The "golang.org/x/sys/execabs" package was introduced to address a
security issue on Windows, and changing the default behavior of os/exec
was considered a breaking change. go1.19 applied the behavior that was
previously implemented in the execabs package through CL 403274.
This reverts fe37c9e135 (CL 284773).
Updates #43724.
Change-Id: I53987d0d0009b8dd11e05fc3d17cbffb9625a9c1
GitHub-Last-Rev: 18e93f39c4
GitHub-Pull-Request: golang/tools#455
Reviewed-on: https://go-review.googlesource.com/c/tools/+/539017
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Bryan Mills <bcmills@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Commit-Queue: Bryan Mills <bcmills@google.com>
ioutil defines 7 functions. 6 of these are replaced by
functions in io or os with the same signature.
ReadDir is deprecated, but the suggested replacement has a different
signature.
These changes were generated by a program, with some manual adjutments.
The program replaces ReadDir with a call to a function named ioutilReadDir
that has the same signature. The code for this function
is added to files if necessary. The program replaces all the others
with their new versions. The program removes the 'io/ioutil' import
and adds, as necessary, 'os', 'io', and 'io/fs', the latter being
needed for the signature of ioutilReadDir.
The automatic process fails in a few ways:
1. ReadFile occurs only in a comment but the program adds an unneeded import.
2. ioutilReadDir is added to more than one file in the same package
Both of these could be viewed as bugs and fixed by looking harder.
After manual adjustment, two tests failed:
1. gopls/internal/lsp/regtesg/mis:TestGenerateProgress. The reason
was a use of ioutil in a txtar constant. The calls were changed,
but the code is not smart enough to change the import inside the
string constant. (Or it's not smart enough not to change the
contents of a string.)
2. gopls/internal/lsp/analysis/deprecated, which wants to see a use
of ioutil
These tests were adjused by hand, and all tests (-short) pass.
Change-Id: If9efe40bbb0edda36173d9a88afaf71245db8e79
Reviewed-on: https://go-review.googlesource.com/c/tools/+/527675
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Peter Weinberger <pjw@google.com>
Reviewed-by: Heschi Kreinick <heschi@google.com>
The /share registration is not needed by programs like
talks and blog, only by golang.org, so installing it by default
is unnecessary and perhaps more exposure than people running
those servers intend.
Add Proxy to allow recreating the /share registration (unlikely)
or installing the proxy on an alternate mux (more likely).
Change-Id: Ibb33add804d353920d405bf022428e48b3815da3
Reviewed-on: https://go-review.googlesource.com/c/tools/+/293449
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
gopls-CI: kokoro <noreply+kokoro@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Not strictly necessary but will avoid gofmt changes later
as people edit these files.
Change-Id: I20749ed82e18938a305d9425d0739f0ea7bd24c0
Reviewed-on: https://go-review.googlesource.com/c/tools/+/294414
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
gopls-CI: kokoro <noreply+kokoro@google.com>
Reviewed-by: Robert Griesemer <gri@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
This change ensures that packages using exec.LookPath or
exec.Command to find or run binaries do not accidentally run
programs from the current directory when they mean to run programs
from the system PATH instead.
Change-Id: I5907aa630ff64012395a7eb472967a477d90f12e
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/949438
Reviewed-by: Katie Hockman <katiehockman@google.com>
Reviewed-by: Russ Cox <rsc@google.com>
Reviewed-on: https://go-review.googlesource.com/c/tools/+/284773
Run-TryBot: Roland Shoemaker <roland@golang.org>
gopls-CI: kokoro <noreply+kokoro@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Adapted the script that I used to automatically add copyright notices
into a test that all files in the repository currently have appropriate
copyrights. Caught a few typos and extra spaces, which I decided to fix
rather than adjust regular expression.
Change-Id: Ifdbad969eca482e25c89afc5a2ddd5968c6661a6
Reviewed-on: https://go-review.googlesource.com/c/tools/+/282592
Trust: Rebecca Stambler <rstambler@golang.org>
Run-TryBot: Rebecca Stambler <rstambler@golang.org>
gopls-CI: kokoro <noreply+kokoro@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
The cleaning process happens in the end method of process, after cmd.Wait.
Deleting it early while the cmd is still running is causing issues for
security tools.
Move the assignment of p.path along with its comment to happen earlier,
after the temporary directory is created. It clarifies that the lack of
call to os.RemoveAll is not a mistake.
Fixesgolang/go#40902
Change-Id: I0e555c58893c64a0de5880a5e12e6ff2e01b1eec
Reviewed-on: https://go-review.googlesource.com/c/tools/+/249777
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
With modern versions of App Engine, it's no longer needed to use the
google.golang.org/appengine/... packages.
Package log from standard library can be used instead of the
google.golang.org/appengine/log package. Packages net/http and
context from standard library can be used instead of
google.golang.org/appengine/urlfetch.
This simplifies the code and reduces the number of dependences.
Start using the golangorgenv package from previous commit to
make the decision of whether to enforce sharing restrictions,
rather than relying on the appengine build tag. The appengine
build tag is no longer set in App Engine Standard with Go 1.11+
runtime. An alternative solution would be detect App Engine by
doing something like:
// GAE_ENV environment variable is set to "standard" in App Engine environment, Go 1.11 runtime.
// See https://cloud.google.com/appengine/docs/standard/go111/runtime#environment_variables.
var onAppengine = os.Getenv("GAE_ENV") == "standard"
But we choose to upgrade to explicit app-scoped environment variable
configuration as part of this change. It provides better security
properties, and the value of adding an intermediate transitional step
is not high enough to justify doing it.
When getting the value of "X-AppEngine-Country" header, use its
canonical format "X-Appengine-Country" to avoid an allocation.
This does not change behavior.
Run go mod tidy (using Go 1.12).
Updates golang/go#29981
Updates golang/go#30486
Change-Id: I82a59e0f28623e06762b7ebdf3930b5ee243acda
Reviewed-on: https://go-review.googlesource.com/c/tools/+/160837
Reviewed-by: Michael Matloob <matloob@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Calling golang.org/{compile|share} just forwards it to
play.golang.org/{compile|share}. Avoid the extra jump for the
request.
Change-Id: I95e8e79fe4623346663d0c11204f196c75716177
Reviewed-on: https://go-review.googlesource.com/c/140839
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Currently, when a POST request is made using code with build tag
+build !appengine it doesn't set the content-type header passed
to the function. This was breaking the case where a url-encoded
body (a code snippet's body and protocol version) was being POSTed
to golang.org/compile since it never set the content-type of the
request and the corresponding form values parsed out were empty as
a result.
Update golang/go#28080
Change-Id: I677ca01b2f5aecedbd13d1faa7a838ddc0199244
Reviewed-on: https://go-review.googlesource.com/c/140838
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
The default timeout for urlfetch requests on App Engine Classic is
5 seconds. Sometimes the requests can take longer, so increase it to
the maximum value of 60 seconds. The playground has its own timeout for
running code so there's no need to impose a second level of protection.
Also cleans up the code to remove old appenginevm code and use the
correct imports.
Change-Id: I15da96e5ba70fb008bf821f4609f431847662223
Reviewed-on: https://go-review.googlesource.com/129395
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Andrew Bonventre <andybons@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The baseURL is used to construct the target URLs for both /compile
and /share. When I changed it recently, I forgot about the latter case.
Change-Id: Icde617b1cc3d31d98ca4b62e313b9d886253f1cc
Reviewed-on: https://go-review.googlesource.com/22689
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Not sure why this was originally going via the playground. It needn't.
Change-Id: I40b5886a56ba4b941ff74f4bc325625412d7eaff
Reviewed-on: https://go-review.googlesource.com/22497
Reviewed-by: Andrew Gerrand <adg@golang.org>
Use time.After to avoid the finnicky antics of
correctly resetting a time.Timer.
Fixesgolang/go#13749
Change-Id: I3f1ed17a31d981996e2bb7a8155c3ba0ec723c7d
Reviewed-on: https://go-review.googlesource.com/19942
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
These codes were initially included because of a miscommunication.
They should not be in the list at all.
Fixesgolang/go#12747
Change-Id: I1a53e9c7be8edf5e1dbb95cd03101b93023a12c1
Reviewed-on: https://go-review.googlesource.com/15082
Reviewed-by: Andrew Gerrand <adg@golang.org>
This will permit us to serve *.golang.org to Chinese users.
Change-Id: If184760d7f4c9e49a3df3785c15af770958413de
Reviewed-on: https://go-review.googlesource.com/14190
Reviewed-by: Jason Buberel <jbuberel@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This doesn't fix the race; doing that would require a bit of a redesign.
Since GopherCon is this week, just put in this stop-gap measure for now.
Update golang/go#11534
Change-Id: Ied6c5dd52778534a7a08b5ba3fa15c0352a65646
Reviewed-on: https://go-review.googlesource.com/11886
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
Rewrite performed with this command:
sed -i '' 's_code.google.com/p/go\._golang.org/x/_g' \
$(grep -lr 'code.google.com/p/go.' *)
LGTM=rsc
R=rsc
CC=golang-codereviews
https://golang.org/cl/170920043
This logs all successful handshakes and all requests to run code snippets;
it is not immediately obvious how to limit this to non-localhost hosts, or
to instances where publicly available playgrounds are allowed without resorting
to addition of a new global. The level of noise on the log should not be too
great.
LGTM=adg
R=adg
CC=golang-codereviews
https://golang.org/cl/112850043
Also fixes the following nits;
- literal IPv6 address handling
- URL host component handling in the case of a wildcard listen
- URL port component handling in the case of no port component in origin
Fixesgolang/go#8096.
LGTM=dan.kortschak, adg
R=adg, golang-codereviews, dan.kortschak
CC=golang-codereviews
https://golang.org/cl/102770046
This change allows code to be sent safely to a partially sandboxed playground using the Native Client environment.
Execution of non-Go code is blocked when the RunScripts is false to prevent inclusion of code that might escape by virtue of being under a different runtime environment.
Two options for communicating whether to prevent non-Go code were considered: as has been done here and alternatively, using a message field. The latter was not chosen to close that as an attack option.
Another will be follow that adds a -nacl flag to the present command to allow sandboxing of playground code in presentations.
See discussion here: https://groups.google.com/d/topic/golang-dev/Hy-7PBP-T4Q/
LGTM=adg
R=adg, dave
CC=golang-codereviews
https://golang.org/cl/74740045
Sebastiaan van Stijn
Peter Weinbergr
Bryan C. Mills
Russ Cox
Roland Shoemaker
Rebecca Stambler
Olivier Wulveryck
Dan Kortschak
Dmitri Shuralyov
Andrew Bonventre
Kazuhiro Sera
Brad Fitzpatrick
Andrew Gerrand
David Symonds
Francesc Campoy
Shenghou Ma
Robert Daniel Kortschak
Mikio Hara