b4c0b2b47d
Validate header values ( #1796 )
...
* Validate header values
Fixes https://github.com/valyala/fasthttp/issues/1794
* Don't allow empty header keys
And improve error handling for bad headers.
2024-07-03 10:04:04 +02:00
21b235d033
add timeout to proxy connection reading and writing ( #1791 )
...
Co-authored-by: kalmanzhao <kalmanzhao@tencent.com >
2024-06-19 11:19:46 +02:00
b06f4e21d9
chore(deps): bump securego/gosec from 2.19.0 to 2.20.0 ( #1776 )
...
Bumps [securego/gosec](https://github.com/securego/gosec ) from 2.19.0 to 2.20.0.
- [Release notes](https://github.com/securego/gosec/releases )
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml )
- [Commits](https://github.com/securego/gosec/compare/v2.19.0...v2.20.0 )
---
updated-dependencies:
- dependency-name: securego/gosec
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-14 09:39:33 +02:00
6a7f259017
chore(deps): bump golang.org/x/net from 0.23.0 to 0.26.0 ( #1788 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.23.0 to 0.26.0.
- [Commits](https://github.com/golang/net/compare/v0.23.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-14 09:39:01 +02:00
7de6a26de7
chore(deps): bump golang.org/x/crypto from 0.21.0 to 0.24.0 ( #1787 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.21.0 to 0.24.0.
- [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-14 09:28:08 +02:00
ea3b903178
chore(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.9 ( #1792 )
...
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress ) from 1.17.7 to 1.17.9.
- [Release notes](https://github.com/klauspost/compress/releases )
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml )
- [Commits](https://github.com/klauspost/compress/compare/v1.17.7...v1.17.9 )
---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-13 20:31:00 +02:00
f56f9e4d38
Fix linting issues
2024-06-11 08:42:27 +02:00
7b273dc590
Don't allow \r in header names ( #1789 )
...
* Don't allow \r in header names
From RFC 9112:
A sender MUST NOT generate a bare CR (a CR character not immediately
followed by LF) within any protocol elements other than the content.
A recipient of such a bare CR MUST consider that element to be invalid
or replace each bare CR with SP before processing the element or forwarding
the message.
net/http seems to completely error on this, so let's do the same.
Fixes https://github.com/valyala/fasthttp/issues/1785
* Validate the full header field
2024-06-11 08:41:16 +02:00
9ffdf086e7
test: fix typo ( #1790 )
2024-06-10 19:08:51 +02:00
2909827c57
Fix another flaky test
2024-06-02 12:29:30 +02:00
e6d9374bea
Fix common recurring CI issues ( #1784 )
2024-06-02 12:08:27 +02:00
b001a40bea
Use FASTHTTP_PREFORK_CHILD env variable to detect child ( #1783 )
...
It's better to use an environment variable as they are more standard.
They way flags are parsed isn't standardized within the Go ecosystem.
Fixes: https://github.com/valyala/fasthttp/issues/1782
2024-06-02 10:33:50 +02:00
3edfab8225
all: add riscv64 support ( #1781 )
2024-05-25 17:15:52 +02:00
ee34656bec
fs: fix openIndexFile when dirPath is empty string ( #1779 )
2024-05-19 15:11:58 +02:00
f9f213efa6
Prevent OOM when fuzzing
2024-05-18 10:30:23 +02:00
aadadb913a
fs: fix GenerateIndexPages when DirFS or embed.FS is used ( #1778 )
2024-05-18 10:30:01 +02:00
8f5b927447
Try to fix oss-fuzz low memory limit again
2024-05-08 09:57:57 +02:00
96b2369966
chore(deps): bump golangci/golangci-lint-action from 5 to 6 ( #1774 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-07 20:23:29 +02:00
97d456870a
feat: add address to tryDial errors ( #1763 )
...
* fix: propagate body stream error to close function (#1743 )
* feat: add address in ErrDialTimeout
* feat: add address in any `tryDial` error
* feat: use struct to wrap error with upstream info
* fix: lint
* fix: wrapped Error() method
* docs: add example to ErrDialWithUpstream
* feat: add address in ErrDialTimeout
* feat: add address in any `tryDial` error
* feat: use struct to wrap error with upstream info
* fix: lint
* fix: wrapped Error() method
* docs: add example to ErrDialWithUpstream
* docs: fix example for ErrDialWithUpstream
---------
Co-authored-by: Max Denushev <denushev@tochka.com >
2024-05-02 08:49:19 +02:00
091733b08e
Implemented what was described by me in #1766 . ( #1767 )
...
* Implemented what was described by me in issue#1766.
* fixed linting isssues in fs.go with gofmt -e -d -s
---------
Co-authored-by: Raphael Habichler <raphael.habichler@bmd.at >
2024-04-29 21:37:39 +02:00
105eb3bcd9
Add perIPTLSConn to support MaxConnsPerIP with tls connections
...
Otherwise calling RequestCtx.TLSConnectionState() will fail.
Fixes #1770
2024-04-29 15:17:14 +02:00
a8fa9c04b4
Don't allow , in host when using Client ( #1761 )
...
When using a url like http://example.com,/ URI will parse "example.com,"
as host. HostClient then splits this by "," into multiple addresses and
will connect to example.com. HostClient splitting the address by "," is
only for direct use, not for use with Client.
2024-04-29 10:48:09 +02:00
30adc7d046
chore(deps): bump golangci/golangci-lint-action from 4 to 5 ( #1769 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-25 18:51:36 +02:00
57b9352ad1
fix: propagate body stream error to close function ( #1743 ) ( #1757 )
...
* fix: propagate body stream error to close function (#1743 )
* fix: http test
* fix: close body stream with error in encoding functions
* fix: lint
---------
Co-authored-by: Max Denushev <denushev@tochka.com >
2024-04-22 08:45:33 +02:00
e88bd48f45
refactor: do not return error as it is always nil ( #1759 )
2024-04-21 19:57:04 +02:00
d3aa5a15bb
Add macos-14 platform, enable shuffle of tests ( #1746 )
2024-04-10 20:50:02 +02:00
a77e9c6b79
add support for CHIPS (Cookies Having Independent Partitioned State) ( #1752 )
...
* add support for CHIPS (Cookies Having Independent Partitioned State)
* fix comment lines
* Update cookie.go fix lint error: should omit comparison to bool constant
2024-04-08 18:23:23 +02:00
d3a9c74c92
chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 ( #1748 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-04 09:27:34 +01:00
1c3ba3b2f0
test: replace panic with returning error ( #1747 )
2024-04-02 17:00:44 +01:00
e28be0c993
fix: panic in ParseIPv4 when len(dst) > 4 ( #1742 )
2024-03-29 14:11:50 +01:00
9c3915b1fc
test: remove redundant error check ( #1741 )
2024-03-28 21:34:02 +01:00
bbc7bd04e2
refactor: rename error local variables ( #1738 )
2024-03-25 14:30:27 +01:00
222c0bf01b
Update deps
2024-03-06 11:13:58 +01:00
7e1fb71854
Enable perfsprint linter; fix up lint issues ( #1727 )
2024-03-02 16:21:23 +01:00
bdd459ab0e
test: remove //nolint:govet comments ( #1729 )
2024-03-02 16:19:52 +01:00
3166afd835
Enable few gocritic checks; fix up issues ( #1728 )
2024-03-02 16:19:05 +01:00
9c69feae53
chore(deps): bump golang.org/x/crypto from 0.19.0 to 0.20.0 ( #1725 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/crypto/compare/v0.19.0...v0.20.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-27 11:05:12 +01:00
5f81476d7c
feat:support zstd compress and uncompressed ( #1701 )
...
* feat:support zstd compress and uncompressed
* fix:real & stackless write using different pool to avoid get stackless.writer
* fix:zstd normalize compress level
* Change empty string checks to be more idiomatic (#1684 )
* chore:lint fix and rebase with master
* chore:remove 1.18 test & upgrade compress version
* fix:error default compress level
* Fix lint
---------
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com >
2024-02-21 07:21:52 +01:00
4c326e8f6c
Limit memory for fuzz testing
...
CIFuzz has low memory limits that we keep hitting without there being an
issue.
2024-02-21 06:02:19 +01:00
190204cf1a
Upgrade golangci-lint to v1.56.2; fix gocritic issues ( #1722 )
2024-02-21 05:51:28 +01:00
a537e47bfb
Remove unnecessary build tag go1.21 ( #1721 )
2024-02-21 05:49:39 +01:00
aefd080674
adaptor ResponseWriter - adding Hijack method and pass proper fields ( #1525 )
...
* adding hijack method and pass proper fields
* adding hijack method and pass proper fields - adding tests
* improve hijack handling, use proper test for hijacking
* extend hijackhandler propogation to NewFastHTTPHandlerFunc
* align hijacking of fasthttp adaptor net request with fasthttp request, safe conn handling for proper release of resources and custom hijack handler for more controlled by hijacking implementation
* Implement actual behaviour of net/http Hijacker
---------
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com >
2024-02-17 14:51:38 +08:00
56cb753ff9
chore(deps): bump securego/gosec from 2.18.2 to 2.19.0 ( #1720 )
...
Bumps [securego/gosec](https://github.com/securego/gosec ) from 2.18.2 to 2.19.0.
- [Release notes](https://github.com/securego/gosec/releases )
- [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml )
- [Commits](https://github.com/securego/gosec/compare/v2.18.2...v2.19.0 )
---
updated-dependencies:
- dependency-name: securego/gosec
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 14:22:22 +08:00
bce576699a
Prevent request smuggling ( #1719 )
...
* Prevent request smuggling
Prevent request smuggling when fasthttp is behind a reverse proxy that
might interprets headers differently by being stricter. Should also
prevent request smuggling when fasthttp is used as the reverse proxy.
* Make header value comparison case-insensitive
2024-02-11 08:08:56 +01:00
3327266342
Follow RFCs 7230 and 9112 for HTTP versions ( #1710 )
...
Require that HTTP versions match the following pattern: HTTP/[0-9]\.[0-9]
2024-02-11 07:55:31 +01:00
a8cb5d535f
Bump dependencies ( #1718 )
2024-02-10 11:04:07 +01:00
82bc7c48bd
bump securego/gosec from 2.17.0 to 2.18.2
2024-02-10 10:45:52 +01:00
20c2c4832e
chore(deps): bump golangci/golangci-lint-action from 3 to 4 ( #1711 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-10 10:43:32 +01:00
9fa5688b68
Update all github actions, add go1.22 ( #1707 )
2024-02-10 10:32:59 +01:00
b430b88e78
Implement GetRejectedConnectionsCount function ( #1704 )
...
* Implement `GetRejectedConnectionsCount`
* Implement test for `GetRejectedConnectionsCount`
2024-02-10 10:26:36 +01:00
Erik Dubbelboer
Sniper91
dependabot[bot]
Oleksandr Redko
Meng Zhuo
M. Efe Çetin
Max Denushev
Limux
Oleksandr Redko
Juan Calderon-Perez
Gürkan Yeşilyurt
Co1a
gilwo
mopeneko