mirrors/gotosocial
1
0
Fork 0
mirror of https://codeberg.org/superseriousbusiness/gotosocial.git synced 2025-05-10 22:15:39 +03:00
Code Issues Projects Releases Packages Wiki Activity

[chore]: Bump github.com/gorilla/websocket from 1.5.0 to 1.5.1 ()

Browse source 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: kim <grufwub@gmail.com>
This commit is contained in:
dependabot[bot] 2023-11-28 11:05:07 +00:00 committed by GitHub
parent 33ee61575f
commit 2eb8b8eeb4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 1203 additions and 632 deletions
vendor/github.com/gorilla/websocket
util.go

19
vendor/github.com/gorilla/websocket/util.go generated vendored
View file

@ -6,7 +6,7 @@ package websocket
import (
"crypto/rand"
"crypto/sha1"
"crypto/sha1" //#nosec G505 -- (CWE-327) https://datatracker.ietf.org/doc/html/rfc6455#page-54
"encoding/base64"
"io"
"net/http"
@ -17,7 +17,7 @@ import (
var keyGUID = []byte("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
func computeAcceptKey(challengeKey string) string {
h := sha1.New()
h := sha1.New() //#nosec G401 -- (CWE-326) https://datatracker.ietf.org/doc/html/rfc6455#page-54
h.Write([]byte(challengeKey))
h.Write(keyGUID)
return base64.StdEncoding.EncodeToString(h.Sum(nil))
@ -281,3 +281,18 @@ headers:
}
return result
}
// isValidChallengeKey checks if the argument meets RFC6455 specification.
func isValidChallengeKey(s string) bool {
// From RFC6455:
//
// A |Sec-WebSocket-Key| header field with a base64-encoded (see
// Section 4 of [RFC4648]) value that, when decoded, is 16 bytes in
// length.
if s == "" {
return false
}
decoded, err := base64.StdEncoding.DecodeString(s)
return err == nil && len(decoded) == 16
}