receive a more detailed response to your email within 72 hours indicating the next steps in handling your report. -For critical problems, you can encrypt your report using our PGP key (listed below). - Please use a descriptive subject line for your report email. -After the initial reply to your report, the security team will -endeavor to keep you informed of the progress being made towards a fix and full announcement. -These updates will be sent at least every five days. -In reality, this is more likely to be every 24-48 hours. - -If you have not received a reply to your email within 48 hours or you have not heard from the security -team for the past five days please contact us by email to developers@highload.solutions or by Telegram message -to [our support](https://t.me/highload_support). -Please note that developers@highload.solutions list includes all developers, who may be outside our opensource security team. -When escalating on this list, please do not disclose the details of the issue. -Simply state that you're trying to reach a member of the security team. ### Flagging Existing Issues as Security-related -If you believe that an existing issue is security-related, we ask that you send an email to oss-security@highload.solutions. +If you believe that an existing issue is security-related, we ask that you send an email to erik@dubbelboer.com The email should include the issue ID and a short description of why it should be handled according to this security policy. ### Disclosure Process @@ -52,64 +38,4 @@ The best way to receive security announcements is to subscribe ("Watch") to our Any GitHub issues pertaining to a security issue will be prefixed with [security]. ### Comments on This Policy -If you have any suggestions to improve this policy, please send an email to oss-security@highload.solutions for discussion. - -### PGP Key for oss-security@highload.ltd - -We accept PGP-encrypted email, but the majority of the security team are not regular PGP users -so it's somewhat inconvenient. Please only use PGP for critical security reports. - -``` ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFzdjYUBEACa3YN+QVSlnXofUjxr+YrmIaF+da0IUq+TRM4aqUXALsemEdGh -yIl7Z6qOOy1d2kPe6t//H9l/92lJ1X7i6aEBK4n/pnPZkwbpy9gGpebgvTZFvcbe -mFhF6k1FM35D8TxneJSjizPyGhJPqcr5qccqf8R64TlQx5Ud1JqT2l8P1C5N7gNS -lEYXq1h4zBCvTWk1wdeLRRPx7Bn6xrgmyu/k61dLoJDvpvWNATVFDA67oTrPgzTW -xtLbbk/xm0mK4a8zMzIpNyz1WkaJW9+4HFXaL+yKlsx7iHe2O7VlGoqS0kdeQup4 -1HIw/P7yc0jBlNMLUzpuA6ElYUwESWsnCI71YY1x4rKgI+GqH1mWwgn7tteuXQtb -Zj0vEdjK3IKIOSbzbzAvSbDt8F1+o7EMtdy1eUysjKSQgFkDlT6JRmYvEup5/IoG -iknh/InQq9RmGFKii6pXWWoltC0ebfCwYOXvymyDdr/hYDqJeHS9Tenpy86Doaaf -HGf5nIFAMB2G5ctNpBwzNXR2MAWkeHQgdr5a1xmog0hS125usjnUTet3QeCyo4kd -gVouoOroMcqFFUXdYaMH4c3KWz0afhTmIaAsFFOv/eMdadVA4QyExTJf3TAoQ+kH -lKDlbOAIxEZWRPDFxMRixaVPQC+VxhBcaQ+yNoaUkM0V2m8u8sDBpzi1OQARAQAB -tDxPU1MgU2VjdXJpdHksIEhpZ2hsb2FkIExURCA8b3NzLXNlY3VyaXR5QGhpZ2hs -b2FkLnNvbHV0aW9ucz6JAlQEEwEIAD4WIQRljYp380uKq2g8TeqsQcvu+Qp2TAUC -XN2NhQIbAwUJB4YfgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCsQcvu+Qp2 -TKmED/96YoQoOjD28blFFrigvAsiNcNNZoX9I0dX1lNpD83fBJf+/9i+x4jqUnI5 -5XK/DFTDbhpw8kQBpxS9eEuIYnuo0RdLLp1ctNWTlpwfyHn92mGddl/uBdYHUuUk -cjhIQcFaCcWRY+EpamDlv1wmZ83IwBr8Hu5FS+/Msyw1TBvtTRVKW1KoGYMYoXLk -BzIglRPwn821B6s4BvK/RJnZkrmHMBZBfYMf+iSMSYd2yPmfT8wbcAjgjLfQa28U -gbt4u9xslgKjuM83IqwFfEXBnm7su3OouGWqc+62mQTsbnK65zRFnx6GXRXC1BAi -6m9Tm1PU0IiINz66ainquspkXYeHjd9hTwfR3BdFnzBTRRM01cKMFabWbLj8j0p8 -fF4g9cxEdiLrzEF7Yz4WY0mI4Cpw4eJZfsHMc07Jn7QxfJhIoq+rqBOtEmTjnxMh -aWeykoXMHlZN4K0ZrAytozVH1D4bugWA9Zuzi9U3F9hrVVABm11yyhd2iSqI6/FR -GcCFOCBW1kEJbzoEguub+BV8LDi8ldljHalvur5k/VFhoDBxniYNsKmiCLVCmDWs -/nF84hCReAOJt0vDGwqHe3E2BFFPbKwdJLRNkjxBY0c/pvaV+JxbWQmaxDZNeIFV -hFcVGp48HNY3qLWZdsQIfT9m1masJFLVuq8Wx7bYs8Et5eFnH7kCDQRc3Y2FARAA -2DJWAxABydyIdCxgFNdqnYyWS46vh2DmLmRMqgasNlD0ozG4S9bszBsgnUI2Xs06 -J76kFRh8MMHcu9I4lUKCQzfrA4uHkiOK5wvNCaWP+C6JUYNHsqPwk/ILO3gtQ/Ws -LLf/PW3rJZVOZB+WY8iaYc20l5vukTaVw4qbEi9dtLkJvVpNHt//+jayXU6s3ew1 -2X5xdwyAZxaxlnzFaY/Xo/qR+bZhVFC0T9pAECnHv9TVhFGp0JE9ipPGnro5xTIS -LttdAkzv4AuSVTIgWgTkh8nN8t7STJqfPEv0I12nmmYHMUyTYOurkfskF3jY2x6x -8l02NQ4d5KdC3ReV1j51swrGcZCwsWNp51jnEXKwo+B0NM5OmoRrNJgF2iDgLehs -hP00ljU7cB8/1/7kdHZStYaUHICFOFqHzg415FlYm+jpY0nJp/b9BAO0d0/WYnEe -Xjihw8EVBAqzEt4kay1BQonZAypeYnGBJr7vNvdiP+mnRwly5qZSGiInxGvtZZFt -zL1E3osiF+muQxFcM63BeGdJeYXy+MoczkWa4WNggfcHlGAZkMYiv28zpr4PfrK9 -mvj4Nu8s71PE9pPpBoZcNDf9v1sHuu96jDSITsPx5YMvvKZWhzJXFKzk6YgAsNH/ -MF0G+/qmKJZpCdvtHKpYM1uHX85H81CwWJFfBPthyD8AEQEAAYkCPAQYAQgAJhYh -BGWNinfzS4qraDxN6qxBy+75CnZMBQJc3Y2FAhsMBQkHhh+AAAoJEKxBy+75CnZM -Rn8P/RyL1bhU4Q4WpvmlkepCAwNA0G3QvnKcSZNHEPE5h7H3IyrA/qy16A9eOsgm -sthsHYlo5A5lRIy4wPHkFCClMrMHdKuoS72//qgw+oOrBcwb7Te+Nas+ewhaJ7N9 -vAX06vDH9bLl52CPbtats5+eBpePgP3HDPxd7CWHxq9bzJTbzqsTkN7JvoovR2dP -itPJDij7QYLYVEM1t7QxUVpVwAjDi/kCtC9ts5L+V0snF2n3bHZvu04EXdpvxOQI -pG/7Q+/WoI8NU6Bb/FA3tJGYIhSwI3SY+5XV/TAZttZaYSh2SD8vhc+eo+gW9sAN -xa+VESBQCht9+tKIwEwHs1efoRgFdbwwJ2c+33+XydQ6yjdXoX1mn2uyCr82jorZ -xTzbkY04zr7oZ+0fLpouOFg/mrSL4w2bWEhdHuyoVthLBjnRme0wXCaS3g3mYdLG -nSUkogOGOOvvvBtoq/vfx0Eu79piUtw5D8yQSrxLDuz8GxCrVRZ0tYIHb26aTE9G -cDsW/Lg5PjcY/LgVNEWOxDQDFVurlImnlVJFb3q+NrWvPbgeIEWwJDCay/z25SEH -k3bSOXLp8YGRnlkWUmoeL4g/CCK52iAAlfscZNoKMILhBnbCoD657jpa5GQKJj/U -Q8kjgr7kwV/RSosNV9HCPj30mVyiCQ1xg+ZLzMKXVCuBWd+G -=lnt2 ------END PGP PUBLIC KEY BLOCK----- -``` +If you have any suggestions to improve this policy, please send an email to erik@dubbelboer.com for discussion. diff --git a/src/vendor/github.com/valyala/fasthttp/b2s_old.go b/src/vendor/github.com/valyala/fasthttp/b2s_old.go index f1d322814..6b9f799a0 100644 --- a/src/vendor/github.com/valyala/fasthttp/b2s_old.go +++ b/src/vendor/github.com/valyala/fasthttp/b2s_old.go @@ -11,6 +11,5 @@ import "unsafe" // Note it may break if string and/or slice header will change // in the future go versions. func b2s(b []byte) string { - /* #nosec G103 */ return *(*string)(unsafe.Pointer(&b)) } diff --git a/src/vendor/github.com/valyala/fasthttp/client.go b/src/vendor/github.com/valyala/fasthttp/client.go index e47d4be15..ae005d72c 100644 --- a/src/vendor/github.com/valyala/fasthttp/client.go +++ b/src/vendor/github.com/valyala/fasthttp/client.go @@ -581,6 +581,7 @@ func (c *Client) mCleaner(m map[string]*HostClient) { c.mLock.Lock() for k, v := range m { v.connsLock.Lock() + /* #nosec G601 */ if v.connsCount == 0 && atomic.LoadInt32(&v.pendingClientRequests) == 0 { delete(m, k) } @@ -628,8 +629,10 @@ type DialFunc func(addr string) (net.Conn, error) // Request argument passed to RetryIfFunc, if there are any request errors. type RetryIfFunc func(request *Request) bool -// TransportFunc wraps every request/response. -type TransportFunc func(*Request, *Response) error +// RoundTripper wraps every request/response. +type RoundTripper interface { + RoundTrip(hc *HostClient, req *Request, resp *Response) (retry bool, err error) +} // ConnPoolStrategyType define strategy of connection pool enqueue/dequeue type ConnPoolStrategyType int @@ -791,7 +794,7 @@ type HostClient struct { RetryIf RetryIfFunc // Transport defines a transport-like mechanism that wraps every request/response. - Transport TransportFunc + Transport RoundTripper // Connection pool strategy. Can be either LIFO or FIFO (default). ConnPoolStrategy ConnPoolStrategyType @@ -944,15 +947,13 @@ func clientGetURLDeadline(dst []byte, url string, deadline time.Time, c clientDo statusCodeCopy, bodyCopy, errCopy := doRequestFollowRedirectsBuffer(req, dst, url, c) mu.Lock() - { - if !timedout { - ch <- clientURLResponse{ - statusCode: statusCodeCopy, - body: bodyCopy, - err: errCopy, - } - responded = true + if !timedout { + ch <- clientURLResponse{ + statusCode: statusCodeCopy, + body: bodyCopy, + err: errCopy, } + responded = true } mu.Unlock() @@ -967,17 +968,15 @@ func clientGetURLDeadline(dst []byte, url string, deadline time.Time, c clientDo err = resp.err case <-tc.C: mu.Lock() - { - if responded { - resp := <-ch - statusCode = resp.statusCode - body = resp.body - err = resp.err - } else { - timedout = true - err = ErrTimeout - body = dst - } + if responded { + resp := <-ch + statusCode = resp.statusCode + body = resp.body + err = resp.err + } else { + timedout = true + err = ErrTimeout + body = dst } mu.Unlock() } @@ -1347,119 +1346,15 @@ func (c *HostClient) doNonNilReqResp(req *Request, resp *Response) (bool, error) req.Header.userAgent = append(req.Header.userAgent[:], userAgent...) } } - if c.Transport != nil { - err := c.Transport(req, resp) - return err == nil, err - } - - var deadline time.Time - if req.timeout > 0 { - deadline = time.Now().Add(req.timeout) - } - - cc, err := c.acquireConn(req.timeout, req.ConnectionClose()) - if err != nil { - return false, err - } - conn := cc.c - - resp.parseNetConn(conn) - - writeDeadline := deadline - if c.WriteTimeout > 0 { - tmpWriteDeadline := time.Now().Add(c.WriteTimeout) - if writeDeadline.IsZero() || tmpWriteDeadline.Before(writeDeadline) { - writeDeadline = tmpWriteDeadline - } - } - if err = conn.SetWriteDeadline(writeDeadline); err != nil { - c.closeConn(cc) - return true, err - } - - resetConnection := false - if c.MaxConnDuration > 0 && time.Since(cc.createdTime) > c.MaxConnDuration && !req.ConnectionClose() { - req.SetConnectionClose() - resetConnection = true - } - - bw := c.acquireWriter(conn) - err = req.Write(bw) - - if resetConnection { - req.Header.ResetConnectionClose() - } - - if err == nil { - err = bw.Flush() - } - c.releaseWriter(bw) - - // Return ErrTimeout on any timeout. - if x, ok := err.(interface{ Timeout() bool }); ok && x.Timeout() { - err = ErrTimeout - } - - isConnRST := isConnectionReset(err) - if err != nil && !isConnRST { - c.closeConn(cc) - return true, err - } - - readDeadline := deadline - if c.ReadTimeout > 0 { - tmpReadDeadline := time.Now().Add(c.ReadTimeout) - if readDeadline.IsZero() || tmpReadDeadline.Before(readDeadline) { - readDeadline = tmpReadDeadline - } - } - - if err = conn.SetReadDeadline(readDeadline); err != nil { - c.closeConn(cc) - return true, err - } - - if customSkipBody || req.Header.IsHead() { - resp.SkipBody = true - } - if c.DisableHeaderNamesNormalizing { - resp.Header.DisableNormalizing() - } - - br := c.acquireReader(conn) - err = resp.ReadLimitBody(br, c.MaxResponseBodySize) - c.releaseReader(br) - if err != nil { - c.closeConn(cc) - // Don't retry in case of ErrBodyTooLarge since we will just get the same again. - retry := err != ErrBodyTooLarge - return retry, err - } + return c.transport().RoundTrip(c, req, resp) +} - closeConn := resetConnection || req.ConnectionClose() || resp.ConnectionClose() || isConnRST - if customStreamBody && resp.bodyStream != nil { - rbs := resp.bodyStream - resp.bodyStream = newCloseReader(rbs, func() error { - if r, ok := rbs.(*requestStream); ok { - releaseRequestStream(r) - } - if closeConn { - c.closeConn(cc) - } else { - c.releaseConn(cc) - } - return nil - }) - return false, nil +func (c *HostClient) transport() RoundTripper { + if c.Transport == nil { + return DefaultTransport } - - if closeConn { - c.closeConn(cc) - } else { - c.releaseConn(cc) - } - return false, nil + return c.Transport } var ( @@ -2913,3 +2808,121 @@ func (c *pipelineConnClient) PendingRequests() int { } var errPipelineConnStopped = errors.New("pipeline connection has been stopped") + +var DefaultTransport RoundTripper = &transport{} + +type transport struct{} + +func (t *transport) RoundTrip(hc *HostClient, req *Request, resp *Response) (retry bool, err error) { + customSkipBody := resp.SkipBody + customStreamBody := resp.StreamBody + + var deadline time.Time + if req.timeout > 0 { + deadline = time.Now().Add(req.timeout) + } + + cc, err := hc.acquireConn(req.timeout, req.ConnectionClose()) + if err != nil { + return false, err + } + conn := cc.c + + resp.parseNetConn(conn) + + writeDeadline := deadline + if hc.WriteTimeout > 0 { + tmpWriteDeadline := time.Now().Add(hc.WriteTimeout) + if writeDeadline.IsZero() || tmpWriteDeadline.Before(writeDeadline) { + writeDeadline = tmpWriteDeadline + } + } + + if err = conn.SetWriteDeadline(writeDeadline); err != nil { + hc.closeConn(cc) + return true, err + } + + resetConnection := false + if hc.MaxConnDuration > 0 && time.Since(cc.createdTime) > hc.MaxConnDuration && !req.ConnectionClose() { + req.SetConnectionClose() + resetConnection = true + } + + bw := hc.acquireWriter(conn) + err = req.Write(bw) + + if resetConnection { + req.Header.ResetConnectionClose() + } + + if err == nil { + err = bw.Flush() + } + hc.releaseWriter(bw) + + // Return ErrTimeout on any timeout. + if x, ok := err.(interface{ Timeout() bool }); ok && x.Timeout() { + err = ErrTimeout + } + + isConnRST := isConnectionReset(err) + if err != nil && !isConnRST { + hc.closeConn(cc) + return true, err + } + + readDeadline := deadline + if hc.ReadTimeout > 0 { + tmpReadDeadline := time.Now().Add(hc.ReadTimeout) + if readDeadline.IsZero() || tmpReadDeadline.Before(readDeadline) { + readDeadline = tmpReadDeadline + } + } + + if err = conn.SetReadDeadline(readDeadline); err != nil { + hc.closeConn(cc) + return true, err + } + + if customSkipBody || req.Header.IsHead() { + resp.SkipBody = true + } + if hc.DisableHeaderNamesNormalizing { + resp.Header.DisableNormalizing() + } + + br := hc.acquireReader(conn) + err = resp.ReadLimitBody(br, hc.MaxResponseBodySize) + hc.releaseReader(br) + if err != nil { + hc.closeConn(cc) + // Don't retry in case of ErrBodyTooLarge since we will just get the same again. + needRetry := err != ErrBodyTooLarge + return needRetry, err + } + + closeConn := resetConnection || req.ConnectionClose() || resp.ConnectionClose() || isConnRST + if customStreamBody && resp.bodyStream != nil { + rbs := resp.bodyStream + resp.bodyStream = newCloseReader(rbs, func() error { + if r, ok := rbs.(*requestStream); ok { + releaseRequestStream(r) + } + if closeConn { + hc.closeConn(cc) + } else { + hc.releaseConn(cc) + } + return nil + }) + return false, nil + } + + if closeConn { + hc.closeConn(cc) + } else { + hc.releaseConn(cc) + } + return false, nil +} diff --git a/src/vendor/github.com/valyala/fasthttp/header.go b/src/vendor/github.com/valyala/fasthttp/header.go index 5665e79e5..ca9062f6c 100644 --- a/src/vendor/github.com/valyala/fasthttp/header.go +++ b/src/vendor/github.com/valyala/fasthttp/header.go @@ -344,6 +344,18 @@ func (h *ResponseHeader) SetContentEncodingBytes(contentEncoding []byte) { h.contentEncoding = append(h.contentEncoding[:0], contentEncoding...) } +// addVaryBytes add value to the 'Vary' header if it's not included +func (h *ResponseHeader) addVaryBytes(value []byte) { + v := h.peek(strVary) + if len(v) == 0 { + // 'Vary' is not set + h.SetBytesV(HeaderVary, value) + } else if !bytes.Contains(v, value) { + // 'Vary' is set and not contains target value + h.SetBytesV(HeaderVary, append(append(v, ','), value...)) + } // else: 'Vary' is set and contains target value +} + // Server returns Server header value. func (h *ResponseHeader) Server() []byte { return h.server diff --git a/src/vendor/github.com/valyala/fasthttp/headers.go b/src/vendor/github.com/valyala/fasthttp/headers.go index 676a0da18..9d6d0a34e 100644 --- a/src/vendor/github.com/valyala/fasthttp/headers.go +++ b/src/vendor/github.com/valyala/fasthttp/headers.go @@ -136,7 +136,7 @@ const ( // WebSockets HeaderSecWebSocketAccept = "Sec-WebSocket-Accept" - HeaderSecWebSocketExtensions = "Sec-WebSocket-Extensions" + HeaderSecWebSocketExtensions = "Sec-WebSocket-Extensions" /* #nosec G101 */ HeaderSecWebSocketKey = "Sec-WebSocket-Key" HeaderSecWebSocketProtocol = "Sec-WebSocket-Protocol" HeaderSecWebSocketVersion = "Sec-WebSocket-Version" diff --git a/src/vendor/github.com/valyala/fasthttp/http.go b/src/vendor/github.com/valyala/fasthttp/http.go index ffb02c8b7..988288815 100644 --- a/src/vendor/github.com/valyala/fasthttp/http.go +++ b/src/vendor/github.com/valyala/fasthttp/http.go @@ -8,7 +8,6 @@ import ( "errors" "fmt" "io" - "math" "mime/multipart" "net" "os" @@ -936,7 +935,7 @@ func (req *Request) parsePostArgs() { // ErrNoMultipartForm means that the request's Content-Type // isn't 'multipart/form-data'. -var ErrNoMultipartForm = errors.New("request has no multipart/form-data Content-Type") +var ErrNoMultipartForm = errors.New("request Content-Type has bad boundary or is not multipart/form-data") // MultipartForm returns request's multipart form. // @@ -1723,6 +1722,7 @@ func (resp *Response) brotliBody(level int) error { resp.bodyRaw = nil } resp.Header.SetContentEncodingBytes(strBr) + resp.Header.addVaryBytes(strAcceptEncoding) return nil } @@ -1778,6 +1778,7 @@ func (resp *Response) gzipBody(level int) error { resp.bodyRaw = nil } resp.Header.SetContentEncodingBytes(strGzip) + resp.Header.addVaryBytes(strAcceptEncoding) return nil } @@ -1833,6 +1834,7 @@ func (resp *Response) deflateBody(level int) error { resp.bodyRaw = nil } resp.Header.SetContentEncodingBytes(strDeflate) + resp.Header.addVaryBytes(strAcceptEncoding) return nil } @@ -2207,7 +2209,7 @@ func readBodyIdentity(r *bufio.Reader, maxBodySize int, dst []byte) ([]byte, err return dst[:offset], ErrBodyTooLarge } if len(dst) == offset { - n := round2(2 * offset) + n := roundUpForSliceCap(2 * offset) if maxBodySize > 0 && n > maxBodySize { n = maxBodySize + 1 } @@ -2226,7 +2228,7 @@ func appendBodyFixedSize(r *bufio.Reader, dst []byte, n int) ([]byte, error) { offset := len(dst) dstLen := offset + n if cap(dst) < dstLen { - b := make([]byte, round2(dstLen)) + b := make([]byte, roundUpForSliceCap(dstLen)) copy(b, dst) dst = b } @@ -2336,26 +2338,6 @@ func readCrLf(r *bufio.Reader) error { return nil } -func round2(n int) int { - if n <= 0 { - return 0 - } - - x := uint32(n - 1) - x |= x >> 1 - x |= x >> 2 - x |= x >> 4 - x |= x >> 8 - x |= x >> 16 - - // Make sure we don't return 0 due to overflow, even on 32 bit systems - if x >= uint32(math.MaxInt32) { - return math.MaxInt32 - } - - return int(x + 1) -} - // SetTimeout sets timeout for the request. // // req.SetTimeout(t); c.Do(&req, &resp) is equivalent to diff --git a/src/vendor/github.com/valyala/fasthttp/lbclient.go b/src/vendor/github.com/valyala/fasthttp/lbclient.go index 6be2dc9be..7fd8a9383 100644 --- a/src/vendor/github.com/valyala/fasthttp/lbclient.go +++ b/src/vendor/github.com/valyala/fasthttp/lbclient.go @@ -138,7 +138,7 @@ func (cc *LBClient) get() *lbClient { minT := atomic.LoadUint64(&minC.total) for _, c := range cs[1:] { n := c.PendingRequests() - t := atomic.LoadUint64(&c.total) + t := atomic.LoadUint64(&c.total) /* #nosec G601 */ if n < minN || (n == minN && t < minT) { minC = c minN = n diff --git a/src/vendor/github.com/valyala/fasthttp/round2_32.go b/src/vendor/github.com/valyala/fasthttp/round2_32.go new file mode 100644 index 000000000..2990e4211 --- /dev/null +++ b/src/vendor/github.com/valyala/fasthttp/round2_32.go @@ -0,0 +1,31 @@ +//go:build !amd64 && !arm64 && !ppc64 && !ppc64le && !s390x +// +build !amd64,!arm64,!ppc64,!ppc64le,!s390x + +package fasthttp + +import "math" + +func roundUpForSliceCap(n int) int { + if n <= 0 { + return 0 + } + + // Above 100MB, we don't round up as the overhead is too large. + if n > 100*1024*1024 { + return n + } + + x := uint32(n - 1) + x |= x >> 1 + x |= x >> 2 + x |= x >> 4 + x |= x >> 8 + x |= x >> 16 + + // Make sure we don't return 0 due to overflow, even on 32 bit systems + if x >= uint32(math.MaxInt32) { + return math.MaxInt32 + } + + return int(x + 1) +} diff --git a/src/vendor/github.com/valyala/fasthttp/round2_64.go b/src/vendor/github.com/valyala/fasthttp/round2_64.go new file mode 100644 index 000000000..8a8e2a23e --- /dev/null +++ b/src/vendor/github.com/valyala/fasthttp/round2_64.go @@ -0,0 +1,24 @@ +//go:build amd64 || arm64 || ppc64 || ppc64le || s390x +// +build amd64 arm64 ppc64 ppc64le s390x + +package fasthttp + +func roundUpForSliceCap(n int) int { + if n <= 0 { + return 0 + } + + // Above 100MB, we don't round up as the overhead is too large. + if n > 100*1024*1024 { + return n + } + + x := uint64(n - 1) + x |= x >> 1 + x |= x >> 2 + x |= x >> 4 + x |= x >> 8 + x |= x >> 16 + + return int(x + 1) +} diff --git a/src/vendor/github.com/valyala/fasthttp/s2b_old.go b/src/vendor/github.com/valyala/fasthttp/s2b_old.go index 4cc141c42..d269cba7e 100644 --- a/src/vendor/github.com/valyala/fasthttp/s2b_old.go +++ b/src/vendor/github.com/valyala/fasthttp/s2b_old.go @@ -13,9 +13,7 @@ import ( // Note it may break if string and/or slice header will change // in the future go versions. func s2b(s string) (b []byte) { - /* #nosec G103 */ bh := (*reflect.SliceHeader)(unsafe.Pointer(&b)) - /* #nosec G103 */ sh := (*reflect.StringHeader)(unsafe.Pointer(&s)) bh.Data = sh.Data bh.Cap = sh.Len diff --git a/src/vendor/github.com/valyala/fasthttp/server.go b/src/vendor/github.com/valyala/fasthttp/server.go index 5d7b17e8f..73683bf8a 100644 --- a/src/vendor/github.com/valyala/fasthttp/server.go +++ b/src/vendor/github.com/valyala/fasthttp/server.go @@ -1677,14 +1677,13 @@ func (s *Server) ListenAndServeTLSEmbed(addr string, certData, keyData []byte) e // the function will use previously added TLS configuration. func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error { s.mu.Lock() - err := s.AppendCert(certFile, keyFile) - if err != nil && err != errNoCertOrKeyProvided { - s.mu.Unlock() - return err - } - if s.TLSConfig == nil { - s.mu.Unlock() - return errNoCertOrKeyProvided + s.configTLS() + configHasCert := len(s.TLSConfig.Certificates) > 0 || s.TLSConfig.GetCertificate != nil + if !configHasCert || certFile != "" || keyFile != "" { + if err := s.AppendCert(certFile, keyFile); err != nil { + s.mu.Unlock() + return err + } } // BuildNameToCertificate has been deprecated since 1.14. @@ -1706,15 +1705,13 @@ func (s *Server) ServeTLS(ln net.Listener, certFile, keyFile string) error { // the function will use previously added TLS configuration. func (s *Server) ServeTLSEmbed(ln net.Listener, certData, keyData []byte) error { s.mu.Lock() - - err := s.AppendCertEmbed(certData, keyData) - if err != nil && err != errNoCertOrKeyProvided { - s.mu.Unlock() - return err - } - if s.TLSConfig == nil { - s.mu.Unlock() - return errNoCertOrKeyProvided + s.configTLS() + configHasCert := len(s.TLSConfig.Certificates) > 0 || s.TLSConfig.GetCertificate != nil + if !configHasCert || len(certData) != 0 || len(keyData) != 0 { + if err := s.AppendCertEmbed(certData, keyData); err != nil { + s.mu.Unlock() + return err + } } // BuildNameToCertificate has been deprecated since 1.14. @@ -1788,15 +1785,12 @@ func (s *Server) Serve(ln net.Listener) error { maxWorkersCount := s.getConcurrency() s.mu.Lock() - { - s.ln = append(s.ln, ln) - if s.done == nil { - s.done = make(chan struct{}) - } - - if s.concurrencyCh == nil { - s.concurrencyCh = make(chan struct{}, maxWorkersCount) - } + s.ln = append(s.ln, ln) + if s.done == nil { + s.done = make(chan struct{}) + } + if s.concurrencyCh == nil { + s.concurrencyCh = make(chan struct{}, maxWorkersCount) } s.mu.Unlock() diff --git a/src/vendor/github.com/valyala/fasthttp/strings.go b/src/vendor/github.com/valyala/fasthttp/strings.go index 0e201a161..3cec8ed0e 100644 --- a/src/vendor/github.com/valyala/fasthttp/strings.go +++ b/src/vendor/github.com/valyala/fasthttp/strings.go @@ -57,6 +57,7 @@ var ( strProxyAuthenticate = []byte(HeaderProxyAuthenticate) strProxyAuthorization = []byte(HeaderProxyAuthorization) strWWWAuthenticate = []byte(HeaderWWWAuthenticate) + strVary = []byte(HeaderVary) strCookieExpires = []byte("expires") strCookieDomain = []byte("domain") diff --git a/src/vendor/github.com/valyala/fasthttp/tcpdialer.go b/src/vendor/github.com/valyala/fasthttp/tcpdialer.go index d62bfe78e..5c7531e94 100644 --- a/src/vendor/github.com/valyala/fasthttp/tcpdialer.go +++ b/src/vendor/github.com/valyala/fasthttp/tcpdialer.go @@ -280,7 +280,8 @@ func (d *TCPDialer) dial(addr string, dualStack bool, timeout time.Duration) (ne go d.tcpAddrsClean() }) - addrs, idx, err := d.getTCPAddrs(addr, dualStack) + deadline := time.Now().Add(timeout) + addrs, idx, err := d.getTCPAddrs(addr, dualStack, deadline) if err != nil { return nil, err } @@ -291,7 +292,6 @@ func (d *TCPDialer) dial(addr string, dualStack bool, timeout time.Duration) (ne var conn net.Conn n := uint32(len(addrs)) - deadline := time.Now().Add(timeout) for n > 0 { conn, err = d.tryDial(network, &addrs[idx%n], deadline, d.concurrencyCh) if err == nil { @@ -379,7 +379,7 @@ func (d *TCPDialer) tcpAddrsClean() { } } -func (d *TCPDialer) getTCPAddrs(addr string, dualStack bool) ([]net.TCPAddr, uint32, error) { +func (d *TCPDialer) getTCPAddrs(addr string, dualStack bool, deadline time.Time) ([]net.TCPAddr, uint32, error) { item, exist := d.tcpAddrsMap.Load(addr) e, ok := item.(*tcpAddrEntry) if exist && ok && e != nil && time.Since(e.resolveTime) > d.DNSCacheDuration { @@ -390,7 +390,7 @@ func (d *TCPDialer) getTCPAddrs(addr string, dualStack bool) ([]net.TCPAddr, uin } if e == nil { - addrs, err := resolveTCPAddrs(addr, dualStack, d.Resolver) + addrs, err := resolveTCPAddrs(addr, dualStack, d.Resolver, deadline) if err != nil { item, exist := d.tcpAddrsMap.Load(addr) e, ok = item.(*tcpAddrEntry) @@ -412,7 +412,7 @@ func (d *TCPDialer) getTCPAddrs(addr string, dualStack bool) ([]net.TCPAddr, uin return e.addrs, idx, nil } -func resolveTCPAddrs(addr string, dualStack bool, resolver Resolver) ([]net.TCPAddr, error) { +func resolveTCPAddrs(addr string, dualStack bool, resolver Resolver, deadline time.Time) ([]net.TCPAddr, error) { host, portS, err := net.SplitHostPort(addr) if err != nil { return nil, err @@ -426,7 +426,8 @@ func resolveTCPAddrs(addr string, dualStack bool, resolver Resolver) ([]net.TCPA resolver = net.DefaultResolver } - ctx := context.Background() + ctx, cancel := context.WithDeadline(context.Background(), deadline) + defer cancel() ipaddrs, err := resolver.LookupIPAddr(ctx, host) if err != nil { return nil, err diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt index b3e0b5a78..aa343c8d8 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -161,7 +161,7 @@ github.com/square/certstrap/pkix # github.com/valyala/bytebufferpool v1.0.0 ## explicit github.com/valyala/bytebufferpool -# github.com/valyala/fasthttp v1.48.0 +# github.com/valyala/fasthttp v1.49.0 ## explicit; go 1.20 github.com/valyala/fasthttp github.com/valyala/fasthttp/fasthttputil