TUN-9467: bump coredns to solve CVE

* TUN-9467: bump coredns to solve CVE
2025-07-28 19:19:57 +00:00 · 2025-06-12 10:46:10 +00:00
parent f8d12c9d39
commit a408612f26
459 changed files with 30077 additions and 16165 deletions
--- a/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
+++ b/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/handler.go
@@ -3,9 +3,11 @@ package runtime
 import (
 	"context"
 	"errors"
+	"fmt"
 	"io"
 	"net/http"
 	"net/textproto"
+	"strconv"
 	"strings"

 	"google.golang.org/genproto/googleapis/api/httpbody"
@@ -17,16 +19,10 @@ import (

 // ForwardResponseStream forwards the stream from gRPC server to REST client.
 func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, req *http.Request, recv func() (proto.Message, error), opts ...func(context.Context, http.ResponseWriter, proto.Message) error) {
-	f, ok := w.(http.Flusher)
-	if !ok {
-		grpclog.Infof("Flush not supported in %T", w)
-		http.Error(w, "unexpected type of web server", http.StatusInternalServerError)
-		return
-	}
-
+	rc := http.NewResponseController(w)
 	md, ok := ServerMetadataFromContext(ctx)
 	if !ok {
-		grpclog.Infof("Failed to extract ServerMetadata from context")
+		grpclog.Error("Failed to extract ServerMetadata from context")
 		http.Error(w, "unexpected error", http.StatusInternalServerError)
 		return
 	}
@@ -60,20 +56,33 @@ func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshal
 			return
 		}

+		respRw, err := mux.forwardResponseRewriter(ctx, resp)
+		if err != nil {
+			grpclog.Errorf("Rewrite error: %v", err)
+			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
+			return
+		}
+
 		if !wroteHeader {
-			w.Header().Set("Content-Type", marshaler.ContentType(resp))
+			var contentType string
+			if sct, ok := marshaler.(StreamContentType); ok {
+				contentType = sct.StreamContentType(respRw)
+			} else {
+				contentType = marshaler.ContentType(respRw)
+			}
+			w.Header().Set("Content-Type", contentType)
 		}

 		var buf []byte
-		httpBody, isHTTPBody := resp.(*httpbody.HttpBody)
+		httpBody, isHTTPBody := respRw.(*httpbody.HttpBody)
 		switch {
-		case resp == nil:
+		case respRw == nil:
 			buf, err = marshaler.Marshal(errorChunk(status.New(codes.Internal, "empty response")))
 		case isHTTPBody:
 			buf = httpBody.GetData()
 		default:
-			result := map[string]interface{}{"result": resp}
-			if rb, ok := resp.(responseBody); ok {
+			result := map[string]interface{}{"result": respRw}
+			if rb, ok := respRw.(responseBody); ok {
 				result["result"] = rb.XXX_ResponseBody()
 			}

@@ -81,20 +90,29 @@ func ForwardResponseStream(ctx context.Context, mux *ServeMux, marshaler Marshal
 		}

 		if err != nil {
-			grpclog.Infof("Failed to marshal response chunk: %v", err)
+			grpclog.Errorf("Failed to marshal response chunk: %v", err)
 			handleForwardResponseStreamError(ctx, wroteHeader, marshaler, w, req, mux, err, delimiter)
 			return
 		}
 		if _, err := w.Write(buf); err != nil {
-			grpclog.Infof("Failed to send response chunk: %v", err)
+			grpclog.Errorf("Failed to send response chunk: %v", err)
 			return
 		}
 		wroteHeader = true
 		if _, err := w.Write(delimiter); err != nil {
-			grpclog.Infof("Failed to send delimiter chunk: %v", err)
+			grpclog.Errorf("Failed to send delimiter chunk: %v", err)
+			return
+		}
+		err = rc.Flush()
+		if err != nil {
+			if errors.Is(err, http.ErrNotSupported) {
+				grpclog.Errorf("Flush not supported in %T", w)
+				http.Error(w, "unexpected type of web server", http.StatusInternalServerError)
+				return
+			}
+			grpclog.Errorf("Failed to flush response to client: %v", err)
 			return
 		}
-		f.Flush()
 	}
 }

@@ -135,12 +153,10 @@ type responseBody interface {
 // ForwardResponseMessage forwards the message "resp" from gRPC server to REST client.
 func ForwardResponseMessage(ctx context.Context, mux *ServeMux, marshaler Marshaler, w http.ResponseWriter, req *http.Request, resp proto.Message, opts ...func(context.Context, http.ResponseWriter, proto.Message) error) {
 	md, ok := ServerMetadataFromContext(ctx)
-	if !ok {
-		grpclog.Infof("Failed to extract ServerMetadata from context")
+	if ok {
+		handleForwardResponseServerMetadata(w, mux, md)
 	}

-	handleForwardResponseServerMetadata(w, mux, md)
-
 	// RFC 7230 https://tools.ietf.org/html/rfc7230#section-4.1.2
 	// Unless the request includes a TE header field indicating "trailers"
 	// is acceptable, as described in Section 4.3, a server SHOULD NOT
@@ -148,7 +164,7 @@ func ForwardResponseMessage(ctx context.Context, mux *ServeMux, marshaler Marsha
 	// agent to receive.
 	doForwardTrailers := requestAcceptsTrailers(req)

-	if doForwardTrailers {
+	if ok && doForwardTrailers {
 		handleForwardResponseTrailerHeader(w, mux, md)
 		w.Header().Set("Transfer-Encoding", "chunked")
 	}
@@ -160,24 +176,33 @@ func ForwardResponseMessage(ctx context.Context, mux *ServeMux, marshaler Marsha
 		HTTPError(ctx, mux, marshaler, w, req, err)
 		return
 	}
+	respRw, err := mux.forwardResponseRewriter(ctx, resp)
+	if err != nil {
+		grpclog.Errorf("Rewrite error: %v", err)
+		HTTPError(ctx, mux, marshaler, w, req, err)
+		return
+	}
 	var buf []byte
-	var err error
-	if rb, ok := resp.(responseBody); ok {
+	if rb, ok := respRw.(responseBody); ok {
 		buf, err = marshaler.Marshal(rb.XXX_ResponseBody())
 	} else {
-		buf, err = marshaler.Marshal(resp)
+		buf, err = marshaler.Marshal(respRw)
 	}
 	if err != nil {
-		grpclog.Infof("Marshal error: %v", err)
+		grpclog.Errorf("Marshal error: %v", err)
 		HTTPError(ctx, mux, marshaler, w, req, err)
 		return
 	}

-	if _, err = w.Write(buf); err != nil {
-		grpclog.Infof("Failed to write response: %v", err)
+	if !doForwardTrailers && mux.writeContentLength {
+		w.Header().Set("Content-Length", strconv.Itoa(len(buf)))
 	}

-	if doForwardTrailers {
+	if _, err = w.Write(buf); err != nil && !errors.Is(err, http.ErrBodyNotAllowed) {
+		grpclog.Errorf("Failed to write response: %v", err)
+	}
+
+	if ok && doForwardTrailers {
 		handleForwardResponseTrailer(w, mux, md)
 	}
 }
@@ -193,8 +218,7 @@ func handleForwardResponseOptions(ctx context.Context, w http.ResponseWriter, re
 	}
 	for _, opt := range opts {
 		if err := opt(ctx, w, resp); err != nil {
-			grpclog.Infof("Error handling ForwardResponseOptions: %v", err)
-			return err
+			return fmt.Errorf("error handling ForwardResponseOptions: %w", err)
 		}
 	}
 	return nil
@@ -209,15 +233,15 @@ func handleForwardResponseStreamError(ctx context.Context, wroteHeader bool, mar
 	}
 	buf, err := marshaler.Marshal(msg)
 	if err != nil {
-		grpclog.Infof("Failed to marshal an error: %v", err)
+		grpclog.Errorf("Failed to marshal an error: %v", err)
 		return
 	}
 	if _, err := w.Write(buf); err != nil {
-		grpclog.Infof("Failed to notify error to client: %v", err)
+		grpclog.Errorf("Failed to notify error to client: %v", err)
 		return
 	}
 	if _, err := w.Write(delimiter); err != nil {
-		grpclog.Infof("Failed to send delimiter chunk: %v", err)
+		grpclog.Errorf("Failed to send delimiter chunk: %v", err)
 		return
 	}
 }