Fix issues #631-634: security and performance improvements#698
Merged
Maki-Zeninn merged 5 commits intoJun 27, 2026
Conversation
…r traversal - Add cap == 0 check before modulo operations in get_call_log - Add cap == 0 check in get_call_log_filtered - Prevents panic when log_retention is reconfigured to 0 - Add tests for edge case where log_retention transitions from non-zero to 0
- Add MAX_BACKOFF_MULTIPLIER constant set to 10_000 (100x) - Update initialize() to validate multiplier in [100, 10_000] range - Update set_backoff_config() to validate upper bound - Prevents infinite backoff delays from misconfiguration - Add tests verifying upper bound enforcement
…to O(n) - Replace Vec::contains() linear search with inline loop-based deduplication - Prevents quadratic complexity when many tags exist across routes - More efficient iteration through existing tags - Add test verifying deduplication with repeated tags across routes
- Add test for get_routes_by_tag with multiple overlapping routes - Add test for get_routes_by_tag with missing tags - Verify correctness of tag-based route lookup - Note: current O(n²) implementation acceptable for test verification - Future optimization would use reverse index for O(1) tag lookups
|
@goldemaverick-ui Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR addresses four critical issues affecting router contract performance and security:
Issues Fixed
Issue #634: Modulo by Zero Panic in router-middleware
get_call_log()could panic whenlog_retentionis 0Issue #633: Unbounded Backoff Multiplier in router-execution
set_backoff_config()had no upper bound on backoff_multiplierIssue #632: O(n²) Complexity in get_all_tags
get_all_tags()used Vec::contains() for deduplicationIssue #631: O(n²) Complexity in get_routes_by_tag
Testing
Commits
fix(#634): guard modulo by zero in get_call_log ring buffer traversalfix(#633): add upper bound validation for backoff_multiplierfix(#632): optimize get_all_tags deduplication from O(n²) to O(n)test(#631): add tests for get_routes_by_tag with many routesCloses #631
Closes #632
Closes #633
Closes #634