fix(gitea): address review findings — clamp overflow, clarify maxSize doc
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 39s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m7s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m38s
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 39s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m7s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m38s
- Clamp maxBytes+1 to prevent integer overflow to negative when maxBytes == math.MaxInt64 (falls back to math.MaxInt64) - Update MaxDiffSize doc: 'any negative value' disables the limit, matching actual behavior of 'maxSize < 0' check
This commit is contained in:
claw
+10
-3
@@ -11,6 +11,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
|
"math"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
@@ -69,7 +70,7 @@ type Client struct {
|
|||||||
RetryBackoff []time.Duration
|
RetryBackoff []time.Duration
|
||||||
|
|
||||||
// MaxDiffSize is the maximum number of bytes allowed when fetching a PR diff.
|
// MaxDiffSize is the maximum number of bytes allowed when fetching a PR diff.
|
||||||
// If zero, defaults to DefaultMaxDiffSize (10 MB). Set to -1 to disable the limit.
|
// If zero, defaults to DefaultMaxDiffSize (10 MB). Set to any negative value to disable the limit.
|
||||||
MaxDiffSize int64
|
MaxDiffSize int64
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -442,7 +443,8 @@ func (c *Client) doGet(ctx context.Context, reqURL string) ([]byte, error) {
|
|||||||
|
|
||||||
// doGetLimited performs an HTTP GET request with retry (like doGet) but enforces
|
// doGetLimited performs an HTTP GET request with retry (like doGet) but enforces
|
||||||
// a maximum response body size. Returns ErrDiffTooLarge if the response exceeds
|
// a maximum response body size. Returns ErrDiffTooLarge if the response exceeds
|
||||||
// maxBytes. It reads maxBytes+1 to detect overflow without buffering the entire body.
|
// maxBytes. It reads maxBytes+1 (clamped to avoid overflow) to detect truncation
|
||||||
|
// without buffering the entire body.
|
||||||
func (c *Client) doGetLimited(ctx context.Context, reqURL string, maxBytes int64) ([]byte, error) {
|
func (c *Client) doGetLimited(ctx context.Context, reqURL string, maxBytes int64) ([]byte, error) {
|
||||||
const maxAttempts = 3
|
const maxAttempts = 3
|
||||||
backoff := c.RetryBackoff
|
backoff := c.RetryBackoff
|
||||||
@@ -495,7 +497,12 @@ func (c *Client) doGetLimited(ctx context.Context, reqURL string, maxBytes int64
|
|||||||
}
|
}
|
||||||
if resp.StatusCode >= 200 && resp.StatusCode < 300 {
|
if resp.StatusCode >= 200 && resp.StatusCode < 300 {
|
||||||
// Read up to maxBytes+1 to detect overflow.
|
// Read up to maxBytes+1 to detect overflow.
|
||||||
limited := io.LimitReader(resp.Body, maxBytes+1)
|
// Clamp to prevent integer overflow when maxBytes == math.MaxInt64.
|
||||||
|
limitBytes := maxBytes + 1
|
||||||
|
if limitBytes <= 0 {
|
||||||
|
limitBytes = math.MaxInt64
|
||||||
|
}
|
||||||
|
limited := io.LimitReader(resp.Body, limitBytes)
|
||||||
body, err := io.ReadAll(limited)
|
body, err := io.ReadAll(limited)
|
||||||
resp.Body.Close()
|
resp.Body.Close()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user