mirror of
https://github.com/umputun/reproxy.git
synced 2026-06-09 19:04:59 +02:00
Umputun
16c66dcc56
* fix(proxy): bound RoundRobinSelector return to current n When alive-backend count shrinks between calls (e.g. health-check flips a backend dead), the previously stored lastSelected could exceed the new n. The returned index was the un-bounded stale value, causing matchHandler to index out of range and panic. Apply modulo before returning, so Select is always in [0, n) regardless of how lastSelected was set on a prior call. Adds regression test that reproduces the panic with shrinking n. Related to #250 * chore: address lint cleanups (atomic.Int32, gosec G710) Replace int32+sync/atomic free functions with atomic.Int32 type in test files (modernize/atomictypes lint), and suppress gosec G710 on the http->https redirect handler with explanation - redirect target is derived from the request host, matching the standard upgrade pattern. * fix: address Copilot review on PR #251 Apply modulo on lastSelected write to keep [0, n) invariant - matches original code's wrap-to-0 semantics when n changes, while still bounding the returned value to current n. Both forms fix the panic; this one has smaller behavioral delta from pre-fix code. Add TestRoundRobinSelector_SelectGrowingN that pins the wrap behavior when n grows back (e.g., dead backend recovers), catching regression to the non-modulo write. Expand the //nolint:gosec comment on the http->https redirect to spell out the threat model (Host header is browser-set from URL hostname, so a foreign Host can't be injected into a victim's request).