alkdev/reverse-proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Decompose security review #003 findings into 17 fix tasks and 1 review task

Browse Source 
Address 4 critical, 8 warning, and 5 suggestion findings from the
security and bug review by creating atomic, dependency-ordered tasks:

Critical fixes (C1-C4): rate limiter IP source (ADR-025), InFlightCounter
increment + drain interval, connector timeout ceiling (ADR-026), JSON format
without log file.

Validation tightening (W1, W2): upstream host validation, ACME contact email
validation.

Robustness (W3, W4, W5, W12): upstream URI error handling (502 not silent
drop), admin socket resource limits (ADR-027), TlsMode wildcard mismatch,
http_port u32→u16.

Code quality (W6, W10, W11, S1, S3, W8/W9): config type consolidation,
TokenBucket field visibility, reload_mutex #[cfg(test)], dead code removal,
root cert count logging, misleading test names.

Test coverage (S10): rate limiter ConnectInfo tests (depends on C1 fix).

Review: post-security-fix-review checkpoint covering all critical fixes
and sensitive config consolidation path.
This commit is contained in:
glm-5.1
2026-06-12 13:42:37 +00:00
parent 80d1fd0fb3
commit 54f1725173
18 changed files with 1282 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
tasks/fix/admin-socket-reload-mutex-visibility.md Normal file
View File

@@ -0,0 +1,52 @@
---
id: fix/admin-socket-reload-mutex-visibility
name: Gate AdminSocket::reload_mutex with #[cfg(test)] (W11)
status: pending
depends_on: []
scope: single
risk: trivial
impact: isolated
level: implementation
review_findings: [W11]
---
## Description
`AdminSocket::reload_mutex()` is a public method that exists solely for the
`test_reload_serialized_with_mutex` test. It exposes an internal synchronization
primitive, and the test acquires the mutex before sending a reload command —
coupling the test to implementation details.
### Changes Required
**`src/admin/socket.rs`**:
- Gate `reload_mutex()` with `#[cfg(test)]`:
```rust
#[cfg(test)]
pub fn reload_mutex(&self) -> Arc<Mutex<()>> {
self.reload_mutex.clone()
}
```
- The existing test `test_reload_serialized_with_mutex` already uses this
method, so it will continue to work.
## Acceptance Criteria
- [ ] `reload_mutex()` is only available in test builds (`#[cfg(test)]`)
- [ ] The `test_reload_serialized_with_mutex` test still compiles and passes
- [ ] `cargo clippy` passes with no warnings in non-test build
## References
- docs/reviews/003-security-and-bug-review.md — W11 finding
- src/admin/socket.rs — `AdminSocket::reload_mutex()`, test
## Notes
> The review suggests alternatively removing the method entirely and testing
> serialization through observable behavior. For Phase 1, gating with
> `#[cfg(test)]` is the simpler fix that preserves the existing test.
## Summary
> To be filled on completion