Use mcdsl/terminal for all password prompts

Replace direct golang.org/x/term calls with mcdsl/terminal.ReadPassword across mciasctl (6 sites), mciasgrpcctl (1 site), and mciasdb (1 site). Aligns with the new CLI security standard in engineering-standards.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 11:40:11 -07:00
parent e4220b840e
commit 5b5e1a7ed6
142 changed files with 10241 additions and 7788 deletions
--- a/vendor/github.com/pelletier/go-toml/v2/internal/characters/ascii.go
+++ b/vendor/github.com/pelletier/go-toml/v2/internal/characters/ascii.go
@@ -1,6 +1,6 @@
 package characters

-var invalidAsciiTable = [256]bool{
+var invalidASCIITable = [256]bool{
 	0x00: true,
 	0x01: true,
 	0x02: true,
@@ -37,6 +37,6 @@ var invalidAsciiTable = [256]bool{
 	0x7F: true,
 }

-func InvalidAscii(b byte) bool {
-	return invalidAsciiTable[b]
+func InvalidASCII(b byte) bool {
+	return invalidASCIITable[b]
 }
--- a/vendor/github.com/pelletier/go-toml/v2/internal/characters/utf8.go
+++ b/vendor/github.com/pelletier/go-toml/v2/internal/characters/utf8.go
@@ -1,20 +1,12 @@
+// Package characters provides functions for working with string encodings.
 package characters

 import (
 	"unicode/utf8"
 )

-type utf8Err struct {
-	Index int
-	Size  int
-}
-
-func (u utf8Err) Zero() bool {
-	return u.Size == 0
-}
-
-// Verified that a given string is only made of valid UTF-8 characters allowed
-// by the TOML spec:
+// Utf8TomlValidAlreadyEscaped verifies that a given string is only made of
+// valid UTF-8 characters allowed by the TOML spec:
 //
 // Any Unicode character may be used except those that must be escaped:
 // quotation mark, backslash, and the control characters other than tab (U+0000
@@ -23,8 +15,8 @@ func (u utf8Err) Zero() bool {
 // It is a copy of the Go 1.17 utf8.Valid implementation, tweaked to exit early
 // when a character is not allowed.
 //
-// The returned utf8Err is Zero() if the string is valid, or contains the byte
-// index and size of the invalid character.
+// The returned slice is empty if the string is valid, or contains the bytes
+// of the invalid character.
 //
 // quotation mark => already checked
 // backslash => already checked
@@ -32,9 +24,8 @@ func (u utf8Err) Zero() bool {
 // 0x9 => tab, ok
 // 0xA - 0x1F => invalid
 // 0x7F => invalid
-func Utf8TomlValidAlreadyEscaped(p []byte) (err utf8Err) {
+func Utf8TomlValidAlreadyEscaped(p []byte) []byte {
 	// Fast path. Check for and skip 8 bytes of ASCII characters per iteration.
-	offset := 0
 	for len(p) >= 8 {
 		// Combining two 32 bit loads allows the same code to be used
 		// for 32 and 64 bit platforms.
@@ -48,24 +39,19 @@ func Utf8TomlValidAlreadyEscaped(p []byte) (err utf8Err) {
 		}

 		for i, b := range p[:8] {
-			if InvalidAscii(b) {
-				err.Index = offset + i
-				err.Size = 1
-				return
+			if InvalidASCII(b) {
+				return p[i : i+1]
 			}
 		}

 		p = p[8:]
-		offset += 8
 	}
 	n := len(p)
 	for i := 0; i < n; {
 		pi := p[i]
 		if pi < utf8.RuneSelf {
-			if InvalidAscii(pi) {
-				err.Index = offset + i
-				err.Size = 1
-				return
+			if InvalidASCII(pi) {
+				return p[i : i+1]
 			}
 			i++
 			continue
@@ -73,44 +59,34 @@ func Utf8TomlValidAlreadyEscaped(p []byte) (err utf8Err) {
 		x := first[pi]
 		if x == xx {
 			// Illegal starter byte.
-			err.Index = offset + i
-			err.Size = 1
-			return
+			return p[i : i+1]
 		}
 		size := int(x & 7)
 		if i+size > n {
 			// Short or invalid.
-			err.Index = offset + i
-			err.Size = n - i
-			return
+			return p[i:n]
 		}
 		accept := acceptRanges[x>>4]
 		if c := p[i+1]; c < accept.lo || accept.hi < c {
-			err.Index = offset + i
-			err.Size = 2
-			return
-		} else if size == 2 {
+			return p[i : i+2]
+		} else if size == 2 { //revive:disable:empty-block
 		} else if c := p[i+2]; c < locb || hicb < c {
-			err.Index = offset + i
-			err.Size = 3
-			return
-		} else if size == 3 {
+			return p[i : i+3]
+		} else if size == 3 { //revive:disable:empty-block
 		} else if c := p[i+3]; c < locb || hicb < c {
-			err.Index = offset + i
-			err.Size = 4
-			return
+			return p[i : i+4]
 		}
 		i += size
 	}
-	return
+	return nil
 }

-// Return the size of the next rune if valid, 0 otherwise.
+// Utf8ValidNext returns the size of the next rune if valid, 0 otherwise.
 func Utf8ValidNext(p []byte) int {
 	c := p[0]

 	if c < utf8.RuneSelf {
-		if InvalidAscii(c) {
+		if InvalidASCII(c) {
 			return 0
 		}
 		return 1
@@ -129,10 +105,10 @@ func Utf8ValidNext(p []byte) int {
 	accept := acceptRanges[x>>4]
 	if c := p[1]; c < accept.lo || accept.hi < c {
 		return 0
-	} else if size == 2 {
+	} else if size == 2 { //nolint:revive
 	} else if c := p[2]; c < locb || hicb < c {
 		return 0
-	} else if size == 3 {
+	} else if size == 3 { //nolint:revive
 	} else if c := p[3]; c < locb || hicb < c {
 		return 0
 	}
--- a/vendor/github.com/pelletier/go-toml/v2/internal/danger/danger.go
+++ b/vendor/github.com/pelletier/go-toml/v2/internal/danger/danger.go
@@ -1,65 +0,0 @@
-package danger
-
-import (
-	"fmt"
-	"reflect"
-	"unsafe"
-)
-
-const maxInt = uintptr(int(^uint(0) >> 1))
-
-func SubsliceOffset(data []byte, subslice []byte) int {
-	datap := (*reflect.SliceHeader)(unsafe.Pointer(&data))
-	hlp := (*reflect.SliceHeader)(unsafe.Pointer(&subslice))
-
-	if hlp.Data < datap.Data {
-		panic(fmt.Errorf("subslice address (%d) is before data address (%d)", hlp.Data, datap.Data))
-	}
-	offset := hlp.Data - datap.Data
-
-	if offset > maxInt {
-		panic(fmt.Errorf("slice offset larger than int (%d)", offset))
-	}
-
-	intoffset := int(offset)
-
-	if intoffset > datap.Len {
-		panic(fmt.Errorf("slice offset (%d) is farther than data length (%d)", intoffset, datap.Len))
-	}
-
-	if intoffset+hlp.Len > datap.Len {
-		panic(fmt.Errorf("slice ends (%d+%d) is farther than data length (%d)", intoffset, hlp.Len, datap.Len))
-	}
-
-	return intoffset
-}
-
-func BytesRange(start []byte, end []byte) []byte {
-	if start == nil || end == nil {
-		panic("cannot call BytesRange with nil")
-	}
-	startp := (*reflect.SliceHeader)(unsafe.Pointer(&start))
-	endp := (*reflect.SliceHeader)(unsafe.Pointer(&end))
-
-	if startp.Data > endp.Data {
-		panic(fmt.Errorf("start pointer address (%d) is after end pointer address (%d)", startp.Data, endp.Data))
-	}
-
-	l := startp.Len
-	endLen := int(endp.Data-startp.Data) + endp.Len
-	if endLen > l {
-		l = endLen
-	}
-
-	if l > startp.Cap {
-		panic(fmt.Errorf("range length is larger than capacity"))
-	}
-
-	return start[:l]
-}
-
-func Stride(ptr unsafe.Pointer, size uintptr, offset int) unsafe.Pointer {
-	// TODO: replace with unsafe.Add when Go 1.17 is released
-	//   https://github.com/golang/go/issues/40481
-	return unsafe.Pointer(uintptr(ptr) + uintptr(int(size)*offset))
-}
--- a/vendor/github.com/pelletier/go-toml/v2/internal/danger/typeid.go
+++ b/vendor/github.com/pelletier/go-toml/v2/internal/danger/typeid.go
@@ -1,23 +0,0 @@
-package danger
-
-import (
-	"reflect"
-	"unsafe"
-)
-
-// typeID is used as key in encoder and decoder caches to enable using
-// the optimize runtime.mapaccess2_fast64 function instead of the more
-// expensive lookup if we were to use reflect.Type as map key.
-//
-// typeID holds the pointer to the reflect.Type value, which is unique
-// in the program.
-//
-// https://github.com/segmentio/encoding/blob/master/json/codec.go#L59-L61
-type TypeID unsafe.Pointer
-
-func MakeTypeID(t reflect.Type) TypeID {
-	// reflect.Type has the fields:
-	// typ unsafe.Pointer
-	// ptr unsafe.Pointer
-	return TypeID((*[2]unsafe.Pointer)(unsafe.Pointer(&t))[1])
-}
--- a/vendor/github.com/pelletier/go-toml/v2/internal/tracker/key.go
+++ b/vendor/github.com/pelletier/go-toml/v2/internal/tracker/key.go
@@ -36,7 +36,7 @@ func (t *KeyTracker) Pop(node *unstable.Node) {
 	}
 }

-// Key returns the current key
+// Key returns the current key.
 func (t *KeyTracker) Key() []string {
 	k := make([]string, len(t.k))
 	copy(k, t.k)
--- a/vendor/github.com/pelletier/go-toml/v2/internal/tracker/seen.go
+++ b/vendor/github.com/pelletier/go-toml/v2/internal/tracker/seen.go
@@ -288,11 +288,12 @@ func (s *SeenTracker) checkKeyValue(node *unstable.Node) (bool, error) {
 			idx = s.create(parentIdx, k, tableKind, false, true)
 		} else {
 			entry := s.entries[idx]
-			if it.IsLast() {
+			switch {
+			case it.IsLast():
 				return false, fmt.Errorf("toml: key %s is already defined", string(k))
-			} else if entry.kind != tableKind {
+			case entry.kind != tableKind:
 				return false, fmt.Errorf("toml: expected %s to be a table, not a %s", string(k), entry.kind)
-			} else if entry.explicit {
+			case entry.explicit:
 				return false, fmt.Errorf("toml: cannot redefine table %s that has already been explicitly defined", string(k))
 			}
 		}
@@ -309,16 +310,16 @@ func (s *SeenTracker) checkKeyValue(node *unstable.Node) (bool, error) {
 		return s.checkInlineTable(value)
 	case unstable.Array:
 		return s.checkArray(value)
+	default:
+		return false, nil
 	}
-
-	return false, nil
 }

 func (s *SeenTracker) checkArray(node *unstable.Node) (first bool, err error) {
 	it := node.Children()
 	for it.Next() {
 		n := it.Node()
-		switch n.Kind {
+		switch n.Kind { //nolint:exhaustive
 		case unstable.InlineTable:
 			first, err = s.checkInlineTable(n)
 			if err != nil {
--- a/vendor/github.com/pelletier/go-toml/v2/internal/tracker/tracker.go
+++ b/vendor/github.com/pelletier/go-toml/v2/internal/tracker/tracker.go
@@ -1 +1,2 @@
+// Package tracker provides functions for keeping track of AST nodes.
 package tracker