mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-18 04:32:59 -06:00
35 lines
1.8 KiB
Markdown
35 lines
1.8 KiB
Markdown
|
# Forked IP address parsing functions
|
||
|
|
||
|
This directory contains a subset of code from the Go project's `net` package
|
||
|
as of Go 1.16, used under the Go project license which we've included here
|
||
|
in [`LICENSE`](LICENSE) and [`PATENTS`](PATENTS), which are also copied from
|
||
|
the Go project.
|
||
|
|
||
|
Terraform has its own fork of these functions because Go 1.17 included a
|
||
|
breaking change to reject IPv4 address octets written with leading zeros.
|
||
|
|
||
|
The Go project rationale for that change was that Go historically interpreted
|
||
|
leading-zero octets inconsistently with many other implementations, trimming
|
||
|
off the zeros and still treating the rest as decimal rather than treating the
|
||
|
octet as octal.
|
||
|
|
||
|
The Go team made the reasonable observation that having a function that
|
||
|
interprets a non-normalized form in a manner inconsistent with other
|
||
|
implementations may cause naive validation or policy checks to produce
|
||
|
incorrect results, and thus it's a potential security concern. For more
|
||
|
information, see [Go issue #30999](https://golang.org/issue/30999).
|
||
|
|
||
|
After careful consideration, the Terraform team has concluded that Terraform's
|
||
|
use of these functions as part of the implementation of the `cidrhost`,
|
||
|
`cidrsubnet`, `cidrsubnets`, and `cidrnetmask` functions has a more limited
|
||
|
impact than the general availability of these functions in the Go standard
|
||
|
library, and so we can't justify a similar exception to our Terraform 1.0
|
||
|
compatibility promises as the Go team made to their Go 1.0 compatibility
|
||
|
promises.
|
||
|
|
||
|
If you're considering using this package for new functionality _other than_ the
|
||
|
built-in functions mentioned above, please do so only if consistency with the
|
||
|
behavior of those functions is important. Otherwise, new features are not
|
||
|
burdened by the same compatibility constraints and so should typically prefer
|
||
|
to use the stricter interpretation of the upstream parsing functions.
|