fix: address review feedback on PR #93
PR Ready Gate / clear-labels (pull_request) Successful in 1s
CI / test (pull_request) Successful in 23s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 45s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m7s
PR Ready Gate / clear-labels (pull_request) Successful in 1s
CI / test (pull_request) Successful in 23s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 45s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 2m7s
- Fix Retry-After slice mutation: copy c.RetryBackoff before modifying to prevent permanent mutation of the shared slice (sonnet#1, security#1) - Cap Retry-After to 120s maximum to prevent excessive sleeps (security#2) - Guard auth header: only set Authorization when token is non-empty (gpt#2) - Fix GetFileContent doc comment to match actual behavior (sonnet#3, gpt#1) - Remove dead 'in_progress/queued' case in mapCheckRunStatus (sonnet#4) - Add testing.Short() guard to slow retry test (sonnet#5) - Reject dot-segments in escapePath to prevent path traversal (security#3) - Add regression tests for non-mutation and escapePath safety
This commit is contained in:
claw
+16
-5
@@ -93,11 +93,16 @@ func (c *Client) SetHTTPClient(hc *http.Client) {
|
||||
}
|
||||
|
||||
// doRequest performs an HTTP request with retry on 429 rate limit responses.
|
||||
// It respects the Retry-After header when present.
|
||||
// It respects the Retry-After header when present (capped at maxRetryAfter).
|
||||
func (c *Client) doRequest(ctx context.Context, method, url string, accept string) ([]byte, error) {
|
||||
const maxAttempts = 3
|
||||
backoff := c.RetryBackoff
|
||||
if backoff == nil {
|
||||
const maxRetryAfter = 120 * time.Second
|
||||
|
||||
var backoff []time.Duration
|
||||
if c.RetryBackoff != nil {
|
||||
backoff = make([]time.Duration, len(c.RetryBackoff))
|
||||
copy(backoff, c.RetryBackoff)
|
||||
} else {
|
||||
backoff = []time.Duration{1 * time.Second, 2 * time.Second}
|
||||
}
|
||||
|
||||
@@ -125,7 +130,9 @@ func (c *Client) doRequest(ctx context.Context, method, url string, accept strin
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("create request: %w", err)
|
||||
}
|
||||
req.Header.Set("Authorization", "Bearer "+c.token)
|
||||
if c.token != "" {
|
||||
req.Header.Set("Authorization", "Bearer "+c.token)
|
||||
}
|
||||
if accept != "" {
|
||||
req.Header.Set("Accept", accept)
|
||||
} else {
|
||||
@@ -156,8 +163,12 @@ func (c *Client) doRequest(ctx context.Context, method, url string, accept strin
|
||||
// Check for Retry-After header and override backoff if present
|
||||
if ra := resp.Header.Get("Retry-After"); ra != "" {
|
||||
if seconds, err := strconv.Atoi(ra); err == nil && seconds > 0 {
|
||||
delay := time.Duration(seconds) * time.Second
|
||||
if delay > maxRetryAfter {
|
||||
delay = maxRetryAfter
|
||||
}
|
||||
if attempt < len(backoff) {
|
||||
backoff[attempt] = time.Duration(seconds) * time.Second
|
||||
backoff[attempt] = delay
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user