You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched the existing issues and discussions.
Expected Behavior
A handful of small, independent correctness/robustness fixes across health, pubsub, and storage. Each is a few lines; grouped here as a checklist so they can land in one (or a few) PRs rather than spawning four micro-issues.
Actual Behavior
1. Health dependency check leaks the HTTP response body (health/health.go:28-34).
resp.Body is never closed, leaking a connection/FD on every dependency probe. Health checks run repeatedly, so this accumulates. Needs defer resp.Body.Close() (guarded for the error case).
2. SNS publisher checks the config error after already using the config (pubsub/sns.go:23-40).
cfg, err:=awsconfig.LoadDefaultConfig(context.TODO())
// ... cfg.Region / cfg.Credentials mutated and used ...iferr!=nil { logger.Fatal(...) } // checked too late
The err from LoadDefaultConfig should be checked before cfg is touched.
Values aren't attacker-controlled (they come from migration filenames/descriptions), but a name or description containing an apostrophe breaks the INSERT. Should be parameterized.
4. DynamoDB List swallows the buildParams error (storage/dynamodb.go:258).
params, _:=s.buildParams(filter)
On a marshal failure the query still runs with nil/empty params, silently producing wrong results. The error should propagate.
n/a — inspection-level findings with exact file:line above.
Additional Information
Found during a general audit of the library. All four are low-risk, low-LOC fixes; bundling for a single robustness PR. Happy to split if maintainers prefer separate tracking.
Check Existing Issues
Expected Behavior
A handful of small, independent correctness/robustness fixes across
health,pubsub, andstorage. Each is a few lines; grouped here as a checklist so they can land in one (or a few) PRs rather than spawning four micro-issues.Actual Behavior
1. Health dependency check leaks the HTTP response body (
health/health.go:28-34).resp.Bodyis never closed, leaking a connection/FD on every dependency probe. Health checks run repeatedly, so this accumulates. Needsdefer resp.Body.Close()(guarded for the error case).2. SNS publisher checks the config error after already using the config (
pubsub/sns.go:23-40).The
errfromLoadDefaultConfigshould be checked beforecfgis touched.3. Migration INSERT uses unescaped string interpolation (
storage/sql.go:168-171).Values aren't attacker-controlled (they come from migration filenames/descriptions), but a name or description containing an apostrophe breaks the INSERT. Should be parameterized.
4. DynamoDB
Listswallows thebuildParamserror (storage/dynamodb.go:258).On a marshal failure the query still runs with nil/empty params, silently producing wrong results. The error should propagate.
Steps to Reproduce
'(e.g.add user's table); observe the INSERT fails.Logs & Screenshots
n/a — inspection-level findings with exact file:line above.
Additional Information
Found during a general audit of the library. All four are low-risk, low-LOC fixes; bundling for a single robustness PR. Happy to split if maintainers prefer separate tracking.