projects / golang-1.7.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9bfc151) | patch
[PATCH] cmd/go: restrict meta imports to valid schemes
authorIan Lance Taylor <iant@golang.org>
Thu, 15 Feb 2018 23:57:13 +0000 (15:57 -0800)
committerSylvain Beucler <beuc@debian.org>
Fri, 21 Jan 2022 18:45:18 +0000 (18:45 +0000)
commit3e4d31eca9a60b23f3510d145f5fcc0fd2a259e7
tree34766e7642f93e6f5d1054fd7a4774966c6e7fd3tree | snapshot
parent9bfc151f099c02b4c14aef63e3e9f70c2c5d31b5commit | diff
[PATCH] cmd/go: restrict meta imports to valid schemes

Before this change, when using -insecure, we permitted any meta import
repo root as long as it contained "://". When not using -insecure, we
restrict meta import repo roots to be valid URLs. People may depend on
that somehow, so permit meta import repo roots to be invalid URLs, but
require them to have valid schemes per RFC 3986.

Fixes #23867

Change-Id: Iac666dfc75ac321bf8639dda5b0dba7c8840922d
Reviewed-on: https://go-review.googlesource.com/94603
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Gbp-Pq: Name cve-2018-7187.patch
src/cmd/go/vcs.go diff | blob | history
src/cmd/go/vcs_test.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.