make the handling of import paths more robust
First, make isPrivate panic on malformed import paths, since that should never happen. This catches the errors that some users had run into with packages like gopkg.in/yaml.v2 and github.com/satori/go.uuid: panic: malformed import path "gopkg.in/garbletest%2ev2": invalid char '%' This seems to trigger when a module path contains a dot after the first element, *and* that module is fetched via the proxy. This results in the toolchain URL-encoding the second dot, and garble ends up seeing that encoded path. We reproduce this behavior with a fake gopkg.in module added to the test module proxy. Using yaml.v2 directly would have been easier, but it's pretty large. Note that we tried a replace directive, but that does not trigger the URL-encoding bug. Also note that we do not obfuscate the gopkg.in package; that's fine, as the isPrivate path validity check catches the bug either way. For now, make initImport use url.PathUnescape to work around this issue. The underlying bug is likely in either the goobj2 fork, or in the upstream Go toolchain itself. hashImport also gives a better error if it cannot find a package now, rather than just an "empty seed" panic. Finally, the sanity check in isPrivate unearthed the fact that we do not support garbling test packages at all, since they were invalid paths which never matched GOPRIVATE. Add an explicit check and TODO about that. Fixes #224. Fixes #228.pull/232/head
parent
5aa1a46cf7
commit
af517a20f8
@ -0,0 +1,12 @@
|
|||||||
|
module gopkg.in/garbletest.v2@v2.999.0
|
||||||
|
|
||||||
|
-- .mod --
|
||||||
|
module gopkg.in/garbletest.v2
|
||||||
|
|
||||||
|
go 1.15
|
||||||
|
-- .info --
|
||||||
|
{"Version":"v2.999.0","Time":"2020-11-17T15:46:20Z"}
|
||||||
|
-- apic.go --
|
||||||
|
package garbletest
|
||||||
|
|
||||||
|
func Test() { println("this is the dummy garbletest.v2 package") }
|
Loading…
Reference in New Issue