mirror of
https://github.com/gin-gonic/gin.git
synced 2026-07-05 09:41:14 +08:00
Compare commits
5 Commits
e010e32e48
...
27a6ca15df
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
27a6ca15df | ||
|
|
e88fc8927a | ||
|
|
5fad976b37 | ||
|
|
93ff771e6d | ||
|
|
5a78885058 |
5
.github/workflows/trivy-scan.yml
vendored
5
.github/workflows/trivy-scan.yml
vendored
@ -8,9 +8,8 @@ on:
|
||||
branches:
|
||||
- master
|
||||
schedule:
|
||||
# Run every 3 months (quarterly) on the 1st day at 00:00 UTC
|
||||
# Months: January (1), April (4), July (7), October (10)
|
||||
- cron: '0 0 1 1,4,7,10 *'
|
||||
# Run daily at 00:00 UTC
|
||||
- cron: '0 0 * * *'
|
||||
workflow_dispatch: # Allow manual trigger
|
||||
|
||||
permissions:
|
||||
|
||||
@ -18,15 +18,8 @@ linters:
|
||||
- wastedassign
|
||||
settings:
|
||||
gosec:
|
||||
includes:
|
||||
- G102
|
||||
- G106
|
||||
- G108
|
||||
- G109
|
||||
- G111
|
||||
- G112
|
||||
- G201
|
||||
- G203
|
||||
excludes:
|
||||
- G115
|
||||
perfsprint:
|
||||
int-conversion: true
|
||||
err-error: true
|
||||
|
||||
22
context.go
22
context.go
@ -55,6 +55,14 @@ const ContextRequestKey ContextKeyType = 0
|
||||
// abortIndex represents a typical value used in abort functions.
|
||||
const abortIndex int8 = math.MaxInt8 >> 1
|
||||
|
||||
// safeInt8 converts int to int8 safely, capping at math.MaxInt8
|
||||
func safeInt8(n int) int8 {
|
||||
if n > math.MaxInt8 {
|
||||
return math.MaxInt8
|
||||
}
|
||||
return int8(n)
|
||||
}
|
||||
|
||||
// Context is the most important part of gin. It allows us to pass variables between middleware,
|
||||
// manage the flow, validate the JSON of a request and render a JSON response for example.
|
||||
type Context struct {
|
||||
@ -186,7 +194,7 @@ func (c *Context) FullPath() string {
|
||||
// See example in GitHub.
|
||||
func (c *Context) Next() {
|
||||
c.index++
|
||||
for c.index < int8(len(c.handlers)) {
|
||||
for c.index < safeInt8(len(c.handlers)) {
|
||||
if c.handlers[c.index] != nil {
|
||||
c.handlers[c.index](c)
|
||||
}
|
||||
@ -564,6 +572,12 @@ func (c *Context) initQueryCache() {
|
||||
}
|
||||
}
|
||||
|
||||
// SetQuery Modify or add to the cached Query data
|
||||
func (c *Context) SetQuery(key,values string) {
|
||||
c.initQueryCache()
|
||||
c.queryCache.Set(key,values)
|
||||
}
|
||||
|
||||
// GetQueryArray returns a slice of strings for a given query key, plus
|
||||
// a boolean value whether at least one value exists for the given key.
|
||||
func (c *Context) GetQueryArray(key string) (values []string, ok bool) {
|
||||
@ -637,6 +651,12 @@ func (c *Context) initFormCache() {
|
||||
}
|
||||
}
|
||||
|
||||
// SetForm Modify or add to the cached Form data
|
||||
func (c *Context) SetForm(key,values string) {
|
||||
c.initFormCache()
|
||||
c.formCache.Set(key,values)
|
||||
}
|
||||
|
||||
// GetPostFormArray returns a slice of strings for a given form key, plus
|
||||
// a boolean value whether at least one value exists for the given key.
|
||||
func (c *Context) GetPostFormArray(key string) (values []string, ok bool) {
|
||||
|
||||
46
gin.go
46
gin.go
@ -23,10 +23,12 @@ import (
|
||||
"golang.org/x/net/http2/h2c"
|
||||
)
|
||||
|
||||
const defaultMultipartMemory = 32 << 20 // 32 MB
|
||||
const escapedColon = "\\:"
|
||||
const colon = ":"
|
||||
const backslash = "\\"
|
||||
const (
|
||||
defaultMultipartMemory = 32 << 20 // 32 MB
|
||||
escapedColon = "\\:"
|
||||
colon = ":"
|
||||
backslash = "\\"
|
||||
)
|
||||
|
||||
var (
|
||||
default404Body = []byte("404 page not found")
|
||||
@ -46,8 +48,10 @@ var defaultTrustedCIDRs = []*net.IPNet{
|
||||
},
|
||||
}
|
||||
|
||||
var regSafePrefix = regexp.MustCompile("[^a-zA-Z0-9/-]+")
|
||||
var regRemoveRepeatedChar = regexp.MustCompile("/{2,}")
|
||||
var (
|
||||
regSafePrefix = regexp.MustCompile("[^a-zA-Z0-9/-]+")
|
||||
regRemoveRepeatedChar = regexp.MustCompile("/{2,}")
|
||||
)
|
||||
|
||||
// HandlerFunc defines the handler used by gin middleware as return value.
|
||||
type HandlerFunc func(*Context)
|
||||
@ -94,6 +98,10 @@ const (
|
||||
type Engine struct {
|
||||
RouterGroup
|
||||
|
||||
// routeTreesUpdated ensures that the initialization or update of the route trees
|
||||
// (used for routing HTTP requests) happens only once, even if called multiple times concurrently.
|
||||
routeTreesUpdated sync.Once
|
||||
|
||||
// RedirectTrailingSlash enables automatic redirection if the current route can't be matched but a
|
||||
// handler for the path with (without) the trailing slash exists.
|
||||
// For example if /foo/ is requested but a route only exists for /foo, the
|
||||
@ -537,7 +545,11 @@ func (engine *Engine) Run(addr ...string) (err error) {
|
||||
engine.updateRouteTrees()
|
||||
address := resolveAddress(addr)
|
||||
debugPrint("Listening and serving HTTP on %s\n", address)
|
||||
err = http.ListenAndServe(address, engine.Handler())
|
||||
server := &http.Server{ // #nosec G112
|
||||
Addr: address,
|
||||
Handler: engine.Handler(),
|
||||
}
|
||||
err = server.ListenAndServe()
|
||||
return
|
||||
}
|
||||
|
||||
@ -553,7 +565,11 @@ func (engine *Engine) RunTLS(addr, certFile, keyFile string) (err error) {
|
||||
"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
|
||||
}
|
||||
|
||||
err = http.ListenAndServeTLS(addr, certFile, keyFile, engine.Handler())
|
||||
server := &http.Server{ // #nosec G112
|
||||
Addr: addr,
|
||||
Handler: engine.Handler(),
|
||||
}
|
||||
err = server.ListenAndServeTLS(certFile, keyFile)
|
||||
return
|
||||
}
|
||||
|
||||
@ -576,7 +592,10 @@ func (engine *Engine) RunUnix(file string) (err error) {
|
||||
defer listener.Close()
|
||||
defer os.Remove(file)
|
||||
|
||||
err = http.Serve(listener, engine.Handler())
|
||||
server := &http.Server{ // #nosec G112
|
||||
Handler: engine.Handler(),
|
||||
}
|
||||
err = server.Serve(listener)
|
||||
return
|
||||
}
|
||||
|
||||
@ -630,12 +649,19 @@ func (engine *Engine) RunListener(listener net.Listener) (err error) {
|
||||
"Please check https://github.com/gin-gonic/gin/blob/master/docs/doc.md#dont-trust-all-proxies for details.")
|
||||
}
|
||||
|
||||
err = http.Serve(listener, engine.Handler())
|
||||
server := &http.Server{ // #nosec G112
|
||||
Handler: engine.Handler(),
|
||||
}
|
||||
err = server.Serve(listener)
|
||||
return
|
||||
}
|
||||
|
||||
// ServeHTTP conforms to the http.Handler interface.
|
||||
func (engine *Engine) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
engine.routeTreesUpdated.Do(func() {
|
||||
engine.updateRouteTrees()
|
||||
})
|
||||
|
||||
c := engine.pool.Get().(*Context)
|
||||
c.writermem.reset(w)
|
||||
c.Request = req
|
||||
|
||||
99
gin_test.go
99
gin_test.go
@ -913,3 +913,102 @@ func TestMethodNotAllowedNoRoute(t *testing.T) {
|
||||
assert.NotPanics(t, func() { g.ServeHTTP(resp, req) })
|
||||
assert.Equal(t, http.StatusNotFound, resp.Code)
|
||||
}
|
||||
|
||||
// Test the fix for https://github.com/gin-gonic/gin/pull/4415
|
||||
func TestLiteralColonWithRun(t *testing.T) {
|
||||
SetMode(TestMode)
|
||||
router := New()
|
||||
|
||||
router.GET(`/test\:action`, func(c *Context) {
|
||||
c.JSON(http.StatusOK, H{"path": "literal_colon"})
|
||||
})
|
||||
|
||||
router.updateRouteTrees()
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
|
||||
req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
assert.Equal(t, http.StatusOK, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "literal_colon")
|
||||
}
|
||||
|
||||
func TestLiteralColonWithDirectServeHTTP(t *testing.T) {
|
||||
SetMode(TestMode)
|
||||
router := New()
|
||||
|
||||
router.GET(`/test\:action`, func(c *Context) {
|
||||
c.JSON(http.StatusOK, H{"path": "literal_colon"})
|
||||
})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
assert.Equal(t, http.StatusOK, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "literal_colon")
|
||||
}
|
||||
|
||||
func TestLiteralColonWithHandler(t *testing.T) {
|
||||
SetMode(TestMode)
|
||||
router := New()
|
||||
|
||||
router.GET(`/test\:action`, func(c *Context) {
|
||||
c.JSON(http.StatusOK, H{"path": "literal_colon"})
|
||||
})
|
||||
|
||||
handler := router.Handler()
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
|
||||
handler.ServeHTTP(w, req)
|
||||
|
||||
assert.Equal(t, http.StatusOK, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "literal_colon")
|
||||
}
|
||||
|
||||
func TestLiteralColonWithHTTPServer(t *testing.T) {
|
||||
SetMode(TestMode)
|
||||
router := New()
|
||||
|
||||
router.GET(`/test\:action`, func(c *Context) {
|
||||
c.JSON(http.StatusOK, H{"path": "literal_colon"})
|
||||
})
|
||||
|
||||
router.GET("/test/:param", func(c *Context) {
|
||||
c.JSON(http.StatusOK, H{"param": c.Param("param")})
|
||||
})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
|
||||
router.ServeHTTP(w, req)
|
||||
|
||||
assert.Equal(t, http.StatusOK, w.Code)
|
||||
assert.Contains(t, w.Body.String(), "literal_colon")
|
||||
|
||||
w2 := httptest.NewRecorder()
|
||||
req2, _ := http.NewRequest(http.MethodGet, "/test/foo", nil)
|
||||
router.ServeHTTP(w2, req2)
|
||||
|
||||
assert.Equal(t, http.StatusOK, w2.Code)
|
||||
assert.Contains(t, w2.Body.String(), "foo")
|
||||
}
|
||||
|
||||
// Test that updateRouteTrees is called only once
|
||||
func TestUpdateRouteTreesCalledOnce(t *testing.T) {
|
||||
SetMode(TestMode)
|
||||
router := New()
|
||||
|
||||
router.GET(`/test\:action`, func(c *Context) {
|
||||
c.String(http.StatusOK, "ok")
|
||||
})
|
||||
|
||||
for range 5 {
|
||||
w := httptest.NewRecorder()
|
||||
req, _ := http.NewRequest(http.MethodGet, "/test:action", nil)
|
||||
router.ServeHTTP(w, req)
|
||||
assert.Equal(t, http.StatusOK, w.Code)
|
||||
assert.Equal(t, "ok", w.Body.String())
|
||||
}
|
||||
}
|
||||
|
||||
13
tree.go
13
tree.go
@ -5,6 +5,7 @@
|
||||
package gin
|
||||
|
||||
import (
|
||||
"math"
|
||||
"net/url"
|
||||
"strings"
|
||||
"unicode"
|
||||
@ -77,14 +78,22 @@ func (n *node) addChild(child *node) {
|
||||
}
|
||||
}
|
||||
|
||||
// safeUint16 converts int to uint16 safely, capping at math.MaxUint16
|
||||
func safeUint16(n int) uint16 {
|
||||
if n > math.MaxUint16 {
|
||||
return math.MaxUint16
|
||||
}
|
||||
return uint16(n)
|
||||
}
|
||||
|
||||
func countParams(path string) uint16 {
|
||||
colons := strings.Count(path, ":")
|
||||
stars := strings.Count(path, "*")
|
||||
return uint16(colons + stars)
|
||||
return safeUint16(colons + stars)
|
||||
}
|
||||
|
||||
func countSections(path string) uint16 {
|
||||
return uint16(strings.Count(path, "/"))
|
||||
return safeUint16(strings.Count(path, "/"))
|
||||
}
|
||||
|
||||
type nodeType uint8
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user