fix: blocklist fails open when a regex fails to compile #72

Closed
opened 2026-07-02 00:20:16 +10:00 by unkinben · 0 comments
Owner

compilePatterns (internal/proxy/classifier.go:63) silently drops any pattern that fails to compile. A typo in a blocklist entry silently turns a deny rule into a no-op (fail-open). Validate patterns at config-write time and reject/log invalid ones.

`compilePatterns` (`internal/proxy/classifier.go:63`) silently drops any pattern that fails to compile. A typo in a blocklist entry silently turns a deny rule into a no-op (fail-open). Validate patterns at config-write time and reject/log invalid ones.
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/artifactapi#72