Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't update httpClient passed to NewClient #3011

Merged
merged 1 commit into from
Dec 16, 2023

Conversation

WillAbides
Copy link
Contributor

@WillAbides WillAbides commented Dec 1, 2023

Users can accidentally leak credentials by doing something like this:

pat := os.Getenv("GITHUB_TOKEN")
httpClient := &http.Client{
	Timeout: time.Second * 30,
}
ghClient := github.NewClient(httpClient).WithAuthToken(pat)

// ... do something with ghClient

httpClient.Get("https://some-sketchy-site")

This PR fixes that by updating NewClient to make a copy of httpClient so that when its transport is updated by WithAuthToken, the original httpClient won't have its transport updated as well.

It also updates TestWithAuthToken to check for leaks

Copy link

codecov bot commented Dec 1, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (062b611) 97.91% compared to head (593c130) 97.89%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #3011      +/-   ##
==========================================
- Coverage   97.91%   97.89%   -0.03%     
==========================================
  Files         150      150              
  Lines       12980    12984       +4     
==========================================
+ Hits        12710    12711       +1     
- Misses        192      194       +2     
- Partials       78       79       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Collaborator

@gmlewis gmlewis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, @WillAbides !
LGTM.

Awaiting second LGTM+Approval from any other contributor to this repo before merging.

@gmlewis gmlewis added the NeedsReview PR is awaiting a review before merging. label Dec 1, 2023
Copy link
Contributor

@valbeat valbeat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@gmlewis gmlewis removed the NeedsReview PR is awaiting a review before merging. label Dec 16, 2023
@gmlewis
Copy link
Collaborator

gmlewis commented Dec 16, 2023

Thank you, @valbeat !
Merging.

@gmlewis gmlewis merged commit 6d3dfc6 into google:master Dec 16, 2023
6 of 7 checks passed
gmlewis pushed a commit to WillAbides/go-github that referenced this pull request Dec 18, 2023
gmlewis pushed a commit to o-sama/go-github that referenced this pull request Dec 19, 2023
fkorotkov added a commit to cirruslabs/cirrus-cli that referenced this pull request Feb 15, 2024
Use a single instance with tweaked defaults across all the invocations. Plus use newer API of `go-github` (including google/go-github#3011 fix).

Previously a default client was used which doesn't have nor request timeout nor idle connection timeout. This resulted in poor `p99` performance since sometimes connections were hanging blocking others to access `github.com`.
fkorotkov added a commit to cirruslabs/cirrus-cli that referenced this pull request Feb 16, 2024
* Optimize HTTP client used for GitHub

Use a single instance with tweaked defaults across all the invocations. Plus use newer API of `go-github` (including google/go-github#3011 fix).

Previously a default client was used which doesn't have nor request timeout nor idle connection timeout. This resulted in poor `p99` performance since sometimes connections were hanging blocking others to access `github.com`.

* Renamed to `defaultGitHubClient`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants