aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/net/http/httpguts
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/net/http/httpguts')
-rw-r--r--vendor/golang.org/x/net/http/httpguts/guts.go50
-rw-r--r--vendor/golang.org/x/net/http/httpguts/httplex.go352
2 files changed, 402 insertions, 0 deletions
diff --git a/vendor/golang.org/x/net/http/httpguts/guts.go b/vendor/golang.org/x/net/http/httpguts/guts.go
new file mode 100644
index 0000000..e6cd0ce
--- /dev/null
+++ b/vendor/golang.org/x/net/http/httpguts/guts.go
@@ -0,0 +1,50 @@
1// Copyright 2018 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5// Package httpguts provides functions implementing various details
6// of the HTTP specification.
7//
8// This package is shared by the standard library (which vendors it)
9// and x/net/http2. It comes with no API stability promise.
10package httpguts
11
12import (
13 "net/textproto"
14 "strings"
15)
16
17// ValidTrailerHeader reports whether name is a valid header field name to appear
18// in trailers.
19// See RFC 7230, Section 4.1.2
20func ValidTrailerHeader(name string) bool {
21 name = textproto.CanonicalMIMEHeaderKey(name)
22 if strings.HasPrefix(name, "If-") || badTrailer[name] {
23 return false
24 }
25 return true
26}
27
28var badTrailer = map[string]bool{
29 "Authorization": true,
30 "Cache-Control": true,
31 "Connection": true,
32 "Content-Encoding": true,
33 "Content-Length": true,
34 "Content-Range": true,
35 "Content-Type": true,
36 "Expect": true,
37 "Host": true,
38 "Keep-Alive": true,
39 "Max-Forwards": true,
40 "Pragma": true,
41 "Proxy-Authenticate": true,
42 "Proxy-Authorization": true,
43 "Proxy-Connection": true,
44 "Range": true,
45 "Realm": true,
46 "Te": true,
47 "Trailer": true,
48 "Transfer-Encoding": true,
49 "Www-Authenticate": true,
50}
diff --git a/vendor/golang.org/x/net/http/httpguts/httplex.go b/vendor/golang.org/x/net/http/httpguts/httplex.go
new file mode 100644
index 0000000..6e071e8
--- /dev/null
+++ b/vendor/golang.org/x/net/http/httpguts/httplex.go
@@ -0,0 +1,352 @@
1// Copyright 2016 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package httpguts
6
7import (
8 "net"
9 "strings"
10 "unicode/utf8"
11
12 "golang.org/x/net/idna"
13)
14
15var isTokenTable = [127]bool{
16 '!': true,
17 '#': true,
18 '$': true,
19 '%': true,
20 '&': true,
21 '\'': true,
22 '*': true,
23 '+': true,
24 '-': true,
25 '.': true,
26 '0': true,
27 '1': true,
28 '2': true,
29 '3': true,
30 '4': true,
31 '5': true,
32 '6': true,
33 '7': true,
34 '8': true,
35 '9': true,
36 'A': true,
37 'B': true,
38 'C': true,
39 'D': true,
40 'E': true,
41 'F': true,
42 'G': true,
43 'H': true,
44 'I': true,
45 'J': true,
46 'K': true,
47 'L': true,
48 'M': true,
49 'N': true,
50 'O': true,
51 'P': true,
52 'Q': true,
53 'R': true,
54 'S': true,
55 'T': true,
56 'U': true,
57 'W': true,
58 'V': true,
59 'X': true,
60 'Y': true,
61 'Z': true,
62 '^': true,
63 '_': true,
64 '`': true,
65 'a': true,
66 'b': true,
67 'c': true,
68 'd': true,
69 'e': true,
70 'f': true,
71 'g': true,
72 'h': true,
73 'i': true,
74 'j': true,
75 'k': true,
76 'l': true,
77 'm': true,
78 'n': true,
79 'o': true,
80 'p': true,
81 'q': true,
82 'r': true,
83 's': true,
84 't': true,
85 'u': true,
86 'v': true,
87 'w': true,
88 'x': true,
89 'y': true,
90 'z': true,
91 '|': true,
92 '~': true,
93}
94
95func IsTokenRune(r rune) bool {
96 i := int(r)
97 return i < len(isTokenTable) && isTokenTable[i]
98}
99
100func isNotToken(r rune) bool {
101 return !IsTokenRune(r)
102}
103
104// HeaderValuesContainsToken reports whether any string in values
105// contains the provided token, ASCII case-insensitively.
106func HeaderValuesContainsToken(values []string, token string) bool {
107 for _, v := range values {
108 if headerValueContainsToken(v, token) {
109 return true
110 }
111 }
112 return false
113}
114
115// isOWS reports whether b is an optional whitespace byte, as defined
116// by RFC 7230 section 3.2.3.
117func isOWS(b byte) bool { return b == ' ' || b == '\t' }
118
119// trimOWS returns x with all optional whitespace removes from the
120// beginning and end.
121func trimOWS(x string) string {
122 // TODO: consider using strings.Trim(x, " \t") instead,
123 // if and when it's fast enough. See issue 10292.
124 // But this ASCII-only code will probably always beat UTF-8
125 // aware code.
126 for len(x) > 0 && isOWS(x[0]) {
127 x = x[1:]
128 }
129 for len(x) > 0 && isOWS(x[len(x)-1]) {
130 x = x[:len(x)-1]
131 }
132 return x
133}
134
135// headerValueContainsToken reports whether v (assumed to be a
136// 0#element, in the ABNF extension described in RFC 7230 section 7)
137// contains token amongst its comma-separated tokens, ASCII
138// case-insensitively.
139func headerValueContainsToken(v string, token string) bool {
140 for comma := strings.IndexByte(v, ','); comma != -1; comma = strings.IndexByte(v, ',') {
141 if tokenEqual(trimOWS(v[:comma]), token) {
142 return true
143 }
144 v = v[comma+1:]
145 }
146 return tokenEqual(trimOWS(v), token)
147}
148
149// lowerASCII returns the ASCII lowercase version of b.
150func lowerASCII(b byte) byte {
151 if 'A' <= b && b <= 'Z' {
152 return b + ('a' - 'A')
153 }
154 return b
155}
156
157// tokenEqual reports whether t1 and t2 are equal, ASCII case-insensitively.
158func tokenEqual(t1, t2 string) bool {
159 if len(t1) != len(t2) {
160 return false
161 }
162 for i, b := range t1 {
163 if b >= utf8.RuneSelf {
164 // No UTF-8 or non-ASCII allowed in tokens.
165 return false
166 }
167 if lowerASCII(byte(b)) != lowerASCII(t2[i]) {
168 return false
169 }
170 }
171 return true
172}
173
174// isLWS reports whether b is linear white space, according
175// to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
176//
177// LWS = [CRLF] 1*( SP | HT )
178func isLWS(b byte) bool { return b == ' ' || b == '\t' }
179
180// isCTL reports whether b is a control byte, according
181// to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
182//
183// CTL = <any US-ASCII control character
184// (octets 0 - 31) and DEL (127)>
185func isCTL(b byte) bool {
186 const del = 0x7f // a CTL
187 return b < ' ' || b == del
188}
189
190// ValidHeaderFieldName reports whether v is a valid HTTP/1.x header name.
191// HTTP/2 imposes the additional restriction that uppercase ASCII
192// letters are not allowed.
193//
194// RFC 7230 says:
195//
196// header-field = field-name ":" OWS field-value OWS
197// field-name = token
198// token = 1*tchar
199// tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
200// "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
201func ValidHeaderFieldName(v string) bool {
202 if len(v) == 0 {
203 return false
204 }
205 for _, r := range v {
206 if !IsTokenRune(r) {
207 return false
208 }
209 }
210 return true
211}
212
213// ValidHostHeader reports whether h is a valid host header.
214func ValidHostHeader(h string) bool {
215 // The latest spec is actually this:
216 //
217 // http://tools.ietf.org/html/rfc7230#section-5.4
218 // Host = uri-host [ ":" port ]
219 //
220 // Where uri-host is:
221 // http://tools.ietf.org/html/rfc3986#section-3.2.2
222 //
223 // But we're going to be much more lenient for now and just
224 // search for any byte that's not a valid byte in any of those
225 // expressions.
226 for i := 0; i < len(h); i++ {
227 if !validHostByte[h[i]] {
228 return false
229 }
230 }
231 return true
232}
233
234// See the validHostHeader comment.
235var validHostByte = [256]bool{
236 '0': true, '1': true, '2': true, '3': true, '4': true, '5': true, '6': true, '7': true,
237 '8': true, '9': true,
238
239 'a': true, 'b': true, 'c': true, 'd': true, 'e': true, 'f': true, 'g': true, 'h': true,
240 'i': true, 'j': true, 'k': true, 'l': true, 'm': true, 'n': true, 'o': true, 'p': true,
241 'q': true, 'r': true, 's': true, 't': true, 'u': true, 'v': true, 'w': true, 'x': true,
242 'y': true, 'z': true,
243
244 'A': true, 'B': true, 'C': true, 'D': true, 'E': true, 'F': true, 'G': true, 'H': true,
245 'I': true, 'J': true, 'K': true, 'L': true, 'M': true, 'N': true, 'O': true, 'P': true,
246 'Q': true, 'R': true, 'S': true, 'T': true, 'U': true, 'V': true, 'W': true, 'X': true,
247 'Y': true, 'Z': true,
248
249 '!': true, // sub-delims
250 '$': true, // sub-delims
251 '%': true, // pct-encoded (and used in IPv6 zones)
252 '&': true, // sub-delims
253 '(': true, // sub-delims
254 ')': true, // sub-delims
255 '*': true, // sub-delims
256 '+': true, // sub-delims
257 ',': true, // sub-delims
258 '-': true, // unreserved
259 '.': true, // unreserved
260 ':': true, // IPv6address + Host expression's optional port
261 ';': true, // sub-delims
262 '=': true, // sub-delims
263 '[': true,
264 '\'': true, // sub-delims
265 ']': true,
266 '_': true, // unreserved
267 '~': true, // unreserved
268}
269
270// ValidHeaderFieldValue reports whether v is a valid "field-value" according to
271// http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 :
272//
273// message-header = field-name ":" [ field-value ]
274// field-value = *( field-content | LWS )
275// field-content = <the OCTETs making up the field-value
276// and consisting of either *TEXT or combinations
277// of token, separators, and quoted-string>
278//
279// http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 :
280//
281// TEXT = <any OCTET except CTLs,
282// but including LWS>
283// LWS = [CRLF] 1*( SP | HT )
284// CTL = <any US-ASCII control character
285// (octets 0 - 31) and DEL (127)>
286//
287// RFC 7230 says:
288//
289// field-value = *( field-content / obs-fold )
290// obj-fold = N/A to http2, and deprecated
291// field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
292// field-vchar = VCHAR / obs-text
293// obs-text = %x80-FF
294// VCHAR = "any visible [USASCII] character"
295//
296// http2 further says: "Similarly, HTTP/2 allows header field values
297// that are not valid. While most of the values that can be encoded
298// will not alter header field parsing, carriage return (CR, ASCII
299// 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII
300// 0x0) might be exploited by an attacker if they are translated
301// verbatim. Any request or response that contains a character not
302// permitted in a header field value MUST be treated as malformed
303// (Section 8.1.2.6). Valid characters are defined by the
304// field-content ABNF rule in Section 3.2 of [RFC7230]."
305//
306// This function does not (yet?) properly handle the rejection of
307// strings that begin or end with SP or HTAB.
308func ValidHeaderFieldValue(v string) bool {
309 for i := 0; i < len(v); i++ {
310 b := v[i]
311 if isCTL(b) && !isLWS(b) {
312 return false
313 }
314 }
315 return true
316}
317
318func isASCII(s string) bool {
319 for i := 0; i < len(s); i++ {
320 if s[i] >= utf8.RuneSelf {
321 return false
322 }
323 }
324 return true
325}
326
327// PunycodeHostPort returns the IDNA Punycode version
328// of the provided "host" or "host:port" string.
329func PunycodeHostPort(v string) (string, error) {
330 if isASCII(v) {
331 return v, nil
332 }
333
334 host, port, err := net.SplitHostPort(v)
335 if err != nil {
336 // The input 'v' argument was just a "host" argument,
337 // without a port. This error should not be returned
338 // to the caller.
339 host = v
340 port = ""
341 }
342 host, err = idna.ToASCII(host)
343 if err != nil {
344 // Non-UTF-8? Not representable in Punycode, in any
345 // case.
346 return "", err
347 }
348 if port == "" {
349 return host, nil
350 }
351 return net.JoinHostPort(host, port), nil
352}