TUN-8052: Update go to 1.21.5

Also update golang.org/x/net and google.golang.org/grpc to fix vulnerabilities, although cloudflared is using them in a way that is not exposed to those risks
2025-07-28 14:59:58 +00:00 · 2023-12-11 11:58:19 +00:00
parent b901d73d9b
commit 12dd91ada1
974 changed files with 28780 additions and 25799 deletions
--- a/vendor/go.opentelemetry.io/otel/trace/tracestate.go
+++ b/vendor/go.opentelemetry.io/otel/trace/tracestate.go
@@ -21,20 +21,16 @@ import (
 	"strings"
 )

-var (
+const (
 	maxListMembers = 32

 	listDelimiter = ","

 	// based on the W3C Trace Context specification, see
 	// https://www.w3.org/TR/trace-context-1/#tracestate-header
-	noTenantKeyFormat   = `[a-z][_0-9a-z\-\*\/]{0,255}`
-	withTenantKeyFormat = `[a-z0-9][_0-9a-z\-\*\/]{0,240}@[a-z][_0-9a-z\-\*\/]{0,13}`
-	valueFormat         = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]{0,255}[\x21-\x2b\x2d-\x3c\x3e-\x7e]`
-
-	keyRe    = regexp.MustCompile(`^((` + noTenantKeyFormat + `)|(` + withTenantKeyFormat + `))$`)
-	valueRe  = regexp.MustCompile(`^(` + valueFormat + `)$`)
-	memberRe = regexp.MustCompile(`^\s*((` + noTenantKeyFormat + `)|(` + withTenantKeyFormat + `))=(` + valueFormat + `)\s*$`)
+	noTenantKeyFormat   = `[a-z][_0-9a-z\-\*\/]*`
+	withTenantKeyFormat = `[a-z0-9][_0-9a-z\-\*\/]*@[a-z][_0-9a-z\-\*\/]*`
+	valueFormat         = `[\x20-\x2b\x2d-\x3c\x3e-\x7e]*[\x21-\x2b\x2d-\x3c\x3e-\x7e]`

 	errInvalidKey    errorConst = "invalid tracestate key"
 	errInvalidValue  errorConst = "invalid tracestate value"
@@ -43,16 +39,32 @@ var (
 	errDuplicate     errorConst = "duplicate list-member in tracestate"
 )

+var (
+	noTenantKeyRe   = regexp.MustCompile(`^` + noTenantKeyFormat + `$`)
+	withTenantKeyRe = regexp.MustCompile(`^` + withTenantKeyFormat + `$`)
+	valueRe         = regexp.MustCompile(`^` + valueFormat + `$`)
+	memberRe        = regexp.MustCompile(`^\s*((?:` + noTenantKeyFormat + `)|(?:` + withTenantKeyFormat + `))=(` + valueFormat + `)\s*$`)
+)
+
 type member struct {
 	Key   string
 	Value string
 }

 func newMember(key, value string) (member, error) {
-	if !keyRe.MatchString(key) {
+	if len(key) > 256 {
 		return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
 	}
-	if !valueRe.MatchString(value) {
+	if !noTenantKeyRe.MatchString(key) {
+		if !withTenantKeyRe.MatchString(key) {
+			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+		}
+		atIndex := strings.LastIndex(key, "@")
+		if atIndex > 241 || len(key)-1-atIndex > 14 {
+			return member{}, fmt.Errorf("%w: %s", errInvalidKey, key)
+		}
+	}
+	if len(value) > 256 || !valueRe.MatchString(value) {
 		return member{}, fmt.Errorf("%w: %s", errInvalidValue, value)
 	}
 	return member{Key: key, Value: value}, nil
@@ -60,15 +72,14 @@ func newMember(key, value string) (member, error) {

 func parseMember(m string) (member, error) {
 	matches := memberRe.FindStringSubmatch(m)
-	if len(matches) != 5 {
+	if len(matches) != 3 {
 		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
 	}
-
-	return member{
-		Key:   matches[1],
-		Value: matches[4],
-	}, nil
-
+	result, e := newMember(matches[1], matches[2])
+	if e != nil {
+		return member{}, fmt.Errorf("%w: %s", errInvalidMember, m)
+	}
+	return result, nil
 }

 // String encodes member into a string compliant with the W3C Trace Context