f4e7362ba2
These vulnerabilities were found by govulncheck: Vulnerability #1: GO-2024-2611 Infinite loop in JSON unmarshaling in google.golang.org/protobuf More info: https://pkg.go.dev/vuln/GO-2024-2611 Module: google.golang.org/protobuf Found in: google.golang.org/protobuf@v1.28.1 Fixed in: google.golang.org/protobuf@v1.33.0 Example traces found: #1: daemon/logger/gcplogs/gcplogging.go:154:18: gcplogs.New calls logging.Client.Ping, which eventually calls json.Decoder.Peek #2: daemon/logger/gcplogs/gcplogging.go:154:18: gcplogs.New calls logging.Client.Ping, which eventually calls json.Decoder.Read #3: daemon/logger/gcplogs/gcplogging.go:154:18: gcplogs.New calls logging.Client.Ping, which eventually calls protojson.Unmarshal Vulnerability #2: GO-2023-2153 Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc More info: https://pkg.go.dev/vuln/GO-2023-2153 Module: google.golang.org/grpc Found in: google.golang.org/grpc@v1.50.1 Fixed in: google.golang.org/grpc@v1.56.3 Example traces found: #1: api/server/router/grpc/grpc.go:20:29: grpc.NewRouter calls grpc.NewServer #2: daemon/daemon.go:1477:23: daemon.Daemon.RawSysInfo calls sync.Once.Do, which eventually calls grpc.Server.Serve #3: daemon/daemon.go:1477:23: daemon.Daemon.RawSysInfo calls sync.Once.Do, which eventually calls transport.NewServerTransport full diffs: - https://github.com/grpc/grpc-go/compare/v1.50.1..v1.56.3 - https://github.com/protocolbuffers/protobuf-go/compare/v1.28.1..v1.33.0 - https://github.com/googleapis/google-api-go-client/compare/v0.93.0..v0.114.0 - https://github.com/golang/oauth2/compare/v0.1.0..v0.7.0 - https://github.com/census-instrumentation/opencensus-go/compare/v0.23.0..v0.24.0 - https://github.com/googleapis/gax-go/compare/v2.4.0..v2.7.1 - https://github.com/googleapis/enterprise-certificate-proxy/compare/v0.1.0..v0.2.3 - https://github.com/golang/protobuf/compare/v1.5.2..v1.5.4 - https://github.com/cespare/xxhash/compare/v2.1.2..v2.2.0 - https://github.com/googleapis/google-cloud-go/compare/v0.102.1..v0.110.0 - https://github.com/googleapis/go-genproto v0.0.0-20230410155749-daa745c078e1 - https://github.com/googleapis/google-cloud-go/compare/logging/v1.4.2..logging/v1.7.0 - https://github.com/googleapis/google-cloud-go/compare/compute/v1.7.0..compute/v1.19.1 Signed-off-by: Andrey Epifanov <aepifanov@mirantis.com>
Google Cloud Client Libraries for Go
Go packages for Google Cloud Platform services.
import "cloud.google.com/go"
To install the packages on your system, do not clone the repo. Instead:
-
Change to your project directory:
cd /my/cloud/project -
Get the package you want to use. Some products have their own module, so it's best to
go getthe package(s) you want to use:$ go get cloud.google.com/go/firestore # Replace with the package you want to use.
NOTE: Some of these packages are under development, and may occasionally make backwards-incompatible changes.
Supported APIs
For an updated list of all of our released APIs please see our reference docs.
Go Versions Supported
Our libraries are compatible with at least the three most recent, major Go releases. They are currently compatible with:
- Go 1.20
- Go 1.19
- Go 1.18
- Go 1.17
Authorization
By default, each API will use Google Application Default Credentials for authorization credentials used in calling the API endpoints. This will allow your application to run in many environments without requiring explicit configuration.
client, err := storage.NewClient(ctx)
To authorize using a
JSON key file,
pass
option.WithCredentialsFile
to the NewClient function of the desired package. For example:
client, err := storage.NewClient(ctx, option.WithCredentialsFile("path/to/keyfile.json"))
You can exert more control over authorization by using the
golang.org/x/oauth2 package to
create an oauth2.TokenSource. Then pass
option.WithTokenSource
to the NewClient function:
snip:# (auth-ts)
tokenSource := ...
client, err := storage.NewClient(ctx, option.WithTokenSource(tokenSource))
Contributing
Contributions are welcome. Please, see the CONTRIBUTING document for details.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. See Contributor Code of Conduct for more information.