diff --git a/build/ci.go b/build/ci.go index 63dd606321a8..ca87913eb00f 100644 --- a/build/ci.go +++ b/build/ci.go @@ -450,7 +450,7 @@ func maybeSkipArchive(env build.Environment) { os.Exit(0) } if env.Branch != "master" && !strings.HasPrefix(env.Tag, "v1.") { - log.Printf("skipping archive creation because branch %q, tag %q is not on the whitelist", env.Branch, env.Tag) + log.Printf("skipping archive creation because branch %q, tag %q is not on the inclusion list", env.Branch, env.Tag) os.Exit(0) } } diff --git a/cmd/clef/main.go b/cmd/clef/main.go index 84e1dda99edf..1716ee434b43 100644 --- a/cmd/clef/main.go +++ b/cmd/clef/main.go @@ -657,7 +657,7 @@ func signer(c *cli.Context) error { cors := utils.SplitAndTrim(c.GlobalString(utils.HTTPCORSDomainFlag.Name)) srv := rpc.NewServer() - err := node.RegisterApisFromWhitelist(rpcAPI, []string{"account"}, srv, false) + err := node.RegisterApisFromAllowList(rpcAPI, []string{"account"}, srv, false) if err != nil { utils.Fatalf("Could not register API: %w", err) } diff --git a/cmd/geth/main.go b/cmd/geth/main.go index 1a27a3255adb..0b7f3d6da5d2 100644 --- a/cmd/geth/main.go +++ b/cmd/geth/main.go @@ -101,7 +101,7 @@ var ( utils.UltraLightFractionFlag, utils.UltraLightOnlyAnnounceFlag, utils.LightNoSyncServeFlag, - utils.WhitelistFlag, + utils.AllowListFlag, utils.BloomFilterSizeFlag, utils.CacheFlag, utils.CacheDatabaseFlag, diff --git a/cmd/geth/usage.go b/cmd/geth/usage.go index dea0b7c08a09..c6840d011452 100644 --- a/cmd/geth/usage.go +++ b/cmd/geth/usage.go @@ -53,7 +53,7 @@ var AppHelpFlagGroups = []flags.FlagGroup{ utils.EthStatsURLFlag, utils.IdentityFlag, utils.LightKDFFlag, - utils.WhitelistFlag, + utils.AllowListFlag, }, }, { diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go index 7ed5907dba85..f73fa565b4f9 100644 --- a/cmd/utils/flags.go +++ b/cmd/utils/flags.go @@ -234,8 +234,8 @@ var ( Name: "lightkdf", Usage: "Reduce key-derivation RAM & CPU usage at some expense of KDF strength", } - WhitelistFlag = cli.StringFlag{ - Name: "whitelist", + AllowListFlag = cli.StringFlag{ + Name: "allowlist", Usage: "Comma separated block number-to-hash mappings to enforce (=)", } BloomFilterSizeFlag = cli.Uint64Flag{ @@ -1403,26 +1403,29 @@ func setMiner(ctx *cli.Context, cfg *miner.Config) { } } -func setWhitelist(ctx *cli.Context, cfg *ethconfig.Config) { - whitelist := ctx.GlobalString(WhitelistFlag.Name) - if whitelist == "" { +func setAllowList(ctx *cli.Context, cfg *ethconfig.Config) { + allowList := ctx.GlobalString(AllowListFlag.Name) + if allowList == "" { + allowList = ctx.GlobalString(WhitelistFlag.Name) + } + if allowList == "" { return } - cfg.Whitelist = make(map[uint64]common.Hash) - for _, entry := range strings.Split(whitelist, ",") { + cfg.AllowList = make(map[uint64]common.Hash) + for _, entry := range strings.Split(allowList, ",") { parts := strings.Split(entry, "=") if len(parts) != 2 { - Fatalf("Invalid whitelist entry: %s", entry) + Fatalf("Invalid allowlist entry: %s", entry) } number, err := strconv.ParseUint(parts[0], 0, 64) if err != nil { - Fatalf("Invalid whitelist block number %s: %v", parts[0], err) + Fatalf("Invalid allowlist block number %s: %v", parts[0], err) } var hash common.Hash if err = hash.UnmarshalText([]byte(parts[1])); err != nil { - Fatalf("Invalid whitelist hash %s: %v", parts[1], err) + Fatalf("Invalid allowlist hash %s: %v", parts[1], err) } - cfg.Whitelist[number] = hash + cfg.AllowList[number] = hash } } @@ -1489,7 +1492,7 @@ func SetEthConfig(ctx *cli.Context, stack *node.Node, cfg *ethconfig.Config) { setTxPool(ctx, &cfg.TxPool) setEthash(ctx, cfg) setMiner(ctx, &cfg.Miner) - setWhitelist(ctx, cfg) + setAllowList(ctx, cfg) setLes(ctx, cfg) // Cap the cache allowance and tune the garbage collector diff --git a/cmd/utils/flags_legacy.go b/cmd/utils/flags_legacy.go index fb5fde657695..97736600921f 100644 --- a/cmd/utils/flags_legacy.go +++ b/cmd/utils/flags_legacy.go @@ -66,6 +66,11 @@ var ( Usage: "API's offered over the HTTP-RPC interface (deprecated and will be removed June 2021, use --http.api)", Value: "", } + // (Deprecated 2021, term) + WhitelistFlag = cli.StringFlag{ + Name: "whitelist", // replaced by allowlist + Usage: "Comma separated block number-to-hash mappings to enforce (=)", + } ) // showDeprecated displays deprecated flags that will be soon removed from the codebase. diff --git a/core/tx_pool.go b/core/tx_pool.go index c5b6047486e9..f6228df2fad4 100644 --- a/core/tx_pool.go +++ b/core/tx_pool.go @@ -635,8 +635,8 @@ func (pool *TxPool) validateTx(tx *types.Transaction, local bool) error { // pending or queued one, it overwrites the previous transaction if its price is higher. // // If a newly added transaction is marked as local, its sending account will be -// whitelisted, preventing any associated transaction from being dropped out of the pool -// due to pricing constraints. +// be added to the allowlist, preventing any associated transaction from being dropped +// out of the pool due to pricing constraints. func (pool *TxPool) add(tx *types.Transaction, local bool) (replaced bool, err error) { // If the transaction is already known, discard it hash := tx.Hash() diff --git a/eth/backend.go b/eth/backend.go index 793d3b81f1b1..7064041f287f 100644 --- a/eth/backend.go +++ b/eth/backend.go @@ -220,7 +220,7 @@ func New(stack *node.Node, config *ethconfig.Config) (*Ethereum, error) { BloomCache: uint64(cacheLimit), EventMux: eth.eventMux, Checkpoint: checkpoint, - Whitelist: config.Whitelist, + AllowList: config.AllowList, }); err != nil { return nil, err } diff --git a/eth/ethconfig/config.go b/eth/ethconfig/config.go index 0913b69d7ffd..be49101ebf9b 100644 --- a/eth/ethconfig/config.go +++ b/eth/ethconfig/config.go @@ -137,8 +137,8 @@ type Config struct { TxLookupLimit uint64 `toml:",omitempty"` // The maximum number of blocks from head whose tx indices are reserved. - // Whitelist of required block number -> hash values to accept - Whitelist map[uint64]common.Hash `toml:"-"` + // AllowList of required block number -> hash values to accept + AllowList map[uint64]common.Hash `toml:"-"` // Light client options LightServ int `toml:",omitempty"` // Maximum percentage of time allowed for serving LES requests diff --git a/eth/ethconfig/gen_config.go b/eth/ethconfig/gen_config.go index 2310dd44997b..70ca5b28a954 100644 --- a/eth/ethconfig/gen_config.go +++ b/eth/ethconfig/gen_config.go @@ -26,7 +26,7 @@ func (c Config) MarshalTOML() (interface{}, error) { NoPruning bool NoPrefetch bool TxLookupLimit uint64 `toml:",omitempty"` - Whitelist map[uint64]common.Hash `toml:"-"` + AllowList map[uint64]common.Hash `toml:"-"` LightServ int `toml:",omitempty"` LightIngress int `toml:",omitempty"` LightEgress int `toml:",omitempty"` @@ -69,7 +69,7 @@ func (c Config) MarshalTOML() (interface{}, error) { enc.NoPruning = c.NoPruning enc.NoPrefetch = c.NoPrefetch enc.TxLookupLimit = c.TxLookupLimit - enc.Whitelist = c.Whitelist + enc.AllowList = c.AllowList enc.LightServ = c.LightServ enc.LightIngress = c.LightIngress enc.LightEgress = c.LightEgress @@ -116,7 +116,7 @@ func (c *Config) UnmarshalTOML(unmarshal func(interface{}) error) error { NoPruning *bool NoPrefetch *bool TxLookupLimit *uint64 `toml:",omitempty"` - Whitelist map[uint64]common.Hash `toml:"-"` + AllowList map[uint64]common.Hash `toml:"-"` LightServ *int `toml:",omitempty"` LightIngress *int `toml:",omitempty"` LightEgress *int `toml:",omitempty"` @@ -178,8 +178,8 @@ func (c *Config) UnmarshalTOML(unmarshal func(interface{}) error) error { if dec.TxLookupLimit != nil { c.TxLookupLimit = *dec.TxLookupLimit } - if dec.Whitelist != nil { - c.Whitelist = dec.Whitelist + if dec.AllowList != nil { + c.AllowList = dec.AllowList } if dec.LightServ != nil { c.LightServ = *dec.LightServ diff --git a/eth/fetcher/tx_fetcher.go b/eth/fetcher/tx_fetcher.go index 3ba7753916c3..e5a4b81a1e5b 100644 --- a/eth/fetcher/tx_fetcher.go +++ b/eth/fetcher/tx_fetcher.go @@ -748,9 +748,9 @@ func (f *TxFetcher) rescheduleTimeout(timer *mclock.Timer, trigger chan struct{} } // scheduleFetches starts a batch of retrievals for all available idle peers. -func (f *TxFetcher) scheduleFetches(timer *mclock.Timer, timeout chan struct{}, whitelist map[string]struct{}) { +func (f *TxFetcher) scheduleFetches(timer *mclock.Timer, timeout chan struct{}, allowList map[string]struct{}) { // Gather the set of peers we want to retrieve from (default to all) - actives := whitelist + actives := allowList if actives == nil { actives = make(map[string]struct{}) for peer := range f.announces { diff --git a/eth/handler.go b/eth/handler.go index aff4871afa42..4979b00b7c9e 100644 --- a/eth/handler.go +++ b/eth/handler.go @@ -84,7 +84,7 @@ type handlerConfig struct { BloomCache uint64 // Megabytes to alloc for fast sync bloom EventMux *event.TypeMux // Legacy event mux, deprecate for `feed` Checkpoint *params.TrustedCheckpoint // Hard coded checkpoint for sync challenges - Whitelist map[uint64]common.Hash // Hard coded whitelist for sync challenged + AllowList map[uint64]common.Hash // Hard coded allow list for sync challenged } type handler struct { @@ -114,7 +114,7 @@ type handler struct { txsSub event.Subscription minedBlockSub *event.TypeMuxSubscription - whitelist map[uint64]common.Hash + allowList map[uint64]common.Hash // channels for fetcher, syncer, txsyncLoop txsyncCh chan *txsync @@ -139,7 +139,7 @@ func newHandler(config *handlerConfig) (*handler, error) { txpool: config.TxPool, chain: config.Chain, peers: newPeerSet(), - whitelist: config.Whitelist, + allowList: config.AllowList, txsyncCh: make(chan *txsync), quitSync: make(chan struct{}), } @@ -329,8 +329,8 @@ func (h *handler) runEthPeer(peer *eth.Peer, handler eth.Handler) error { } }() } - // If we have any explicit whitelist block hashes, request them - for number := range h.whitelist { + // If we have any explicit allow list block hashes, request them + for number := range h.allowList { if err := peer.RequestHeadersByNumber(number, 1, 0, false); err != nil { return err } diff --git a/eth/handler_eth.go b/eth/handler_eth.go index 3ff9f2245be7..474e00a6c748 100644 --- a/eth/handler_eth.go +++ b/eth/handler_eth.go @@ -140,13 +140,13 @@ func (h *ethHandler) handleHeaders(peer *eth.Peer, headers []*types.Header) erro } return nil } - // Otherwise if it's a whitelisted block, validate against the set - if want, ok := h.whitelist[headers[0].Number.Uint64()]; ok { + // Otherwise if it's a block in the allowlist, validate against the set + if want, ok := h.allowList[headers[0].Number.Uint64()]; ok { if hash := headers[0].Hash(); want != hash { - peer.Log().Info("Whitelist mismatch, dropping peer", "number", headers[0].Number.Uint64(), "hash", hash, "want", want) - return errors.New("whitelist block mismatch") + peer.Log().Info("allowed mismatch, dropping peer", "number", headers[0].Number.Uint64(), "hash", hash, "want", want) + return errors.New("allowed block mismatch") } - peer.Log().Debug("Whitelist block verified", "number", headers[0].Number.Uint64(), "hash", want) + peer.Log().Debug("Allowed block verified", "number", headers[0].Number.Uint64(), "hash", want) } // Irrelevant of the fork checks, send the header to the fetcher just in case headers = h.blockFetcher.FilterHeaders(peer.ID(), headers, time.Now()) diff --git a/node/rpcstack.go b/node/rpcstack.go index 19490411b237..604fc6ee2f13 100644 --- a/node/rpcstack.go +++ b/node/rpcstack.go @@ -280,7 +280,7 @@ func (h *httpServer) enableRPC(apis []rpc.API, config httpConfig) error { // Create RPC server and handler. srv := rpc.NewServer() - if err := RegisterApisFromWhitelist(apis, config.Modules, srv, false); err != nil { + if err := RegisterApisFromAllowList(apis, config.Modules, srv, false); err != nil { return err } h.httpConfig = config @@ -312,7 +312,7 @@ func (h *httpServer) enableWS(apis []rpc.API, config wsConfig) error { // Create RPC server and handler. srv := rpc.NewServer() - if err := RegisterApisFromWhitelist(apis, config.Modules, srv, false); err != nil { + if err := RegisterApisFromAllowList(apis, config.Modules, srv, false); err != nil { return err } h.wsConfig = config @@ -515,20 +515,20 @@ func (is *ipcServer) stop() error { return err } -// RegisterApisFromWhitelist checks the given modules' availability, generates a whitelist based on the allowed modules, +// RegisterApisFromAllowList checks the given modules' availability, generates an allowlist based on the allowed modules, // and then registers all of the APIs exposed by the services. -func RegisterApisFromWhitelist(apis []rpc.API, modules []string, srv *rpc.Server, exposeAll bool) error { +func RegisterApisFromAllowList(apis []rpc.API, modules []string, srv *rpc.Server, exposeAll bool) error { if bad, available := checkModuleAvailability(modules, apis); len(bad) > 0 { log.Error("Unavailable modules in HTTP API list", "unavailable", bad, "available", available) } - // Generate the whitelist based on the allowed modules - whitelist := make(map[string]bool) + // Generate the allow list based on the allowed modules + allowList := make(map[string]bool) for _, module := range modules { - whitelist[module] = true + allowList[module] = true } // Register all the APIs exposed by the services for _, api := range apis { - if exposeAll || whitelist[api.Namespace] || (len(whitelist) == 0 && api.Public) { + if exposeAll || allowList[api.Namespace] || (len(allowList) == 0 && api.Public) { if err := srv.RegisterName(api.Namespace, api.Service); err != nil { return err } diff --git a/p2p/dial.go b/p2p/dial.go index d36d6655019a..2c6b50e91cc7 100644 --- a/p2p/dial.go +++ b/p2p/dial.go @@ -77,7 +77,7 @@ var ( errAlreadyDialing = errors.New("already dialing") errAlreadyConnected = errors.New("already connected") errRecentlyDialed = errors.New("recently dialed") - errNotWhitelisted = errors.New("not contained in netrestrict whitelist") + errNotAllowListed = errors.New("not contained in netrestrict allowList") errNoPort = errors.New("node does not provide TCP port") ) @@ -133,7 +133,7 @@ type dialConfig struct { self enode.ID // our own ID maxDialPeers int // maximum number of dialed peers maxActiveDials int // maximum number of active dials - netRestrict *netutil.Netlist // IP whitelist, disabled if nil + netRestrict *netutil.Netlist // IP allowlist, disabled if nil resolver nodeResolver dialer NodeDialer log log.Logger @@ -402,7 +402,7 @@ func (d *dialScheduler) checkDial(n *enode.Node) error { return errAlreadyConnected } if d.netRestrict != nil && !d.netRestrict.Contains(n.IP()) { - return errNotWhitelisted + return errNotAllowListed } if d.history.contains(string(n.ID().Bytes())) { return errRecentlyDialed diff --git a/p2p/discover/common.go b/p2p/discover/common.go index 3708bfb72c4b..a7f159183bd8 100644 --- a/p2p/discover/common.go +++ b/p2p/discover/common.go @@ -41,7 +41,7 @@ type Config struct { PrivateKey *ecdsa.PrivateKey // These settings are optional: - NetRestrict *netutil.Netlist // network whitelist + NetRestrict *netutil.Netlist // network allow list Bootnodes []*enode.Node // list of bootstrap nodes Unhandled chan<- ReadPacket // unhandled packets are sent on this channel Log log.Logger // if set, log messages go here diff --git a/p2p/discover/v4_udp.go b/p2p/discover/v4_udp.go index 2b3eb48391b2..c1c60e14fa94 100644 --- a/p2p/discover/v4_udp.go +++ b/p2p/discover/v4_udp.go @@ -583,7 +583,7 @@ func (t *UDPv4) nodeFromRPC(sender *net.UDPAddr, rn v4wire.Node) (*node, error) return nil, err } if t.netrestrict != nil && !t.netrestrict.Contains(rn.IP) { - return nil, errors.New("not contained in netrestrict whitelist") + return nil, errors.New("not contained in netrestrict allow list") } key, err := v4wire.DecodePubkey(crypto.S256(), rn.ID) if err != nil { diff --git a/p2p/server.go b/p2p/server.go index 04fdecaec1a4..5cada5f5ab9b 100644 --- a/p2p/server.go +++ b/p2p/server.go @@ -353,7 +353,7 @@ func (srv *Server) RemovePeer(node *enode.Node) { } } -// AddTrustedPeer adds the given node to a reserved whitelist which allows the +// AddTrustedPeer adds the given node to a reserved allow list which allows the // node to always connect, even if the slot are full. func (srv *Server) AddTrustedPeer(node *enode.Node) { select { @@ -903,7 +903,7 @@ func (srv *Server) checkInboundConn(remoteIP net.IP) error { } // Reject connections that do not match NetRestrict. if srv.NetRestrict != nil && !srv.NetRestrict.Contains(remoteIP) { - return fmt.Errorf("not whitelisted in NetRestrict") + return fmt.Errorf("not in the NetRestrict allow list") } // Reject Internet peers that try too often. now := srv.clock.Now() diff --git a/rpc/websocket.go b/rpc/websocket.go index ab55ae69c100..afeb4c2081b8 100644 --- a/rpc/websocket.go +++ b/rpc/websocket.go @@ -96,7 +96,7 @@ func wsHandshakeValidator(allowedOrigins []string) func(*http.Request) bool { if _, ok := req.Header["Origin"]; !ok { return true } - // Verify origin against whitelist. + // Verify origin against allow list. origin := strings.ToLower(req.Header.Get("Origin")) if allowAllOrigins || originIsAllowed(origins, origin) { return true diff --git a/tests/init_test.go b/tests/init_test.go index 1638f863e1c1..50cacebc1285 100644 --- a/tests/init_test.go +++ b/tests/init_test.go @@ -93,7 +93,7 @@ type testMatcher struct { failpat []testFailure skiploadpat []*regexp.Regexp slowpat []*regexp.Regexp - whitelistpat *regexp.Regexp + allowlistpat *regexp.Regexp } type testConfig struct { @@ -124,8 +124,8 @@ func (tm *testMatcher) fails(pattern string, reason string) { tm.failpat = append(tm.failpat, testFailure{regexp.MustCompile(pattern), reason}) } -func (tm *testMatcher) whitelist(pattern string) { - tm.whitelistpat = regexp.MustCompile(pattern) +func (tm *testMatcher) allowlist(pattern string) { + tm.allowlistpat = regexp.MustCompile(pattern) } // config defines chain config for tests matching the pattern. @@ -217,9 +217,9 @@ func (tm *testMatcher) runTestFile(t *testing.T, path, name string, runTest inte if r, _ := tm.findSkip(name); r != "" { t.Skip(r) } - if tm.whitelistpat != nil { - if !tm.whitelistpat.MatchString(name) { - t.Skip("Skipped by whitelist") + if tm.allowlistpat != nil { + if !tm.allowlistpat.MatchString(name) { + t.Skip("Skipped by allow list") } } t.Parallel() @@ -276,10 +276,10 @@ func runTestFunc(runTest interface{}, t *testing.T, name string, m reflect.Value }) } -func TestMatcherWhitelist(t *testing.T) { +func TestMatcherAllowList(t *testing.T) { t.Parallel() tm := new(testMatcher) - tm.whitelist("invalid*") + tm.allowlist("invalid*") tm.walk(t, rlpTestDir, func(t *testing.T, name string, test *RLPTest) { if name[:len("invalidRLPTest.json")] != "invalidRLPTest.json" { t.Fatalf("invalid test found: %s != invalidRLPTest.json", name)