Potential memory leak

[e-nikolov]

I'm new to elixir, so I'm not sure if this is true, but since atoms are never cleared from memory, I've heard they are a potential attack vector if user input gets converted to atoms. In the code bellow, the http method gets converted to an atom, and since a user can define an arbitrary method, would this not be an issue?

lib/reverse_proxy_plug.ex

defp prepare_request(conn, options) do
    method = conn.method |> String.downcase() |> String.to_atom()
    ...
end

[j-deng]

@e-nikolov HI, for the http methods to atom, it won't be an attack, because there are only a few methods such as get, post, put, delete and so on, so there are only a few atoms will be created. There is just one atom will be in VM no matter how many times it's created.

[e-nikolov]

Those methods are the most used ones, but using curl for example, you can specify any arbitrary string as an http method.

[j-deng]

@e-nikolov 👍 got it, That's could be a problem. maybe we can use String.to_existing_atom, and pre-generate the method atoms we need.

[j-deng]

@e-nikolov i gotta make some other changes, so by the time maybe do a fix try in here, please review
master...j-deng:master

[mwhitworth]

I've merged #105 - thanks @j-deng!