feat(github): add safeguards against accidental AllowInsecureHTTP use (#96) #113
@@ -319,6 +319,7 @@ func (c *Client) doRequest(ctx context.Context, method, reqURL string, accept st
|
||||
timer := time.NewTimer(delay)
|
||||
|
|
||||
select {
|
||||
case <-timer.C:
|
||||
timer.Stop() // no-op after fire; kept for symmetry with the ctx.Done case
|
||||
case <-ctx.Done():
|
||||
timer.Stop()
|
||||
return nil, ctx.Err()
|
||||
|
||||
@@ -544,6 +544,7 @@ func TestNoInsecureOption_RejectsHTTP(t *testing.T) {
|
||||
t.Errorf("unexpected error message: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestNoInsecureOption_RejectsUppercaseHTTP(t *testing.T) {
|
||||
// Verify case-insensitive scheme check (RFC 3986).
|
||||
c := NewClient("tok", "HTTP://example.com")
|
||||
@@ -568,7 +569,6 @@ func TestNoInsecureOption_RejectsMixedCaseHTTP(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
func TestAllowInsecureHTTP_WithoutEnvVar_Rejected(t *testing.T) {
|
||||
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
t.Fatal("request should not have been sent")
|
||||
|
||||
Reference in New Issue
Block a user
[MINOR] The diff removes
timer.Stop()from thecase <-timer.C:branch. When the timer fires normally, the timer's goroutine is already done, but callingtimer.Stop()after it fires is a no-op and not harmful — the original code was actually correct in calling it (the resource is already freed, but it's a safe call). The real concern is the missing call on the successful timer path: after<-timer.Cfires, the GC will eventually collect the timer, buttimer.Stop()on the fired case is idiomatic cleanup. This is extremely minor since a fired timer has no goroutine leak, only a small GC delay. Consider addingtimer.Stop()back on both branches for explicitness, or usingdefer timer.Stop()before the select.