terraform/internal/ipaddr/README.md

Forked IP address parsing functions

This directory contains a subset of code from the Go project's net package as of Go 1.16, used under the Go project license which we've included here in LICENSE and PATENTS, which are also copied from the Go project.

Terraform has its own fork of these functions because Go 1.17 included a breaking change to reject IPv4 address octets written with leading zeros.

The Go project rationale for that change was that Go historically interpreted leading-zero octets inconsistently with many other implementations, trimming off the zeros and still treating the rest as decimal rather than treating the octet as octal.

The Go team made the reasonable observation that having a function that interprets a non-normalized form in a manner inconsistent with other implementations may cause naive validation or policy checks to produce incorrect results, and thus it's a potential security concern. For more information, see Go issue #30999.

After careful consideration, the Terraform team has concluded that Terraform's use of these functions as part of the implementation of the cidrhost, cidrsubnet, cidrsubnets, and cidrnetmask functions has a more limited impact than the general availability of these functions in the Go standard library, and so we can't justify a similar exception to our Terraform 1.0 compatibility promises as the Go team made to their Go 1.0 compatibility promises.

If you're considering using this package for new functionality other than the built-in functions mentioned above, please do so only if consistency with the behavior of those functions is important. Otherwise, new features are not burdened by the same compatibility constraints and so should typically prefer to use the stricter interpretation of the upstream parsing functions.