Граф коммитов

31 Коммитов

Автор SHA1 Сообщение Дата
Olivier Wulveryck 2364a5e8fd playground/socket: remove the os cleanup from start method of process
The cleaning process happens in the end method of process, after cmd.Wait.
Deleting it early while the cmd is still running is causing issues for
security tools.

Move the assignment of p.path along with its comment to happen earlier,
after the temporary directory is created. It clarifies that the lack of
call to os.RemoveAll is not a mistake.

Fixes golang/go#40902

Change-Id: I0e555c58893c64a0de5880a5e12e6ff2e01b1eec
Reviewed-on: https://go-review.googlesource.com/c/tools/+/249777
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
2020-09-03 00:54:29 +00:00
Dan Kortschak 8db96347c9 playground/socket: handle multi-file present play snippets
Fixes golang/go#35242

Change-Id: I9621aa0843026ab6331499bcd0ad5ba1e4a21ca5
Reviewed-on: https://go-review.googlesource.com/c/tools/+/204237
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-12-03 04:46:16 +00:00
Dmitri Shuralyov 6a08e3108d playground: use stdlib instead of appengine packages
With modern versions of App Engine, it's no longer needed to use the
google.golang.org/appengine/... packages.

Package log from standard library can be used instead of the
google.golang.org/appengine/log package. Packages net/http and
context from standard library can be used instead of
google.golang.org/appengine/urlfetch.

This simplifies the code and reduces the number of dependences.

Start using the golangorgenv package from previous commit to
make the decision of whether to enforce sharing restrictions,
rather than relying on the appengine build tag. The appengine
build tag is no longer set in App Engine Standard with Go 1.11+
runtime. An alternative solution would be detect App Engine by
doing something like:

	// GAE_ENV environment variable is set to "standard" in App Engine environment, Go 1.11 runtime.
	// See https://cloud.google.com/appengine/docs/standard/go111/runtime#environment_variables.
	var onAppengine = os.Getenv("GAE_ENV") == "standard"

But we choose to upgrade to explicit app-scoped environment variable
configuration as part of this change. It provides better security
properties, and the value of adding an intermediate transitional step
is not high enough to justify doing it.

When getting the value of "X-AppEngine-Country" header, use its
canonical format "X-Appengine-Country" to avoid an allocation.
This does not change behavior.

Run go mod tidy (using Go 1.12).

Updates golang/go#29981
Updates golang/go#30486

Change-Id: I82a59e0f28623e06762b7ebdf3930b5ee243acda
Reviewed-on: https://go-review.googlesource.com/c/tools/+/160837
Reviewed-by: Michael Matloob <matloob@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2019-03-07 16:39:23 +00:00
Andrew Bonventre 29f11e2b93 playground: use play.golang.org instead of golang.org
Calling golang.org/{compile|share} just forwards it to
play.golang.org/{compile|share}. Avoid the extra jump for the
request.

Change-Id: I95e8e79fe4623346663d0c11204f196c75716177
Reviewed-on: https://go-review.googlesource.com/c/140839
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
2018-10-10 00:07:25 +00:00
Andrew Bonventre 9ae4309624 playground: set content-type header on non-appengine builds
Currently, when a POST request is made using code with build tag
+build !appengine it doesn't set the content-type header passed
to the function. This was breaking the case where a url-encoded
body (a code snippet's body and protocol version) was being POSTed
to golang.org/compile since it never set the content-type of the
request and the corresponding form values parsed out were empty as
a result.

Update golang/go#28080

Change-Id: I677ca01b2f5aecedbd13d1faa7a838ddc0199244
Reviewed-on: https://go-review.googlesource.com/c/140838
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
2018-10-10 00:03:39 +00:00
Andrew Bonventre 8f8fd1f239 playground: increase urlfetch timeout on GAE classic
The default timeout for urlfetch requests on App Engine Classic is
5 seconds. Sometimes the requests can take longer, so increase it to
the maximum value of 60 seconds. The playground has its own timeout for
running code so there's no need to impose a second level of protection.

Also cleans up the code to remove old appenginevm code and use the
correct imports.

Change-Id: I15da96e5ba70fb008bf821f4609f431847662223
Reviewed-on: https://go-review.googlesource.com/129395
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Andrew Bonventre <andybons@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2018-08-14 23:19:41 +00:00
Kazuhiro Sera 4354ead92e all: fix typos in comments
This pull request fixes several typos in comments. I believe that they're safe enough.

Change-Id: Ic7c594bdb89dcd04f8775f225abbc0f966f3728e
GitHub-Last-Rev: 2394feb263
GitHub-Pull-Request: golang/tools#45
Reviewed-on: https://go-review.googlesource.com/128956
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-08-10 18:15:57 +00:00
Brad Fitzpatrick 7d72743fce playground/socket: deflake test, remove sleep
Fixes golang/go#18275

Change-Id: Iedb0a21a3fe0b383a2e51fc92076d7fd005d71e6
Reviewed-on: https://go-review.googlesource.com/34277
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2016-12-11 02:33:14 +00:00
Andrew Gerrand f3109af80d playground: fix share URL
The baseURL is used to construct the target URLs for both /compile
and /share. When I changed it recently, I forgot about the latter case.

Change-Id: Icde617b1cc3d31d98ca4b62e313b9d886253f1cc
Reviewed-on: https://go-review.googlesource.com/22689
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2016-05-02 16:10:21 +00:00
Andrew Gerrand 1f1b3322f6 playground: hit golang.org/compile endpoint instead of play.golang.org
Not sure why this was originally going via the playground. It needn't.

Change-Id: I40b5886a56ba4b941ff74f4bc325625412d7eaff
Reviewed-on: https://go-review.googlesource.com/22497
Reviewed-by: Andrew Gerrand <adg@golang.org>
2016-04-27 05:26:01 +00:00
Andrew Gerrand 8b178a93c1 playground/socket: fix message buffering
Use time.After to avoid the finnicky antics of
correctly resetting a time.Timer.

Fixes golang/go#13749

Change-Id: I3f1ed17a31d981996e2bb7a8155c3ba0ec723c7d
Reviewed-on: https://go-review.googlesource.com/19942
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
2016-02-29 11:33:26 +00:00
Andrew Gerrand 823804e1ae playground/socket: only buffer messages of one kind, add tests
Change-Id: I38c2b39fb1090669f8ede7f681f7b1c800111f23
Reviewed-on: https://go-review.googlesource.com/16508
Reviewed-by: jcd . <jcd@golang.org>
2015-10-30 06:08:43 +00:00
Andrew Gerrand 14fd3daae1 playground/socket: fix race condition and goroutine leak
Fixes golang/go#11507

Change-Id: Ifa0a34df02433b3f8a5fb60c4df4eca47750646e
Reviewed-on: https://go-review.googlesource.com/16468
Reviewed-by: jcd . <jcd@golang.org>
2015-10-30 05:20:32 +00:00
Andrew Gerrand e1d85eb8a3 playground, godoc: remove HK and RC from share-blocked country code list
These codes were initially included because of a miscommunication.
They should not be in the list at all.

Fixes golang/go#12747

Change-Id: I1a53e9c7be8edf5e1dbb95cd03101b93023a12c1
Reviewed-on: https://go-review.googlesource.com/15082
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-09-28 23:55:41 +00:00
Andrew Gerrand ffb6076c75 playground: recognize managed vm's as being "on app engine"
Change-Id: I117b113e2782cab1180e6f56e1869525564ab18f
Reviewed-on: https://go-review.googlesource.com/14663
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-09-17 02:42:04 +00:00
Andrew Gerrand 4df6ae9fad playground: block share functionality from specific countries
This will permit us to serve *.golang.org to Chinese users.

Change-Id: If184760d7f4c9e49a3df3785c15af770958413de
Reviewed-on: https://go-review.googlesource.com/14190
Reviewed-by: Jason Buberel <jbuberel@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-09-02 05:51:01 +00:00
Andrew Gerrand e645bbf898 playground/socket: make output/end race less likely
This doesn't fix the race; doing that would require a bit of a redesign.
Since GopherCon is this week, just put in this stop-gap measure for now.

Update golang/go#11534

Change-Id: Ied6c5dd52778534a7a08b5ba3fa15c0352a65646
Reviewed-on: https://go-review.googlesource.com/11886
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
2015-07-05 21:12:29 +00:00
David Symonds 24257c8cd2 tools: add import comments.
Change-Id: Idda6e64580432cb9a731e4ebf4005ee4ceb4202d
Reviewed-on: https://go-review.googlesource.com/1244
Reviewed-by: Andrew Gerrand <adg@golang.org>
2014-12-09 22:42:16 +00:00
Andrew Gerrand 5ebbcd132f go.tools: use golang.org/x/... import paths
Rewrite performed with this command:
  sed -i '' 's_code.google.com/p/go\._golang.org/x/_g' \
    $(grep -lr 'code.google.com/p/go.' *)

LGTM=rsc
R=rsc
CC=golang-codereviews
https://golang.org/cl/170920043
2014-11-10 08:50:40 +11:00
Francesc Campoy cf8082eec5 go.tools/playground: return a better message for code starting with a shebang on non local mode
LGTM=adg, dan.kortschak
R=adg, dan.kortschak, campoy
CC=golang-codereviews
https://golang.org/cl/119160043
2014-08-01 15:04:49 -07:00
Shenghou Ma daba707591 go.tools/playground/socket: fix nacl/arm command line.
nacl_helper_bootstrap_arm doesn't consult $PATH for sel_ldr_arm.

LGTM=adg
R=adg, dan.kortschak
CC=golang-codereviews
https://golang.org/cl/112010044
2014-07-10 00:46:43 -04:00
Robert Daniel Kortschak ea9b1bd08b go.tools/playground/socket: add support for Native Client on arm
LGTM=minux
R=adg, minux
CC=golang-codereviews
https://golang.org/cl/110900043
2014-07-08 22:40:37 -04:00
Robert Daniel Kortschak 063db5971c go.tools/playground/socket: log connections and code snippet run requests
This logs all successful handshakes and all requests to run code snippets;
it is not immediately obvious how to limit this to non-localhost hosts, or
to instances where publicly available playgrounds are allowed without resorting
to addition of a new global. The level of noise on the log should not be too
great.

LGTM=adg
R=adg
CC=golang-codereviews
https://golang.org/cl/112850043
2014-07-09 12:14:27 +10:00
Robert Daniel Kortschak 34a8e96191 go.tools/playground/socket: add Native Client wrapper handling
LGTM=adg
R=adg, dave, rsc, minux
CC=golang-codereviews
https://golang.org/cl/77240043
2014-07-08 10:44:34 +10:00
Mikio Hara 96cece04e7 go.tools/{cmd/present,playground/socket}: add orighost flag to handle the web origin more flexible
Also fixes the following nits;
- literal IPv6 address handling
- URL host component handling in the case of a wildcard listen
- URL port component handling in the case of no port component in origin

Fixes golang/go#8096.

LGTM=dan.kortschak, adg
R=adg, golang-codereviews, dan.kortschak
CC=golang-codereviews
https://golang.org/cl/102770046
2014-06-02 21:39:33 +09:00
Andrew Gerrand 3d0528640b go.tools/playground/socket: require origin to set up socket handler
This prevents cross-site request forgery attacks.

LGTM=rsc
R=rsc
CC=golang-codereviews
https://golang.org/cl/95030044
2014-05-05 08:42:12 -07:00
Robert Daniel Kortschak 84fae1b215 go.tools/playground: provide script-safe option for playground
This change allows code to be sent safely to a partially sandboxed playground using the Native Client environment.

Execution of non-Go code is blocked when the RunScripts is false to prevent inclusion of code that might escape by virtue of being under a different runtime environment.

Two options for communicating whether to prevent non-Go code were considered: as has been done here and alternatively, using a message field. The latter was not chosen to close that as an attack option.

Another will be follow that adds a -nacl flag to the present command to allow sandboxing of playground code in presentations.

See discussion here: https://groups.google.com/d/topic/golang-dev/Hy-7PBP-T4Q/

LGTM=adg
R=adg, dave
CC=golang-codereviews
https://golang.org/cl/74740045
2014-03-17 16:57:36 +11:00
Francesc Campoy ca8198c132 go.tools/playground: parse shebang correctly
Fixes golang/go#7321.

LGTM=adg
R=adg
CC=golang-codereviews
https://golang.org/cl/63560043
2014-02-18 09:44:12 -08:00
Francesc Campoy fea69e5bab go.tools/present: add support for non Go code execution
R=adg, r
CC=golang-dev
https://golang.org/cl/14615043
2013-10-14 14:14:08 -07:00
Andrew Gerrand b605e38d5d go.tools/playground/socket: move package from go.talks
R=golang-dev, dsymonds
CC=golang-dev
https://golang.org/cl/13244049
2013-09-19 10:59:00 +10:00
Andrew Gerrand a76da35c40 go.tools: move playground to repo root
R=golang-dev, r
CC=golang-dev
https://golang.org/cl/13451046
2013-09-19 10:45:22 +10:00