utils: relax proxy URL parsing #10889
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
Signed-off-by: Eduardo Silva <eduardo@chronosphere.io>
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).Please share your feedback with us on this Discord post. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (4)
src/flb_utils.c (3)
1429-1435: Make scheme check case-insensitive and normalize output protocol.Schemes are case-insensitive. Accept “HTTP://…” and normalize
protocolto "http" to avoid leaking mixed-case to callers.- /* Only HTTP proxy is supported for now. */ - if (strcmp(protocol, "http") != 0) { - flb_error("only HTTP proxy is supported."); - goto error; - } + /* Only HTTP proxy is supported (case-insensitive); normalize to "http". */ + if (strcasecmp(protocol, "http") != 0) { + flb_error("only HTTP proxy is supported."); + goto error; + } + flb_free(protocol); + protocol = flb_strdup("http"); + if (!protocol) { + flb_errno(); + goto error; + }
1520-1552: Validate port is numeric (and optionally in range).Currently non-numeric ports (e.g., "proxy.com:abc") pass through and will fail later. Add a digits-only check (and optionally 1..65535).
} - if (!host || *host == '\0') { + if (!host || *host == '\0') { flb_error("HTTP proxy host is missing"); goto error; } + /* Ensure port is numeric */ + { + const unsigned char *pc = (const unsigned char *) port; + if (!pc || *pc == '\0') { + flb_error("invalid HTTP proxy port"); + goto error; + } + while (*pc) { + if (!isdigit(*pc)) { + flb_error("invalid HTTP proxy port"); + goto error; + } + pc++; + } + /* Optional: range check + char *endp = NULL; + long pnum = strtol(port, &endp, 10); + if (*endp != '\0' || pnum <= 0 || pnum > 65535) { + flb_error("HTTP proxy port out of range"); + goto error; + } + */ + }
1563-1576: Defensive: null the out-params on entry (non-blocking).For a safer API, consider setting
*out_* = NULLon entry so callers never observe indeterminate pointers on failure. Not required by current call sites/tests.tests/internal/utils.c (1)
488-506: Add cases for scheme case-insensitivity and IPv6 (and one invalid port).Boost confidence with a few more vectors tied to the new parser behavior.
struct proxy_url_check proxy_url_checks[] = { {0, "http://foo:bar@proxy.com:8080", "http", "proxy.com", "8080", "foo", "bar"}, {0, "http://proxy.com", "http", "proxy.com", "80", NULL, NULL}, {0, "http://proxy.com:8080", "http", "proxy.com", "8080", NULL, NULL}, + /* Case-insensitive scheme */ + {0, "HTTP://proxy.com:8080", + "http", "proxy.com", "8080", NULL, NULL}, {0, "proxy.com:8080", "http", "proxy.com", "8080", NULL, NULL}, {0, "foo:bar@proxy.com:8080", "http", "proxy.com", "8080", "foo", "bar"}, {0, "proxy.com", "http", "proxy.com", "80", NULL, NULL}, + /* IPv6 bracketed host */ + {0, "http://[2001:db8::1]:8080", + "http", "2001:db8::1", "8080", NULL, NULL}, + {0, "http://[2001:db8::1]", + "http", "2001:db8::1", "80", NULL, NULL}, + {0, "foo:bar@[2001:db8::1]:8080", + "http", "2001:db8::1", "8080", "foo", "bar"}, + /* Invalid non-numeric port (should fail once port validation is added) */ + {-1, "proxy.com:abc", + NULL, NULL, NULL, NULL, NULL}, /* issue #5530. Password contains @ */ {0, "http://example_user:example_pass_w_@_char@proxy.com:8080", "http", "proxy.com", "8080", "example_user", "example_pass_w_@_char"}, {-1, "https://proxy.com:8080", NULL, NULL, NULL, NULL, NULL} };
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
src/flb_utils.c(1 hunks)tests/internal/utils.c(3 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
src/flb_utils.c (1)
include/fluent-bit/flb_mem.h (1)
flb_free(126-128)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (29)
- GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit (Arm64), amd64_arm64, -DCMAKE_SYSTEM_NAME=Windows -DCMA...
- GitHub Check: pr-windows-build / call-build-windows-package (Windows 32bit, x86, x86-windows-static, 3.31.6)
- GitHub Check: pr-windows-build / call-build-windows-package (Windows 64bit, x64, x64-windows-static, 3.31.6)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_ARROW=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_MEMORY=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=On, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SIMD=Off, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SANITIZE_THREAD=On, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_COVERAGE=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, gcc, g++)
- GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_ADDRESS=On, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DSANITIZE_UNDEFINED=On, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_JEMALLOC=Off, 3.31.6, clang, clang++)
- GitHub Check: run-ubuntu-unit-tests (-DFLB_SMALL=On, 3.31.6, clang, clang++)
- GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-24.04, clang-14)
- GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, gcc, g++, ubuntu-22.04, clang-12)
- GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-22.04, clang-12)
- GitHub Check: pr-compile-system-libs (-DFLB_PREFER_SYSTEM_LIBS=On, 3.31.6, clang, clang++, ubuntu-24.04, clang-14)
- GitHub Check: pr-compile-centos-7
- GitHub Check: PR - fuzzing test
🔇 Additional comments (4)
src/flb_utils.c (2)
1398-1450: Good: default scheme fallback and stricter input checks.Using http as the default when no scheme is provided, while rejecting empty/invalid inputs, is the right trade-off for HTTP_PROXY. Memory ownership and error-path cleanup look correct.
1481-1518: IPv6 authority parsing: looks solid.Bracketed IPv6 handling is correct (host extracted without brackets, port after ‘]’ supported). Clear error paths for malformed inputs.
tests/internal/utils.c (2)
488-506: Nice coverage for scheme-less and credentialed proxies.The new vectors cover the relaxed parsing well and keep the https rejection. Good addition.
559-574: Assertion changes for username/password look correct.Directly validating
username/passwordimproves signal vs. indirect checks. No issues.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When HTTP_PROXY is defined, we were very strict about asking for the protocol prefix
http://. This PR change the validator and if the protocol is not defined it will just assume it's http.Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.
Summary by CodeRabbit