mirror of https://github.com/docker/cli.git
vendor: bump gopkg.in/yaml.v2 v2.2.8
full diff: https://github.com/go-yaml/yaml/compare/v2.2.3...v2.2.8 includes: - go-yaml/yaml 515 Improve heuristics preventing CPU/memory abuse - go-yaml/yaml@f90ceb4f40 Fix check for non-map alias merging in v2 - fix for "yaml.Unmarshal crashes on "assignment to entry in nil map"" - go-yaml/yaml 543 Port stale simple_keys fix to v2 - go-yaml/yaml@1f64d6156d Fix issue in simple_keys improvements - fixes "Invalid simple_keys now cause panics later in decode" - go-yaml/yaml 555 Optimize cases with long potential simple_keys Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
809cc8948d
commit
3dfcfbb2bf
|
@ -81,7 +81,7 @@ golang.org/x/time fbb02b2291d28baffd63558aa44b
|
|||
google.golang.org/genproto 02b4e95473316948020af0b7a4f0f22c73929b0e
|
||||
google.golang.org/grpc 39e8a7b072a67ca2a75f57fa2e0d50995f5b22f6 # v1.23.1
|
||||
gopkg.in/inf.v0 d2d2541c53f18d2a059457998ce2876cc8e67cbf # v0.9.1
|
||||
gopkg.in/yaml.v2 bb4e33bf68bf89cad44d386192cbed201f35b241 # v2.2.3
|
||||
gopkg.in/yaml.v2 53403b58ad1b561927d19068c655246f2db79d48 # v2.2.8
|
||||
gotest.tools 1083505acf35a0bd8a696b26837e1fb3187a7a83 # v2.3.0
|
||||
k8s.io/api 35e20aa79eb876d1014e0383c7fcda49e52c5d76 # kubernetes-1.16.1
|
||||
k8s.io/apimachinery 27d36303b6556f377b4f34e64705fa9024a12b0c # kubernetes-1.16.1
|
||||
|
|
|
@ -318,12 +318,41 @@ func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unm
|
|||
return out, false, false
|
||||
}
|
||||
|
||||
const (
|
||||
// 400,000 decode operations is ~500kb of dense object declarations, or
|
||||
// ~5kb of dense object declarations with 10000% alias expansion
|
||||
alias_ratio_range_low = 400000
|
||||
|
||||
// 4,000,000 decode operations is ~5MB of dense object declarations, or
|
||||
// ~4.5MB of dense object declarations with 10% alias expansion
|
||||
alias_ratio_range_high = 4000000
|
||||
|
||||
// alias_ratio_range is the range over which we scale allowed alias ratios
|
||||
alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
|
||||
)
|
||||
|
||||
func allowedAliasRatio(decodeCount int) float64 {
|
||||
switch {
|
||||
case decodeCount <= alias_ratio_range_low:
|
||||
// allow 99% to come from alias expansion for small-to-medium documents
|
||||
return 0.99
|
||||
case decodeCount >= alias_ratio_range_high:
|
||||
// allow 10% to come from alias expansion for very large documents
|
||||
return 0.10
|
||||
default:
|
||||
// scale smoothly from 99% down to 10% over the range.
|
||||
// this maps to 396,000 - 400,000 allowed alias-driven decodes over the range.
|
||||
// 400,000 decode operations is ~100MB of allocations in worst-case scenarios (single-item maps).
|
||||
return 0.99 - 0.89*(float64(decodeCount-alias_ratio_range_low)/alias_ratio_range)
|
||||
}
|
||||
}
|
||||
|
||||
func (d *decoder) unmarshal(n *node, out reflect.Value) (good bool) {
|
||||
d.decodeCount++
|
||||
if d.aliasDepth > 0 {
|
||||
d.aliasCount++
|
||||
}
|
||||
if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > 0.99 {
|
||||
if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > allowedAliasRatio(d.decodeCount) {
|
||||
failf("document contains excessive aliasing")
|
||||
}
|
||||
switch n.kind {
|
||||
|
@ -759,8 +788,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
|
|||
case mappingNode:
|
||||
d.unmarshal(n, out)
|
||||
case aliasNode:
|
||||
an, ok := d.doc.anchors[n.value]
|
||||
if ok && an.kind != mappingNode {
|
||||
if n.alias != nil && n.alias.kind != mappingNode {
|
||||
failWantMap()
|
||||
}
|
||||
d.unmarshal(n, out)
|
||||
|
@ -769,8 +797,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
|
|||
for i := len(n.children) - 1; i >= 0; i-- {
|
||||
ni := n.children[i]
|
||||
if ni.kind == aliasNode {
|
||||
an, ok := d.doc.anchors[ni.value]
|
||||
if ok && an.kind != mappingNode {
|
||||
if ni.alias != nil && ni.alias.kind != mappingNode {
|
||||
failWantMap()
|
||||
}
|
||||
} else if ni.kind != mappingNode {
|
||||
|
|
|
@ -626,31 +626,18 @@ func trace(args ...interface{}) func() {
|
|||
func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
|
||||
// While we need more tokens to fetch, do it.
|
||||
for {
|
||||
// Check if we really need to fetch more tokens.
|
||||
need_more_tokens := false
|
||||
|
||||
if parser.tokens_head == len(parser.tokens) {
|
||||
// Queue is empty.
|
||||
need_more_tokens = true
|
||||
} else {
|
||||
// Check if any potential simple key may occupy the head position.
|
||||
if !yaml_parser_stale_simple_keys(parser) {
|
||||
if parser.tokens_head != len(parser.tokens) {
|
||||
// If queue is non-empty, check if any potential simple key may
|
||||
// occupy the head position.
|
||||
head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
|
||||
if !ok {
|
||||
break
|
||||
} else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
|
||||
return false
|
||||
}
|
||||
|
||||
for i := range parser.simple_keys {
|
||||
simple_key := &parser.simple_keys[i]
|
||||
if simple_key.possible && simple_key.token_number == parser.tokens_parsed {
|
||||
need_more_tokens = true
|
||||
} else if !valid {
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// We are finished.
|
||||
if !need_more_tokens {
|
||||
break
|
||||
}
|
||||
// Fetch the next token.
|
||||
if !yaml_parser_fetch_next_token(parser) {
|
||||
return false
|
||||
|
@ -678,11 +665,6 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
// Remove obsolete potential simple keys.
|
||||
if !yaml_parser_stale_simple_keys(parser) {
|
||||
return false
|
||||
}
|
||||
|
||||
// Check the indentation level against the current column.
|
||||
if !yaml_parser_unroll_indent(parser, parser.mark.column) {
|
||||
return false
|
||||
|
@ -837,29 +819,30 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
|
|||
"found character that cannot start any token")
|
||||
}
|
||||
|
||||
// Check the list of potential simple keys and remove the positions that
|
||||
// cannot contain simple keys anymore.
|
||||
func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool {
|
||||
// Check for a potential simple key for each flow level.
|
||||
for i := range parser.simple_keys {
|
||||
simple_key := &parser.simple_keys[i]
|
||||
func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
|
||||
if !simple_key.possible {
|
||||
return false, true
|
||||
}
|
||||
|
||||
// The specification requires that a simple key
|
||||
// The 1.2 specification says:
|
||||
//
|
||||
// - is limited to a single line,
|
||||
// - is shorter than 1024 characters.
|
||||
if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) {
|
||||
|
||||
// "If the ? indicator is omitted, parsing needs to see past the
|
||||
// implicit key to recognize it as such. To limit the amount of
|
||||
// lookahead required, the “:” indicator must appear at most 1024
|
||||
// Unicode characters beyond the start of the key. In addition, the key
|
||||
// is restricted to a single line."
|
||||
//
|
||||
if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
|
||||
// Check if the potential simple key to be removed is required.
|
||||
if simple_key.required {
|
||||
return yaml_parser_set_scanner_error(parser,
|
||||
return false, yaml_parser_set_scanner_error(parser,
|
||||
"while scanning a simple key", simple_key.mark,
|
||||
"could not find expected ':'")
|
||||
}
|
||||
simple_key.possible = false
|
||||
return false, true
|
||||
}
|
||||
}
|
||||
return true
|
||||
return true, true
|
||||
}
|
||||
|
||||
// Check if a simple key may start at the current position and add it if
|
||||
|
@ -879,13 +862,14 @@ func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
|
|||
possible: true,
|
||||
required: required,
|
||||
token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
|
||||
mark: parser.mark,
|
||||
}
|
||||
simple_key.mark = parser.mark
|
||||
|
||||
if !yaml_parser_remove_simple_key(parser) {
|
||||
return false
|
||||
}
|
||||
parser.simple_keys[len(parser.simple_keys)-1] = simple_key
|
||||
parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
@ -900,19 +884,33 @@ func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
|
|||
"while scanning a simple key", parser.simple_keys[i].mark,
|
||||
"could not find expected ':'")
|
||||
}
|
||||
}
|
||||
// Remove the key from the stack.
|
||||
parser.simple_keys[i].possible = false
|
||||
delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// max_flow_level limits the flow_level
|
||||
const max_flow_level = 10000
|
||||
|
||||
// Increase the flow level and resize the simple key list if needed.
|
||||
func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
|
||||
// Reset the simple key on the next level.
|
||||
parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
|
||||
parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
|
||||
possible: false,
|
||||
required: false,
|
||||
token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
|
||||
mark: parser.mark,
|
||||
})
|
||||
|
||||
// Increase the flow level.
|
||||
parser.flow_level++
|
||||
if parser.flow_level > max_flow_level {
|
||||
return yaml_parser_set_scanner_error(parser,
|
||||
"while increasing flow level", parser.simple_keys[len(parser.simple_keys)-1].mark,
|
||||
fmt.Sprintf("exceeded max depth of %d", max_flow_level))
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
|
@ -920,11 +918,16 @@ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
|
|||
func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
|
||||
if parser.flow_level > 0 {
|
||||
parser.flow_level--
|
||||
parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1]
|
||||
last := len(parser.simple_keys) - 1
|
||||
delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
|
||||
parser.simple_keys = parser.simple_keys[:last]
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// max_indents limits the indents stack size
|
||||
const max_indents = 10000
|
||||
|
||||
// Push the current indentation level to the stack and set the new level
|
||||
// the current column is greater than the indentation level. In this case,
|
||||
// append or insert the specified token into the token queue.
|
||||
|
@ -939,6 +942,11 @@ func yaml_parser_roll_indent(parser *yaml_parser_t, column, number int, typ yaml
|
|||
// indentation level.
|
||||
parser.indents = append(parser.indents, parser.indent)
|
||||
parser.indent = column
|
||||
if len(parser.indents) > max_indents {
|
||||
return yaml_parser_set_scanner_error(parser,
|
||||
"while increasing indent level", parser.simple_keys[len(parser.simple_keys)-1].mark,
|
||||
fmt.Sprintf("exceeded max depth of %d", max_indents))
|
||||
}
|
||||
|
||||
// Create a token and insert it into the queue.
|
||||
token := yaml_token_t{
|
||||
|
@ -989,6 +997,8 @@ func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
|
|||
// Initialize the simple key stack.
|
||||
parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
|
||||
|
||||
parser.simple_keys_by_tok = make(map[int]int)
|
||||
|
||||
// A simple key is allowed at the beginning of the stream.
|
||||
parser.simple_key_allowed = true
|
||||
|
||||
|
@ -1270,7 +1280,11 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
|
|||
simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
|
||||
|
||||
// Have we found a simple key?
|
||||
if simple_key.possible {
|
||||
if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
|
||||
return false
|
||||
|
||||
} else if valid {
|
||||
|
||||
// Create the KEY token and insert it into the queue.
|
||||
token := yaml_token_t{
|
||||
typ: yaml_KEY_TOKEN,
|
||||
|
@ -1288,6 +1302,7 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
|
|||
|
||||
// Remove the simple key.
|
||||
simple_key.possible = false
|
||||
delete(parser.simple_keys_by_tok, simple_key.token_number)
|
||||
|
||||
// A simple key cannot follow another simple key.
|
||||
parser.simple_key_allowed = false
|
||||
|
|
|
@ -89,7 +89,7 @@ func UnmarshalStrict(in []byte, out interface{}) (err error) {
|
|||
return unmarshal(in, out, true)
|
||||
}
|
||||
|
||||
// A Decorder reads and decodes YAML values from an input stream.
|
||||
// A Decoder reads and decodes YAML values from an input stream.
|
||||
type Decoder struct {
|
||||
strict bool
|
||||
parser *parser
|
||||
|
|
|
@ -579,6 +579,7 @@ type yaml_parser_t struct {
|
|||
|
||||
simple_key_allowed bool // May a simple key occur at the current position?
|
||||
simple_keys []yaml_simple_key_t // The stack of simple keys.
|
||||
simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number
|
||||
|
||||
// Parser stuff
|
||||
|
||||
|
|
Loading…
Reference in New Issue