refactor: update utils and add go 1.26 for test workflow#4087
refactor: update utils and add go 1.26 for test workflow#4087ReneWerner87 merged 2 commits intomainfrom
Conversation
WalkthroughThis PR replaces broad Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
No actionable comments were generated in the recent review. 🎉 Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello @ReneWerner87, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request primarily refactors the project's usage of the Highlights
Changelog
Ignored Files
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request updates the gofiber/utils dependency and refactors the code to use its new subpackages. The changes are generally well-executed and include a nice bug fix in services.go. However, I've identified a significant issue in helpers.go where an unsafe function is used on a temporary byte slice, which could lead to memory corruption. Please see my detailed comment on that.
There was a problem hiding this comment.
Pull request overview
This PR refactors the codebase to use specific subpackages from gofiber/utils/v2 (strings and bytes) instead of the top-level package, updates the utils dependency from v2.0.1 to v2.0.2, and adds Go 1.26 to the test workflow matrix.
Changes:
- Migrated from
utils.ToLower/ToUpper/ToLowerBytesto subpackage-specific functions likeutilsstrings.ToLower/UnsafeToLowerandutilsbytes.UnsafeToLower - Updated gofiber/utils/v2 dependency from v2.0.1 to v2.0.2 in go.mod and go.sum
- Added Go 1.26.x to the GitHub Actions test matrix alongside Go 1.25.x
Reviewed changes
Copilot reviewed 18 out of 19 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| services.go | Updated to use utilsstrings.UnsafeToUpper for service state logging, removed redundant ToUpper call |
| router.go | Replaced utils.ToLower/ToUpper with utilsstrings.ToLower/UnsafeToUpper for path normalization and HTTP method handling |
| req.go | Updated string and byte operations to use utilsstrings and utilsbytes subpackages for content encoding, method override, scheme, range, and subdomain handling |
| redirect.go | Changed content-type header processing to use utilsbytes.UnsafeToLower |
| path.go | Updated route pattern matching to use utilsbytes.UnsafeToLower and utilsstrings.ToLower |
| middleware/idempotency/idempotency.go | Simplified header name lowercasing by using utilsstrings.ToLower without CopyString wrapper, but comment is now outdated |
| middleware/csrf/helpers.go | Updated scheme and host normalization to use utilsstrings.UnsafeToLower |
| middleware/csrf/csrf.go | Changed origin and referer header processing to use utilsstrings.UnsafeToLower |
| middleware/cors/utils.go | Updated origin normalization to use utilsstrings.UnsafeToLower |
| middleware/cors/cors.go | Changed origin header processing to use utilsstrings.ToLower |
| middleware/cache/cache.go | Updated Vary header parsing to use utilsstrings.ToLower |
| helpers.go | Removed outdated comment about unsafe byte usage and updated to use utilsbytes.UnsafeToLower |
| ctx.go | Updated path detection to use utilsbytes.UnsafeToLower |
| client/cookiejar.go | Attempted to update domain processing to use utilsbytes.UnsafeToLower, but missing return value assignment (bug) |
| binder/mapping.go | Updated field name handling to use utilsstrings.ToLower and utilsstrings.UnsafeToLower |
| bind.go | Changed content-type processing to use utilsbytes.UnsafeToLower |
| go.mod | Updated gofiber/utils/v2 dependency from v2.0.1 to v2.0.2 |
| go.sum | Updated checksums for gofiber/utils/v2 v2.0.2 |
| .github/workflows/test.yml | Added Go 1.26.x to test matrix |
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
middleware/idempotency/idempotency.go (1)
58-63:⚠️ Potential issue | 🔴 CriticalRemove stale comment and restore
utils.CopyStringto fix a correctness bug.The
utilsstrings.ToLowerfunction usesUnsafeStringinternally when converting uppercase characters, returning a string backed by a temporary[]byte. Storing such an unsafe string as a map key is a correctness bug because the backing memory can be reused after the function returns, corrupting the map key.The original code with
CopyStringwas correct. Removing it introduced a subtle correctness issue. The comment is stale, but it pointed to a real problem.Required fix
keepResponseHeadersMap := make(map[string]struct{}, len(cfg.KeepResponseHeaders)) for _, h := range cfg.KeepResponseHeaders { - // CopyString is needed because utils.ToLower uses UnsafeString - // and map keys must be immutable - keepResponseHeadersMap[utilsstrings.ToLower(h)] = struct{}{} + keepResponseHeadersMap[utils.CopyString(utilsstrings.ToLower(h))] = struct{}{} }
🤖 Fix all issues with AI agents
In `@bind.go`:
- Line 295: The current call in the bind logic constructs ctype using
utils.UnsafeString(utilsbytes.UnsafeToLower(b.ctx.RequestCtx().Request.Header.ContentType())),
but utilsbytes.UnsafeToLower mutates the provided byte slice in-place (which
here is the header's internal buffer returned by
b.ctx.RequestCtx().Request.Header.ContentType()); verify whether mutating the
stored Content-Type is intentional, and if the original header casing must be
preserved replace UnsafeToLower with utilsbytes.ToLower (which returns a new
slice) while still converting to string via utils.UnsafeString, or explicitly
copy the header bytes before calling UnsafeToLower so downstream readers of
Header.ContentType() are unaffected.
In `@helpers.go`:
- Line 565: The code stores a map key using a string created from a
fasthttp-owned buffer via utils.UnsafeString(utilsbytes.UnsafeToLower(key)),
which is unsafe because the underlying buffer can be mutated; change the
creation of lowerKey in the VisitHeaderParams handling to make an owned, safe
lowercase string (e.g., convert the slice to a new string and apply
strings.ToLower or copy the bytes before using UnsafeString) so map keys are not
backed by fasthttp's mutable buffer; update the lowerKey assignment (referencing
lowerKey, VisitHeaderParams, utilsbytes.UnsafeToLower, utils.UnsafeString)
accordingly.
In `@redirect.go`:
- Line 193: The code mutates fasthttp's internal Content-Type buffer by calling
utilsbytes.UnsafeToLower on the header bytes; instead avoid in-place mutation by
converting to a safe string and lowercasing that (or cloning the bytes first).
Replace the UnsafeToLower usage when computing ctype in redirect.go with a
non-mutating call such as
utils.ToLower(utils.UnsafeString(r.c.RequestCtx().Request.Header.ContentType()))
or by copying the header bytes (e.g., make/clone) before calling
utilsbytes.UnsafeToLower so downstream reads (middleware, logs) are not
affected; update references around the variable ctype and usages in
WithInput()/Body() accordingly.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4087 +/- ##
==========================================
- Coverage 91.08% 91.08% -0.01%
==========================================
Files 119 119
Lines 11303 11302 -1
==========================================
- Hits 10295 10294 -1
Misses 637 637
Partials 371 371
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
No description provided.