33 Commits

Author SHA1 Message Date
chengjingtao
1f40a88b0c Fix CVE-2021-27116 CVE-2021-27117
1. Adding O_NOFOLLOW flag to prevent symlink attacks

These changes help protect against various security issues including:

- Symlink attacks where attackers could trick the application into modifying unintended files
- Privilege escalation through improper file permissions

Signed-off-by: chengjingtao <jtcheng0616@gmail.com>
2025-03-15 21:52:43 +08:00
Seiya
0609076950
use filepath.Join() to build file paths (#5617)
* use filepath.Join() to build file paths

* use filepath.Join() to build file paths
2024-03-31 21:26:35 +08:00
Ming Deng
979c076024
fix 4936: always transport request body (#5546) 2023-12-10 23:22:51 +08:00
Ming Deng
0bd2df91a1
Resolve conflicts among master branch and develop branch (#5286)
* feature extend readthrough for cache module (#5116)

* feature 增加readthrough

* feature: add write though for cache mode (#5117)

* feature: add writethough for cache mode

* feature add singleflight cache (#5119)

* build(deps): bump go.opentelemetry.io/otel/trace from 1.8.0 to 1.11.2

Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.8.0 to 1.11.2.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.8.0...v1.11.2)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix 5129: must set formatter after init the logger

* remove beego.vip

* build(deps): bump actions/stale from 5 to 7

Bumps [actions/stale](https://github.com/actions/stale) from 5 to 7.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v5...v7)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix 5079: only log msg when the channel is not closed (#5132)

* optimize test

* upgrade otel dependencies to v1.11.2

* format code

* Bloom filter cache (#5126)

* feature: add bloom filter cache

* feature upload remove all temp file

* bugfix Controller SaveToFile remove all temp file

* rft: motify BeeLogger signalChan (#5139)

* add non-block write log in asynchronous mode (#5150)

* add non-block write log in asynchronous mode

---------

Co-authored-by: chenhaokun <chenhaokun@itiger.com>

* fix the docsite URL (#5173)

* Unified gopkg.in/yaml version to v2 (#5169)

* Unified gopkg.in/yaml version to v2 and go mod tidy

* update CHANGELOG

* bugfix: protect field access with lock to avoid possible data race (#5211)

* fix some comments (#5194)

Signed-off-by: cui fliter <imcusg@gmail.com>

* build(deps): bump github.com/prometheus/client_golang (#5213)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.4 to 3.5.9 (#5209)

Bumps [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) from 3.5.4 to 3.5.9.
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](https://github.com/etcd-io/etcd/compare/v3.5.4...v3.5.9)

---
updated-dependencies:
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* cache: fix typo and optimize the naming

* Release 2.1.0 change log

* bugfix: beegoAppConfig String and Strings function has bug

* httplib: fix unstable test, do not use httplib.org

* chore: pkg imported more than once

* chore: fmt modify

* chore: Use github.com/go-kit/log

* chore: unnecessary use of fmt.Sprintf

* fix: golangci-lint error

* orm: refactor ORM introducing internal/models pkg

* remove adapter package

* build(deps): bump github.com/bits-and-blooms/bloom/v3

Bumps [github.com/bits-and-blooms/bloom/v3](https://github.com/bits-and-blooms/bloom) from 3.3.1 to 3.5.0.
- [Release notes](https://github.com/bits-and-blooms/bloom/releases)
- [Commits](https://github.com/bits-and-blooms/bloom/compare/v3.3.1...v3.5.0)

---
updated-dependencies:
- dependency-name: github.com/bits-and-blooms/bloom/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* feat: add write-delete cache mode

* fix: unnecessary assignment to the blank identifier

* fix: add change into .CHANGELOG file

* build(deps): bump golang.org/x/sync from 0.1.0 to 0.3.0

Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.1.0 to 0.3.0.
- [Commits](https://github.com/golang/sync/compare/v0.1.0...v0.3.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* build(deps): bump golang.org/x/crypto

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20220315160706-3147a52a75dd to 0.10.0.
- [Commits](https://github.com/golang/crypto/commits/v0.10.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* remove golang--lint-ci

* Beego web.Run() runs the server twice

* fix 5255: Check the rows.Err() if rows.Next() is false

* closes 5254: %COL% should be a common placeholder

* build(deps): bump github.com/prometheus/client_golang

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.15.1 to 1.16.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.15.1...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: use of ioutil package (#5261)

* fix ioutil.NopCloser

* fix ioutil.ReadAll

* fix ioutil.ReadFile

* fix ioutil.WriteFile

* run goimports -w -format-only ./

* update CHANGELOG.md

* feature: add write-double-delete cache mode (#5263)

* cache/redis: support skipEmptyPrefix option (#5264)

* fix: refactor InsertValue method (#5267)

* fix: refactor insertValue method and add the test

* fix: exec goimports and add Licence file header

* fix: modify construct method of dbBase

* fix: add modify record into CHANGELOG

* fix: modify InsertOrUpdate method (#5269)

* fix: modify InsertOrUpdate method, Remove the isMulti variable and its associated code

* fix: Delete unnecessary judgment branches

* fix: add modify record into CHANGELOG

* cache/redis: use redisConfig to receive incoming JSON (previously using a map) (#5268)

* refactor cache/redis: Use redisConfig to receive incoming JSON (previously using a map).

* refactor cache/redis: Use the string type to receive JSON parameters.

---------

Co-authored-by: Tan <tanqianheng@gmail.com>

* fix: refactor Delete method (#5271)

* fix: refactor Delete method and add test

* fix: add modify record into CHANGELOG

* fix: refactor update sql (#5274)

* fix: refactor UpdateSQL method and add test

* fix: add modify record into CHANGELOG

* fix: modify url in the CHANGELOG

* fix: modify pr url in the CHANGELOG

* Fix setPK function for table without primary key (#5276)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: cui fliter <imcusg@gmail.com>
Co-authored-by: Stone-afk <73482944+Stone-afk@users.noreply.github.com>
Co-authored-by: hookokoko <hooko@tju.edu.cn>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: hookokoko <648646891@qq.com>
Co-authored-by: Stone-afk <1711865140@qq.com>
Co-authored-by: chenhaokun <chenhaokun@itiger.com>
Co-authored-by: Xuing <admin@xuing.cn>
Co-authored-by: cui fliter <imcusg@gmail.com>
Co-authored-by: guoguangwu <guoguangwu@magic-shield.com>
Co-authored-by: uzziah <uzziahlin@gmail.com>
Co-authored-by: Hanjiang Yu <delacroix.yu@gmail.com>
Co-authored-by: Kota <mdryzk64smsh@gmail.com>
Co-authored-by: Uzziah <120019273+uzziahlin@users.noreply.github.com>
Co-authored-by: Handkerchiefs-t <59816423+Handkerchiefs-t@users.noreply.github.com>
Co-authored-by: Tan <tanqianheng@gmail.com>
Co-authored-by: mlgd <mlgd17@gmail.com>
2023-07-31 23:00:02 +08:00
Xuing
f61065d674 Unified gopkg.in/yaml version to v2 (#5169)
* Unified gopkg.in/yaml version to v2 and go mod tidy

* update CHANGELOG
2023-05-27 14:41:51 +08:00
Deng Ming
0bee140abb format code 2023-05-27 14:41:51 +08:00
Ming Deng
76343e4422
Prepare Release 2.0.6 (#5104)
* add: generic cache random time offset expired.

* bugfix: Csrf token should be Secure and httpOnly, but not now

* fix: expose the Offset property to allow external modifications

* improving the concurrency performance of random value calculation

* add WithOffsetFunc to define private RandomExpireCache.offset field

* fix: add seconds definition

* build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.8.0

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix 4907: force admin service http only

* Feat: add get all tasks function (#4999)

* feat: add get all tasks function

* Refine Comments : admin/profile.go,bean/mock.go,config/global.go... (#5009)

* Refine Comments

* refine comments for cache.go

* refine comments for log.go

* Update orm.go

* refine comments for orm_log.go,types.go

* Update utils.go

* Update doc.go

* refine comments for for four files (#5011)

* refine comments for cache.go

* refine comments for log.go

* Update orm.go

* refine comments for orm_log.go,types.go

* Update utils.go

* Update doc.go

* Update db.go

* fix pass []any as any in variadic function by asasalint (#5012)

* fix pass []any as any in variadic function

* add change log

* build(deps): bump go.opentelemetry.io/otel/trace from 1.7.0 to 1.8.0 (#5019)

Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* refine comments for package core  (#5014)

* Refine Comments

* refine comments for cache.go

* refine comments for log.go

* Update orm.go

* refine comments for orm_log.go,types.go

* Update utils.go

* Update doc.go

* refine comments

* refine comments

* Update db.go

* refine comments for core

* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace (#5018)

Bumps [go.opentelemetry.io/otel/exporters/stdout/stdouttrace](https://github.com/open-telemetry/opentelemetry-go) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/stdout/stdouttrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix 5022: Miss assiging ln to graceful Server (#5028)

* prepare for releasing v2.0.5

* prepare for releasing v2.0.5 (#5032)

* feat: make commands and docker compose for ORM unit tests (#5031)

* feat: make commands and docker compose for ORM unit tests

Signed-off-by: mango <xu.weiKyrie@foxmail.com>

* add changelog

Signed-off-by: mango <xu.weiKyrie@foxmail.com>

Signed-off-by: mango <xu.weiKyrie@foxmail.com>

* Modify comment syntax error (#5094)

* fix: revise the body wrapper to handle empty body case (#5102)

Fix the router.go serverHttp method, wrap the body if the request body
is empty, which can avoid panic when calling the CopyBody method.

Signed-off-by: chlins <chenyuzh@vmware.com>

Signed-off-by: chlins <chenyuzh@vmware.com>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: mango <xu.weiKyrie@foxmail.com>
Signed-off-by: chlins <chenyuzh@vmware.com>
Co-authored-by: auual <ding@ibyte.me>
Co-authored-by: Leon Ding <deen.job@qq.com>
Co-authored-by: dada0z <zhang.guangda@qq.com>
Co-authored-by: kevinzeng <kevinzeng@zego.im>
Co-authored-by: Kevin Tsang <39397413+ktalg@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: 日暮颂歌1991 <448081525@qq.com>
Co-authored-by: Regan Yue <1131625869@qq.com>
Co-authored-by: alingse <alingse@foxmail.com>
Co-authored-by: mango <35127166+mangoGoForward@users.noreply.github.com>
Co-authored-by: 王哈哈 <31426858+wanghaha-dev@users.noreply.github.com>
Co-authored-by: Chlins Zhang <chlins.zhang@gmail.com>
2022-11-23 00:06:32 +08:00
hezhaoyang
fd84973f67 feat: add NewBeegoRequestWithCtx 2022-03-31 23:20:42 +08:00
Deng Ming
3e886f71ca replace beego.me with beego.vip 2021-11-29 21:29:29 +08:00
Sun XingBo
efd710a652
rename Marshal to JSONMarshal 2021-07-22 13:07:17 +08:00
sunxingbo
4a85237faf fix json marshal in http request 2021-07-20 22:38:37 +08:00
loyalsoldier
c28ae80b11
Fix lint and format code in client/httplib dir 2021-06-06 20:41:10 +08:00
holooooo
f8df3d1bee fix read on close 2021-05-25 15:15:43 +08:00
holooooo
2182081831 fix lint 2021-05-25 10:10:06 +08:00
holooooo
8a24192762 fix lint 2021-05-25 09:56:54 +08:00
holooooo
00b6c32dc2 remove panic 2021-05-24 15:17:02 +08:00
holooooo
5f5afc111a add xml-roundtrip-validator 2021-05-24 14:45:44 +08:00
holooooo
84fa2ccd9a fix lint temp 2021-05-23 23:01:01 +08:00
holooooo
b0d6f3bd2f temp 2021-05-21 16:56:52 +08:00
holooooo
599e03b0cd Solution 3 2021-05-16 14:18:34 +08:00
holooooo
84946743d9 refactor: improve http client implement 2021-04-22 17:11:27 +08:00
Ming Deng
62aa0188c4 fix sonar Part3 2021-02-04 16:53:27 +08:00
anoymouscoder
535165d7f0 add logFilter to debug request and response 2021-02-01 21:11:42 +08:00
Jihoon Seo
2bb6c45786 Update beego pkg paths 2021-01-28 13:35:38 +09:00
Ming Deng
3c0dbe2914 Define error code for httplib 2021-01-24 19:03:42 +08:00
Ming Deng
b89dc5068a Add tests 2021-01-03 16:46:59 +08:00
Ming Deng
44ffb29c55 Move mock to mock directory 2021-01-02 20:21:09 +08:00
Ming Deng
94019c1e1d Optimize mock 2021-01-01 23:50:54 +08:00
Ming Deng
ef258a0988 Support httplib mock 2020-12-25 22:11:40 +08:00
Ming Deng
385e1d390f update misspell and gofmt 2020-12-14 13:52:26 +08:00
Ming Deng
7bc6010604 rename to v2 2020-12-14 11:12:00 +08:00
Ming Deng
a70f7fc920 using new organization 2020-12-13 23:09:19 +08:00
Ming Deng
14c1b76569 remove pkg directory;
remove build directory;
remove githook directory;
2020-10-08 18:29:36 +08:00