vendor: bump gopkg.in/yaml.v2 v2.2.8

full diff: https://github.com/go-yaml/yaml/compare/v2.2.3...v2.2.8

includes:

- go-yaml/yaml 515 Improve heuristics preventing CPU/memory abuse
- go-yaml/yaml@f90ceb4f40 Fix check for non-map alias merging in v2
    - fix for "yaml.Unmarshal crashes on "assignment to entry in nil map""
- go-yaml/yaml 543 Port stale simple_keys fix to v2
- go-yaml/yaml@1f64d6156d Fix issue in simple_keys improvements
    - fixes "Invalid simple_keys now cause panics later in decode"
- go-yaml/yaml 555 Optimize cases with long potential simple_keys

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3dfcfbb2bf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-01-28 15:44:12 +01:00
parent d25e657341
commit 83d4cb9000
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
5 changed files with 105 additions and 62 deletions

View File

@ -89,7 +89,7 @@ golang.org/x/time fbb02b2291d28baffd63558aa44b
google.golang.org/genproto 02b4e95473316948020af0b7a4f0f22c73929b0e google.golang.org/genproto 02b4e95473316948020af0b7a4f0f22c73929b0e
google.golang.org/grpc 39e8a7b072a67ca2a75f57fa2e0d50995f5b22f6 # v1.23.1 google.golang.org/grpc 39e8a7b072a67ca2a75f57fa2e0d50995f5b22f6 # v1.23.1
gopkg.in/inf.v0 d2d2541c53f18d2a059457998ce2876cc8e67cbf # v0.9.1 gopkg.in/inf.v0 d2d2541c53f18d2a059457998ce2876cc8e67cbf # v0.9.1
gopkg.in/yaml.v2 bb4e33bf68bf89cad44d386192cbed201f35b241 # v2.2.3 gopkg.in/yaml.v2 53403b58ad1b561927d19068c655246f2db79d48 # v2.2.8
gotest.tools/v3 ab4a870b92ce57a83881fbeb535a137a20d664b7 # v3.0.1 gotest.tools/v3 ab4a870b92ce57a83881fbeb535a137a20d664b7 # v3.0.1
k8s.io/api 40a48860b5abbba9aa891b02b32da429b08d96a0 # kubernetes-1.14.0 k8s.io/api 40a48860b5abbba9aa891b02b32da429b08d96a0 # kubernetes-1.14.0
k8s.io/apimachinery d7deff9243b165ee192f5551710ea4285dcfd615 # kubernetes-1.14.0 k8s.io/apimachinery d7deff9243b165ee192f5551710ea4285dcfd615 # kubernetes-1.14.0

37
vendor/gopkg.in/yaml.v2/decode.go generated vendored
View File

@ -318,12 +318,41 @@ func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unm
return out, false, false return out, false, false
} }
const (
// 400,000 decode operations is ~500kb of dense object declarations, or
// ~5kb of dense object declarations with 10000% alias expansion
alias_ratio_range_low = 400000
// 4,000,000 decode operations is ~5MB of dense object declarations, or
// ~4.5MB of dense object declarations with 10% alias expansion
alias_ratio_range_high = 4000000
// alias_ratio_range is the range over which we scale allowed alias ratios
alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
)
func allowedAliasRatio(decodeCount int) float64 {
switch {
case decodeCount <= alias_ratio_range_low:
// allow 99% to come from alias expansion for small-to-medium documents
return 0.99
case decodeCount >= alias_ratio_range_high:
// allow 10% to come from alias expansion for very large documents
return 0.10
default:
// scale smoothly from 99% down to 10% over the range.
// this maps to 396,000 - 400,000 allowed alias-driven decodes over the range.
// 400,000 decode operations is ~100MB of allocations in worst-case scenarios (single-item maps).
return 0.99 - 0.89*(float64(decodeCount-alias_ratio_range_low)/alias_ratio_range)
}
}
func (d *decoder) unmarshal(n *node, out reflect.Value) (good bool) { func (d *decoder) unmarshal(n *node, out reflect.Value) (good bool) {
d.decodeCount++ d.decodeCount++
if d.aliasDepth > 0 { if d.aliasDepth > 0 {
d.aliasCount++ d.aliasCount++
} }
if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > 0.99 { if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > allowedAliasRatio(d.decodeCount) {
failf("document contains excessive aliasing") failf("document contains excessive aliasing")
} }
switch n.kind { switch n.kind {
@ -759,8 +788,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
case mappingNode: case mappingNode:
d.unmarshal(n, out) d.unmarshal(n, out)
case aliasNode: case aliasNode:
an, ok := d.doc.anchors[n.value] if n.alias != nil && n.alias.kind != mappingNode {
if ok && an.kind != mappingNode {
failWantMap() failWantMap()
} }
d.unmarshal(n, out) d.unmarshal(n, out)
@ -769,8 +797,7 @@ func (d *decoder) merge(n *node, out reflect.Value) {
for i := len(n.children) - 1; i >= 0; i-- { for i := len(n.children) - 1; i >= 0; i-- {
ni := n.children[i] ni := n.children[i]
if ni.kind == aliasNode { if ni.kind == aliasNode {
an, ok := d.doc.anchors[ni.value] if ni.alias != nil && ni.alias.kind != mappingNode {
if ok && an.kind != mappingNode {
failWantMap() failWantMap()
} }
} else if ni.kind != mappingNode { } else if ni.kind != mappingNode {

105
vendor/gopkg.in/yaml.v2/scannerc.go generated vendored
View File

@ -626,31 +626,18 @@ func trace(args ...interface{}) func() {
func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool { func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
// While we need more tokens to fetch, do it. // While we need more tokens to fetch, do it.
for { for {
// Check if we really need to fetch more tokens. if parser.tokens_head != len(parser.tokens) {
need_more_tokens := false // If queue is non-empty, check if any potential simple key may
// occupy the head position.
if parser.tokens_head == len(parser.tokens) { head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
// Queue is empty. if !ok {
need_more_tokens = true break
} else { } else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
// Check if any potential simple key may occupy the head position.
if !yaml_parser_stale_simple_keys(parser) {
return false return false
} } else if !valid {
for i := range parser.simple_keys {
simple_key := &parser.simple_keys[i]
if simple_key.possible && simple_key.token_number == parser.tokens_parsed {
need_more_tokens = true
break break
} }
} }
}
// We are finished.
if !need_more_tokens {
break
}
// Fetch the next token. // Fetch the next token.
if !yaml_parser_fetch_next_token(parser) { if !yaml_parser_fetch_next_token(parser) {
return false return false
@ -678,11 +665,6 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
return false return false
} }
// Remove obsolete potential simple keys.
if !yaml_parser_stale_simple_keys(parser) {
return false
}
// Check the indentation level against the current column. // Check the indentation level against the current column.
if !yaml_parser_unroll_indent(parser, parser.mark.column) { if !yaml_parser_unroll_indent(parser, parser.mark.column) {
return false return false
@ -837,29 +819,30 @@ func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
"found character that cannot start any token") "found character that cannot start any token")
} }
// Check the list of potential simple keys and remove the positions that func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
// cannot contain simple keys anymore. if !simple_key.possible {
func yaml_parser_stale_simple_keys(parser *yaml_parser_t) bool { return false, true
// Check for a potential simple key for each flow level. }
for i := range parser.simple_keys {
simple_key := &parser.simple_keys[i]
// The specification requires that a simple key // The 1.2 specification says:
// //
// - is limited to a single line, // "If the ? indicator is omitted, parsing needs to see past the
// - is shorter than 1024 characters. // implicit key to recognize it as such. To limit the amount of
if simple_key.possible && (simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index) { // lookahead required, the “:” indicator must appear at most 1024
// Unicode characters beyond the start of the key. In addition, the key
// is restricted to a single line."
//
if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
// Check if the potential simple key to be removed is required. // Check if the potential simple key to be removed is required.
if simple_key.required { if simple_key.required {
return yaml_parser_set_scanner_error(parser, return false, yaml_parser_set_scanner_error(parser,
"while scanning a simple key", simple_key.mark, "while scanning a simple key", simple_key.mark,
"could not find expected ':'") "could not find expected ':'")
} }
simple_key.possible = false simple_key.possible = false
return false, true
} }
} return true, true
return true
} }
// Check if a simple key may start at the current position and add it if // Check if a simple key may start at the current position and add it if
@ -879,13 +862,14 @@ func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
possible: true, possible: true,
required: required, required: required,
token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head), token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
mark: parser.mark,
} }
simple_key.mark = parser.mark
if !yaml_parser_remove_simple_key(parser) { if !yaml_parser_remove_simple_key(parser) {
return false return false
} }
parser.simple_keys[len(parser.simple_keys)-1] = simple_key parser.simple_keys[len(parser.simple_keys)-1] = simple_key
parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
} }
return true return true
} }
@ -900,19 +884,33 @@ func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
"while scanning a simple key", parser.simple_keys[i].mark, "while scanning a simple key", parser.simple_keys[i].mark,
"could not find expected ':'") "could not find expected ':'")
} }
}
// Remove the key from the stack. // Remove the key from the stack.
parser.simple_keys[i].possible = false parser.simple_keys[i].possible = false
delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
}
return true return true
} }
// max_flow_level limits the flow_level
const max_flow_level = 10000
// Increase the flow level and resize the simple key list if needed. // Increase the flow level and resize the simple key list if needed.
func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool { func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
// Reset the simple key on the next level. // Reset the simple key on the next level.
parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{}) parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
possible: false,
required: false,
token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
mark: parser.mark,
})
// Increase the flow level. // Increase the flow level.
parser.flow_level++ parser.flow_level++
if parser.flow_level > max_flow_level {
return yaml_parser_set_scanner_error(parser,
"while increasing flow level", parser.simple_keys[len(parser.simple_keys)-1].mark,
fmt.Sprintf("exceeded max depth of %d", max_flow_level))
}
return true return true
} }
@ -920,11 +918,16 @@ func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool { func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
if parser.flow_level > 0 { if parser.flow_level > 0 {
parser.flow_level-- parser.flow_level--
parser.simple_keys = parser.simple_keys[:len(parser.simple_keys)-1] last := len(parser.simple_keys) - 1
delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
parser.simple_keys = parser.simple_keys[:last]
} }
return true return true
} }
// max_indents limits the indents stack size
const max_indents = 10000
// Push the current indentation level to the stack and set the new level // Push the current indentation level to the stack and set the new level
// the current column is greater than the indentation level. In this case, // the current column is greater than the indentation level. In this case,
// append or insert the specified token into the token queue. // append or insert the specified token into the token queue.
@ -939,6 +942,11 @@ func yaml_parser_roll_indent(parser *yaml_parser_t, column, number int, typ yaml
// indentation level. // indentation level.
parser.indents = append(parser.indents, parser.indent) parser.indents = append(parser.indents, parser.indent)
parser.indent = column parser.indent = column
if len(parser.indents) > max_indents {
return yaml_parser_set_scanner_error(parser,
"while increasing indent level", parser.simple_keys[len(parser.simple_keys)-1].mark,
fmt.Sprintf("exceeded max depth of %d", max_indents))
}
// Create a token and insert it into the queue. // Create a token and insert it into the queue.
token := yaml_token_t{ token := yaml_token_t{
@ -989,6 +997,8 @@ func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
// Initialize the simple key stack. // Initialize the simple key stack.
parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{}) parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
parser.simple_keys_by_tok = make(map[int]int)
// A simple key is allowed at the beginning of the stream. // A simple key is allowed at the beginning of the stream.
parser.simple_key_allowed = true parser.simple_key_allowed = true
@ -1270,7 +1280,11 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
simple_key := &parser.simple_keys[len(parser.simple_keys)-1] simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
// Have we found a simple key? // Have we found a simple key?
if simple_key.possible { if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
return false
} else if valid {
// Create the KEY token and insert it into the queue. // Create the KEY token and insert it into the queue.
token := yaml_token_t{ token := yaml_token_t{
typ: yaml_KEY_TOKEN, typ: yaml_KEY_TOKEN,
@ -1288,6 +1302,7 @@ func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
// Remove the simple key. // Remove the simple key.
simple_key.possible = false simple_key.possible = false
delete(parser.simple_keys_by_tok, simple_key.token_number)
// A simple key cannot follow another simple key. // A simple key cannot follow another simple key.
parser.simple_key_allowed = false parser.simple_key_allowed = false

2
vendor/gopkg.in/yaml.v2/yaml.go generated vendored
View File

@ -89,7 +89,7 @@ func UnmarshalStrict(in []byte, out interface{}) (err error) {
return unmarshal(in, out, true) return unmarshal(in, out, true)
} }
// A Decorder reads and decodes YAML values from an input stream. // A Decoder reads and decodes YAML values from an input stream.
type Decoder struct { type Decoder struct {
strict bool strict bool
parser *parser parser *parser

1
vendor/gopkg.in/yaml.v2/yamlh.go generated vendored
View File

@ -579,6 +579,7 @@ type yaml_parser_t struct {
simple_key_allowed bool // May a simple key occur at the current position? simple_key_allowed bool // May a simple key occur at the current position?
simple_keys []yaml_simple_key_t // The stack of simple keys. simple_keys []yaml_simple_key_t // The stack of simple keys.
simple_keys_by_tok map[int]int // possible simple_key indexes indexed by token_number
// Parser stuff // Parser stuff