The coredns/caddy lexer replaces invalid UTF‑8 bytes in tokens with
U+FFFD. When that lossy-decoded value is used as `dbfile` in the sign
plugin, the source zone file path never exists. On startup/refresh,
the `resign()` function sees the signed file missing and triggers
signing. Consequently `Sign()` then fails opening the bogus path,
the signed file is never created, and the cycle repeats across all
expanded origins (e.g., reverse CIDRs), causing unbounded churn/OOM.
Validate `dbfile` in setup and error if it contains U+FFFD. Add a
regression test.
Note: Unicode paths are supported; only U+FFFD (replacement-rune) is rejected.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
* perf: avoid string concatenation in loops
Apply perfpsrint linter
Signed-off-by: Philippe Antoine <contact@catenacyber.fr>
* ci: enable perfsprint
Signed-off-by: Philippe Antoine <contact@catenacyber.fr>
---------
Signed-off-by: Philippe Antoine <contact@catenacyber.fr>
Eagerly set name in newElem and make Name() read-only to avoid
racy lazy writes under concurrent lookups. Add tests for empty-name
comparisons and concurrent access to Less/Name(). In addition,
regression tests to CloudDNS plugin.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Ignore invalid ServerBlockKeys in loop plugin that fail
normalization. Retain the default “.” zone instead of
indexing into an empty slice. This prevents an
index-out-of-range panic triggered by malformed
inputs such as "unix://".
Added tests to validate and increase test coverage.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Replace naked returns with explicit return values to satisfy nakedret
linter and improve readability.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Previously OriginsFromArgsOrServerBlock accessed the output of
NormalizeExact() by index 0, which could panic when normalization
returned an empty slice on error. This happens with malformed input
surfaced by fuzzing, for example "unix://<non‑UTF8>".
This change hardens normalization in the server block path.
If normalization yields no entries, the original value is preserved.
The function still returns a newly copied slice.
This preserves legacy semantics for valid inputs while eliminating
the crash on malformed ones. Added tests to validate.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Validate dnstap writebuffer (MiB) and queue (x10k) args. Reject
non-integers and out-of-range values with clear errors. Updated
plugin documentation and tests.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
In CI, the first two upstream attempts can stall on UDP and each
consume the default 2s read timeout. Possibly exhausting most of
the 5s forward deadline before the healthy third upstream is tried.
Lower the read timeout to make retries faster.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Cover edge cases in config parser. Add rudimentary View/Filter
tests. Improves test coverage from 44% to 82%.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Enable nilness linter in govet.
Plugin-by-plugin rationale:
- plugin/transfer: reuse error instead of shadowing it inside the for
loop by declaring "ret" outside of the loop
- plugin/view: remove redundant err check
- plugin/dnstap: avoid possible nil dereference in error reporting
path in setup test
- plugin/forward: prevent nil deference or empty-slice dereference on
error paths in setup test
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Add more unit tests for metrics plugin, around registration
deduplication, zone management, restart/shutdown behavior and
context helpers.
Increases test coverage from 54.8% to 76.1%.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Add DNS wire size validation for requests/replies. Limit gRPC
recv/send via default call options, accounting necessary
framing/protobuf overhead. An error is returned for oversized
messages. Add test.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Instead of casting lease ID to uint32, fix the TTL() function
to use etcd time-to-live API for determining TTL. Add configurable
min-lease-ttl and max-lease-ttl options to prevent extreme TTL
values. By default, lease records now go through bounds checking
with 30s to 1d as the min/max.
Added unit tests for validation and docs.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Add ReadTimeout, WriteTimeout, and IdleTimeout (5s each) to metrics HTTP
server and test to verify timeout behavior prevents hanging connections.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Replace manual host:port parsing using net.SplitHostPort +
strconv.ParseUint with the standard library net/netip function
ParseAddrPort. This eliminates integer conversion warnings and
improves type safety.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
Add tests for Startup/Shutdown methods and HTTP endpoints.
Enhance setup tests with edge cases. Increases test coverage
from 58% to 100%.
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
- Upgrade dd-trace-go dependency to v2.2.2
- Separate Zipkin and DataDog code paths for better maintainability
- Add proper tracer shutdown through OnShutdown()
- Replace deprecated opentracer.New() with direct tracer.Start()
- Added tests
Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
