CL 236857 removed all uses of whitelist/blacklist, which is great.
But it substituted awkward phrasing using allowlist/blocklist,
especially as verbs or participles. This CL uses more standard English,
like "allow the function" or "blocked functions" instead of
"allowlist the function" or "blocklisted functions".
Change-Id: I9106a2fdbd62751c4cbda3a77181358a8a6d0f13
Reviewed-on: https://go-review.googlesource.com/c/go/+/236917
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
<p>
Options specified by cgo using <code>#cgo CFLAGS</code> and the like
-are now checked against an allowlist of permitted options.
+are now checked against a list of permitted options.
This closes a security hole in which a downloaded package uses
compiler options like
<span style="white-space: nowrap"><code>-fplugin</code></span>
}
importPath := filepath.Join("cmd/compile", path)
- if blocklistedPackages[filepath.ToSlash(importPath)] {
+ if ignoredPackages[filepath.ToSlash(importPath)] {
return filepath.SkipDir
}
for index, file := range files {
ast.Inspect(file, func(n ast.Node) bool {
if call, ok := n.(*ast.CallExpr); ok {
- // ignore blocklisted functions
- if blocklistedFunctions[nodeString(call.Fun)] {
+ if ignoredFunctions[nodeString(call.Fun)] {
return true
}
// look for an arguments that might be a format string
// make sure we have enough arguments
n := numFormatArgs(s)
if i+1+n > len(call.Args) {
- t.Errorf("%s: not enough format args (blocklist %s?)", posString(call), nodeString(call.Fun))
+ t.Errorf("%s: not enough format args (ignore %s?)", posString(call), nodeString(call.Fun))
break // ignore this call
}
// assume last n arguments are to be formatted;
return string(append(buf, in[i0:]...))
}
-// blocklistedPackages is the set of packages which can
+// ignoredPackages is the set of packages which can
// be ignored.
-var blocklistedPackages = map[string]bool{}
+var ignoredPackages = map[string]bool{}
-// blocklistedFunctions is the set of functions which may have
+// ignoredFunctions is the set of functions which may have
// format-like arguments but which don't do any formatting and
// thus may be ignored.
-var blocklistedFunctions = map[string]bool{}
+var ignoredFunctions = map[string]bool{}
func init() {
// verify that knownFormats entries are correctly formatted
CheckFlags:
for _, flag := range gcflags {
// Concurrent compilation is presumed incompatible with any gcflags,
- // except for a small allowlist of commonly used flags.
+ // except for known commonly used flags.
// If the user knows better, they can manually add their own -c to the gcflags.
switch flag {
case "-N", "-l", "-S", "-B", "-C", "-I":
}
fmt.Fprintf(os.Stderr, "cmd/link: while reading object for '%v': duplicate symbol '%s', previous def at '%v', with mismatched payload: %s\n", r.unit.Lib, name, rdup.unit.Lib, reason)
- // For the moment, allowlist DWARF subprogram DIEs for
+ // For the moment, allow DWARF subprogram DIEs for
// auto-generated wrapper functions. What seems to happen
// here is that we get different line numbers on formal
// params; I am guessing that the pos is being inherited
// from the spot where the wrapper is needed.
- allowlist := strings.HasPrefix(name, "go.info.go.interface") ||
+ allowed := strings.HasPrefix(name, "go.info.go.interface") ||
strings.HasPrefix(name, "go.info.go.builtin") ||
strings.HasPrefix(name, "go.debuglines")
- if !allowlist {
+ if !allowed {
l.strictDupMsgs++
}
}
}
fmt.Fprintf(os.Stderr, "cmd/link: while reading object for '%v': duplicate symbol '%s', previous def at '%v', with mismatched payload: %s\n", r.lib, dup, dup.Unit.Lib, reason)
- // For the moment, allowlist DWARF subprogram DIEs for
+ // For the moment, allow DWARF subprogram DIEs for
// auto-generated wrapper functions. What seems to happen
// here is that we get different line numbers on formal
// params; I am guessing that the pos is being inherited
// from the spot where the wrapper is needed.
- allowlist := (strings.HasPrefix(dup.Name, "go.info.go.interface") ||
+ allowed := (strings.HasPrefix(dup.Name, "go.info.go.interface") ||
strings.HasPrefix(dup.Name, "go.info.go.builtin") ||
strings.HasPrefix(dup.Name, "go.isstmt.go.builtin") ||
strings.HasPrefix(dup.Name, "go.debuglines"))
- if !allowlist {
+ if !allowed {
r.strictDupMsgs++
}
}
}
s = strings.ToLower(s)
if t := attrType(s); t != contentTypePlain {
- // TODO: Split attr and element name part filters so we can allowlist
- // attributes.
+ // TODO: Split attr and element name part filters so we can recognize known attributes.
return filterFailsafe
}
for _, r := range s {
// NOTE: This is not intended to reflect the actual Go version being used.
// It was changed at the time of Go 1.1 release because the former User-Agent
-// had ended up on a blocklist for some intrusion detection systems.
+// had ended up blocked by some intrusion detection systems.
// See https://codereview.appspot.com/7532043.
const defaultUserAgent = "Go-http-client/1.1"
time.Sleep(rstAvoidanceDelay)
}
-// validNextProto reports whether the proto is not a blocklisted ALPN
-// protocol name. Empty and built-in protocol types are blocklisted
-// and can't be overridden with alternate implementations.
+// validNextProto reports whether the proto is a valid ALPN protocol name.
+// Everything is valid except the empty string and built-in protocol types,
+// so that those can't be overridden with alternate implementations.
func validNextProto(proto string) bool {
switch proto {
case "", "http/1.1", "http/1.0":
//go:nosplit
//go:nowritebarrierrec
func sigaction(sig uint32, new, old *sigactiont) {
- // The runtime package is explicitly blocklisted from sanitizer
- // instrumentation in racewalk.go, but we might be calling into instrumented C
- // functions here — so we need the pointer parameters to be properly marked.
+ // racewalk.go avoids adding sanitizing instrumentation to package runtime,
+ // but we might be calling into instrumented C functions here,
+ // so we need the pointer parameters to be properly marked.
//
- // Mark the input as having been written before the call and the output as
- // read after.
+ // Mark the input as having been written before the call
+ // and the output as read after.
if msanenabled && new != nil {
msanwrite(unsafe.Pointer(new), unsafe.Sizeof(*new))
}
"debugCall16384",
"debugCall32768",
"debugCall65536":
- // These functions are allowlisted so that the debugger can initiate multiple function calls.
+ // These functions are allowed so that the debugger can initiate multiple function calls.
// See: https://golang.org/cl/161137/
return
}