Skip to content

v1.143.0

Choose a tag to compare

@github-actions github-actions released this 09 Jul 15:39
7f79240

This release reworks pkg/filter for a ~4x evaluation speedup and secure-by-default input limits, with a smaller public API. It also refactors the example service startup wiring. It contains breaking changes in pkg/filter.

⚠️ Breaking changes (pkg/filter)

  • The package-level ParseJSON function, the Evaluator interface, and the Rule.Evaluate method are no longer exported. Rule is now a pure data struct, and untrusted input must be decoded via the size-limited entry points Processor.ParseJSON or Processor.ParseURLQuery.
  • New secure-by-default limits reject previously-accepted oversized inputs unless raised via the matching options: rule string/regexp values are capped at 4096 bytes (WithMaxValueLength), JSON payloads at 64 KiB (WithMaxFilterBytes), and field-selector nesting at depth 32 (WithMaxFieldDepth). The number of OR groups in a rule set is also capped.
  • A nil interface slice element combined with a field selector is now filtered out (non-match), consistent with nil-pointer handling, instead of returning an error.

Performance

  • Rules are evaluated on a reflect.Value instead of boxing every element and field into an any, and each rule's field path is resolved once per Apply for concrete slices instead of a per-element cache lookup. The Equal_10000 benchmark drops from ~1.85 ms to ~0.44 ms (~4x), and per-element allocations drop from ~2 per element to a small constant.

Security

  • All client-attributable errors are wrapped in the new ErrInvalidFilter sentinel, so handlers can reject bad filters generically (e.g. HTTP 400) without surfacing client input or internal type names.
  • Added a package Security section documenting RE2's linear-time matching (no ReDoS) and the caller's authorization responsibility, plus a FuzzFilterApply panic-safety fuzz harness.

Examples

  • examples/service: decomposed the startup wiring into focused helpers (newIpifyClient, bindServiceHandlers, newDatabases, newLogConfig), removing the gocognit/funlen/nestif/prealloc lint suppressions while keeping a linear, copy-paste-friendly startup blueprint.
  • The configured service logger is now threaded into healthcheck.NewHandler via WithLogger, so health-check warnings and recovered panics are structured and release-correlated like every other component.
  • Shared outbound HTTP client options are built once and reused per client; the ipify client is documented as a diagnostic-only dependency deliberately not registered as a health check.
  • Aligned the shipped config default db.{main,read}.conn_max_open with SetDefaults and the JSON schema (50), and added a "service enabled, database disabled" bind test restoring 100% statement coverage.

All packages retain 100% test coverage and pass strict golangci-lint.

Full Changelog: v1.142.1...v1.143.0