Datasvc/fixing UI #2403
No reviewers
Labels
No labels
1week
2weeks
Failed compliance check
IP cameras
NATS
Possible security concern
Review effort 1/5
Review effort 2/5
Review effort 3/5
Review effort 4/5
Review effort 5/5
UI
aardvark
accessibility
amd64
api
arm64
auth
back-end
bgp
blog
bug
build
checkers
ci-cd
cleanup
cnpg
codex
core
dependencies
device-management
documentation
duplicate
dusk
ebpf
enhancement
eta 1d
eta 1hr
eta 3d
eta 3hr
feature
fieldsurvey
github_actions
go
good first issue
help wanted
invalid
javascript
k8s
log-collector
mapper
mtr
needs-triage
netflow
network-sweep
observability
oracle
otel
plug-in
proton
python
question
reddit
redhat
research
rperf
rperf-checker
rust
sdk
security
serviceradar-agent
serviceradar-agent-gateway
serviceradar-web
serviceradar-web-ng
siem
snmp
sysmon
topology
ubiquiti
wasm
wontfix
zen-engine
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
carverauto/serviceradar!2403
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "refs/pull/2403/head"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Imported from GitHub pull request.
Original GitHub pull request: #1926
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1926
Original created: 2025-11-08T17:03:39Z
Original updated: 2025-11-10T19:38:10Z
Original head: carverauto/serviceradar:datasvc/fixing_ui
Original base: main
Original merged: 2025-11-10T19:37:05Z by @mfreeman451
User description
IMPORTANT: Please sign the Developer Certificate of Origin
Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:
Describe your changes
Issue ticket number and link
Code checklist before requesting a review
PR Type
Enhancement, Tests
Description
Configuration Management System: Implemented comprehensive configuration management with service descriptors, metadata tracking, and KV-based storage with template seeding
Configuration API Endpoints: Added new admin routes for listing config descriptors, checking status, and managing watchers with metadata exposure
Bootstrap Service Pattern: Created unified
cfgbootstrap.Serviceabstraction for simplified configuration loading and KV watching across all servicesConfiguration Templates: Added 25+ embedded service configuration templates (JSON/TOML) for all managed services including core, poller, agent, mapper, sync, and various checkers/consumers
Configuration Sanitization: Implemented sensitive field removal for KV storage with TOML-specific sanitization support
Watcher Registry: Built watcher tracking system for monitoring active KV configuration watchers with event and status tracking
Config-Sync Tool: Created new command-line utility for syncing service configurations from KV to local files with template seeding and optional watching
Web UI Integration: Enhanced config editor with metadata display (revision, origin, timestamp) and dynamic global services discovery from descriptors
Docker & Helm Integration: Updated Dockerfiles and Helm templates with config-sync support including environment variable helpers and entrypoint scripts
Service Migrations: Migrated all services (poller, agent, mapper, sync, checkers, consumers) from legacy
KVManagerto new bootstrap patternUnit Tests: Added comprehensive tests for configuration API, status endpoints, watcher registry, and TOML sanitization
Documentation: Added KV configuration checks and config-sync tool usage documentation
Diagram Walkthrough
File Walkthrough
32 files
auth.go
Configuration management API with template seeding and metadatatrackingpkg/core/api/auth.go
(
handleListConfigDescriptors,handleConfigStatus,handleConfigWatchers) with metadata trackinghandleGetConfigto support service descriptors, templateseeding, and configuration metadata recording
persistence, and configuration entry loading
writeAPIErrormethod andimproved response formatting
registry.go
Service configuration descriptor registry and metadatapkg/config/registry.go
configuration metadata
ConfigFormat(JSON/TOML) andConfigScope(global/poller/agent)enums
template variable substitution
configuration formats
main.go
Faker service configuration bootstrap integrationcmd/faker/main.go
Validate()andapplyDefaults()methods toConfigstruct forconfiguration validation
loadConfigintoloadFakerConfigusing new bootstrap servicepattern
cfgbootstrap.Servicefor unified configuration loadingand KV support
main.go
Configuration synchronization utility toolcmd/tools/config-sync/main.go
KV to local files
files
main.go
DB event writer bootstrap service integrationcmd/consumers/db-event-writer/main.go
KVManagerpattern with newcfgbootstrap.ServiceAPIbootstrapResult.Close()main.go
Poller service bootstrap integrationcmd/poller/main.go
KVManagerto newcfgbootstrap.Servicepatternserver.go
API server configuration endpoints and KV client updatespkg/core/api/server.go
kvGetFnsignature to return revision number as fourth returnvalue
isServiceConfiguredto use newresolveServiceKeymethodwatchers.go
KV watcher registry and tracking systempkg/config/watchers.go
watchers
WatcherInfoandWatcherStatustypes for runtime metadataexposure
thread-safe access
config_templates.go
Embedded service configuration templatespkg/core/api/config_templates.go
configurations
main.go
Sync service bootstrap integrationcmd/sync/main.go
KVManagerinitialization withcfgbootstrap.ServiceAPImain.go
Agent service bootstrap integrationcmd/agent/main.go
KVManagerto newcfgbootstrap.Servicepatternservice.go
Configuration bootstrap service abstractionpkg/config/bootstrap/service.go
Servicefunction for unified configuration loading andwatching
Resulttype withClose()andStartWatch()helper methodswatcher registration
toml_mask.go
TOML document sanitization utilitypkg/config/toml_mask.go
SanitizeTOMLfunction to remove sensitive keys from TOMLdocuments
parsing
data
kv_client.go
KV bootstrap configuration sanitizationpkg/config/kv_client.go
BootstrapConfigto acceptconfigPathparameter and preferon-disk sanitization
sanitizeBootstrapSourceto read and sanitize config files beforeKV storage
cloneConfigfor creating configuration copies viareflection
main.go
Mapper service bootstrap integrationcmd/mapper/main.go
cfgbootstrap.Servicepatternmain.go
SNMP checker bootstrap integrationcmd/checkers/snmp/main.go
cfgbootstrap.ServiceAPImain.go
Sysmon-VM checker bootstrap integrationcmd/checkers/sysmon-vm/main.go
cfgbootstrap.Servicepatternapp.go
Core service bootstrap integrationcmd/core/app/app.go
core.LoadConfigwithcfgbootstrap.Servicepatternnotifications
main.go
NetFlow consumer bootstrap integrationcmd/consumers/netflow/main.go
cfgbootstrap.ServiceAPImain.go
Data service bootstrap integrationcmd/data-services/main.go
cfgbootstrap.Servicepatternkv_watch.go
KV watch watcher event trackingpkg/config/kv_watch.go
StartKVWatchOverlayto track watcher events and errorsmain.go
Dusk checker bootstrap integrationcmd/checkers/dusk/main.go
cfgbootstrap.Servicepatterntypes.go
KV client function signature updatepkg/core/api/types.go
kvGetFnfunction signature to include revision number asfourth return value
route.ts
Web API proxy for config descriptor listingweb/src/app/api/admin/config/route.ts
route.ts
Web API proxy for service configuration managementweb/src/app/api/admin/config/[service]/route.ts
service configurations
sanitize.go
Configuration sanitization for KV storagepkg/config/sanitize.go
sanitizeForKVfunction to remove sensitive fields beforeKV storage
sensitive:"true"tag using models utilityconfig.go
Core configuration KV bootstrap integrationpkg/core/config.go
overlayFromKVto bootstrap core configuration into KV afterloading
logging
proxy.ts
New shared proxy implementation for config APIweb/src/app/api/admin/config/proxy.ts
proxyConfigRequestfunction handling GET, PUT, DELETEmethods
kvStorequery parameter tokv_store_idhandling
run-with-config-sync.sh
Config-sync wrapper entrypoint for servicesdocker/entrypoints/run-with-config-sync.sh
template, role, seeding, and watching
config-syncbinary before launching main service_helpers.tpl
Helm helper for config-sync environment variableshelm/serviceradar/templates/_helpers.tpl
serviceradar.configSyncEnvHelm template helperServicesTreeNavigation.tsx
Dynamic global services discovery and renderingweb/src/components/Admin/ServicesTreeNavigation.tsx
/api/admin/configendpointhardcoded list
metadata display
ConfigEditor.tsx
Config metadata parsing and display in editorweb/src/components/Admin/ConfigEditor.tsx
ConfigMetadataandConfigEnvelopetypes for structured configresponses
buildConfigQueryhelper for consistent query parameterconstruction
last_writer, updated_at)
timestamp
5 files
auth_test.go
Configuration API unit testspkg/core/api/auth_test.go
handleGetConfigagent_idparameter
config_status_test.go
Configuration status API testspkg/core/api/config_status_test.go
watchers_test.go
Watcher registry unit testspkg/config/watchers_test.go
toml_mask_test.go
TOML sanitization unit testspkg/config/toml_mask_test.go
sanitize_test.go
Configuration sanitization unit testspkg/config/sanitize_test.go
30 files
flowgger.yaml
Flowgger Helm template config sync integrationhelm/serviceradar/templates/flowgger.yaml
core.json
Core service configuration templatepkg/core/api/templates/core.json
logging settings
access control
configuration
docker-compose.yml
Config-sync environment setup in docker-composedocker-compose.yml
zen-consumer services
optional watch/seed flags
service
mapper.json
Mapper service configuration templatepkg/core/api/templates/mapper.json
discovery
poller.json
Poller service configuration templatepkg/core/api/templates/poller.json
definitions
settings
db-event-writer.json
DB event writer service configuration templatepkg/core/api/templates/db-event-writer.json
sync.json
Sync service configuration templatepkg/core/api/templates/sync.json
filtering
Dockerfile
Zen consumer Dockerfile with config-sync integrationcmd/consumers/zen/Dockerfile
/etc/serviceradar/templates/consumers/directory
ENTRYPOINT
zen-consumer.json
Zen consumer service configuration templatepkg/core/api/templates/zen-consumer.json
processing
Dockerfile
TRAPD Dockerfile with config-sync integrationcmd/trapd/Dockerfile
/etc/serviceradar/templates/directoryENTRYPOINT
Dockerfile
Flowgger Dockerfile with config-sync integrationcmd/flowgger/Dockerfile
/etc/serviceradar/templates/directoryENTRYPOINT
Dockerfile
OTEL Dockerfile with config-sync integrationcmd/otel/Dockerfile
/etc/serviceradar/templates/directoryENTRYPOINT
netflow-consumer.json
Netflow consumer service configuration templatepkg/core/api/templates/netflow-consumer.json
snmp-checker.json
SNMP checker service configuration templatepkg/core/api/templates/snmp-checker.json
agent.json
Agent service configuration templatepkg/core/api/templates/agent.json
flowgger.toml
Flowgger service TOML configuration templatepkg/core/api/templates/flowgger.toml
faker.json
Faker service configuration templatepkg/core/api/templates/faker.json
otel.toml
OTEL collector service TOML configuration templatepkg/core/api/templates/otel.toml
trapd.json
TRAPD service configuration templatepkg/core/api/templates/trapd.json
sysmon-vm-checker.json
Sysmon-vm checker service configuration templatepkg/core/api/templates/sysmon-vm-checker.json
values.yaml
Helm values for config-sync service configurationhelm/serviceradar/values.yaml
configSyncsection with per-service configurationeach service
datasvc.json
Datasvc service configuration templatepkg/core/api/templates/datasvc.json
dusk-checker.json
Dusk checker service configuration templatepkg/core/api/templates/dusk-checker.json
trapd.yaml
Trapd Helm template config-sync environment injectionhelm/serviceradar/templates/trapd.yaml
serviceradar.configSyncEnvhelper to generate config-syncenvironment variables
configSync.trapdvalues from Helm chartagent-sweep.json
Agent sweep service configuration templatepkg/core/api/templates/agent-sweep.json
otel.yaml
OTEL Helm template config-sync environment injectionhelm/serviceradar/templates/otel.yaml
serviceradar.configSyncEnvhelper to generate config-syncenvironment variables
configSync.otelvalues from Helm chartzen.yaml
Zen Helm template config-sync environment injectionhelm/serviceradar/templates/zen.yaml
serviceradar.configSyncEnvhelper to generate config-syncenvironment variables
configSync.zenvalues from Helm chartagent-snmp.json
Agent SNMP service configuration templatepkg/core/api/templates/agent-snmp.json
agent-mapper.json
Agent mapper service configuration templatepkg/core/api/templates/agent-mapper.json
agent-trapd.json
Agent TRAPD service configuration templatepkg/core/api/templates/agent-trapd.json
1 files
route.ts
Centralize config API route handling with shared proxyweb/src/app/api/config/[service]/route.ts
proxyConfigRequestfunctionPUT, DELETE handlers
implementation
ctxforconsistency
2 files
agents.md
Documentation for KV config checks and config-sync tooldocs/docs/agents.md
options
disk, optionally watches
newarch_plan.md
Architecture plan issue tracking referencesnewarch_plan.md
1 files
Imported GitHub PR comment.
Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1926#issuecomment-3506720817
Original created: 2025-11-08T17:04:56Z
PR Compliance Guide 🔍
(Compliance updated until commit
github.com/carverauto/serviceradar@af6b19d330)Below is a summary of compliance checks for this PR:
Insecure TLS verification
Description: TLS configuration allows InsecureSkipVerify to be enabled via a flag, which can permit
MITM if used in production; this should be guarded or clearly restricted to
development-only builds.
main.go [401-418]
Referred Code
Error information leakage
Description: Error responses echo internal messages directly in JSON which may leak internal details
(keys, store IDs, or stack messages) to clients; sanitize messages before returning to
avoid information disclosure.
auth.go [818-870]
Referred Code
Sensitive data exposure
Description: Corrupt payloads are base64-dumped to disk using filenames derived from untrusted KV keys,
which could enable path confusion or sensitive data exposure if directories are
world-readable; sanitize and restrict permissions.
main.go [430-438]
Referred Code
🎫 No ticket provided
Codebase context is not defined
Follow the guide to enable codebase context checks.
Generic: Meaningful Naming and Self-Documenting Code
Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting
Status: Passed
Generic: Secure Error Handling
Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.
Status: Passed
Generic: Comprehensive Audit Trails
Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.
Status:
Missing audit logs: New admin endpoints perform critical configuration reads/writes, seeding, and watcher
enumeration without emitting structured audit events capturing user identity, action,
target KV key, and outcome.
Referred Code
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation
Status:
Partial edge handling: Tool logs and returns errors appropriately but delete and rehydrate operations lack
retries/backoff and per-key timeouts are parsed but not applied to requests, which may
cause hangs or partial failures under transient conditions.
Referred Code
Generic: Secure Logging Practices
Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.
Status:
Potential sensitive logs: New handlers log KV keys, service names, and errors which may include sensitive
configuration paths; confirm no secret values or sanitized TOML fields are ever logged at
any level.
Referred Code
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities
Status:
Query validation gaps: Handlers accept query parameters like kv_store_id, key, agent_id, and poller_id and
forward them to KV and DB lookups without explicit validation/allowlists, which may risk
key traversal or cross-tenant access without additional unseen checks.
Referred Code
Compliance status legend
🟢 - Fully Compliant🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label
Previous compliance checks
Compliance check up to commit 0cbe2e6
Sensitive information exposure
Description: Raw configuration responses are written back to clients without additional sanitization or
authentication scope checks for sensitive fields, potentially exposing secrets if configs
contain credentials (e.g., TOML/JSON containing tokens).
auth.go [650-676]
Referred Code
Insecure file write
Description: The tool writes KV-fetched configuration to a filesystem path which may be
attacker-controllable via CLI without permission checks, risking overwriting sensitive
files if run with elevated privileges.
main.go [150-174]
Referred Code
Insecure default seeding
Description: Seeding configuration from embedded templates into KV on GET when a key is missing can let
an unauthenticated or overly-permitted caller initialize configuration state if route
protection is misconfigured, leading to privilege or config injection.
auth.go [826-896]
Referred Code
🎫 No ticket provided
Codebase context is not defined
Follow the guide to enable codebase context checks.
Generic: Meaningful Naming and Self-Documenting Code
Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting
Status: Passed
Generic: Secure Error Handling
Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.
Status: Passed
Generic: Comprehensive Audit Trails
Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.
Status:
Missing Audit Logs: New admin config endpoints perform critical actions (reading/updating/seeding
configurations and KV writes) without explicit audit logging of user, action, key, and
outcome in the added code.
Referred Code
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation
Status:
Incomplete Edge Handling: Several new handlers and helpers return generic 500s on KV/template failures without
differentiating transient vs persistent errors or validating query inputs beyond presence
which may hinder graceful degradation.
Referred Code
Generic: Secure Logging Practices
Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.
Status:
Sensitive Log Risk: New logging around configuration get/put and template seeding logs KV keys and may log raw
configuration values indirectly; ensure no secrets or PII from configs (e.g., TOML/JSON
with tokens) are emitted at any level.
Referred Code
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities
Status:
Limited Validation: The update and get config endpoints accept query/body inputs (keys, agent_id, JSON/TOML)
with minimal validation and no explicit sanitization of configuration content before
storage beyond format hints.
Referred Code
Imported GitHub PR comment.
Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1926#issuecomment-3506721680
Original created: 2025-11-08T17:06:07Z
PR Code Suggestions ✨
Latest suggestions up to
af6b19dUse correct gRPC dial function
Replace the non-existent
grpc.NewClientwithgrpc.DialContextto correctlyestablish a gRPC connection and fix a compilation error.
cmd/tools/kv-sweep/main.go [470-474]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies that
grpc.NewClientis not a valid function for creating a gRPC connection, which would cause a compilation error, and provides the correctgrpc.DialContextfunction as a fix.Avoid KV key collisions
Update the
KVKeyTemplateforpoller-icmp,poller-port, andpoller-processto beunique for each service, preventing configuration overwrites.
pkg/config/registry.go [279-301]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies a critical bug where multiple poller service descriptors use the same
KVKeyTemplate, which would cause them to overwrite each other's configurations.Validate SPIFFE env requirements
When
KV_SEC_MODE=spiffe, validate that theKV_TRUST_DOMAINandKV_SERVER_SPIFFE_IDenvironment variables are set. This ensures a clear, earlyfailure instead of a confusing runtime error.
pkg/agent/server.go [269-310]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 8
__
Why: This suggestion improves robustness by adding validation for required environment variables (
KV_TRUST_DOMAIN,KV_SERVER_SPIFFE_ID) when using SPIFFE authentication, ensuring the application fails fast with a clear error message.Bound KV get with timeout
Add a timeout to the context for the KV
Getoperation to prevent hangs andresource leaks if the KV store is slow or unavailable. This improves API server
resilience.
pkg/core/api/server.go [148-176]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies a potential for long-running requests by adding a timeout to the KV client call, which improves the API server's resilience against a slow or unresponsive KV store.
Normalize and dedupe kv_store_id
Refactor the
buildUpstreamUrlfunction to explicitly reconstruct queryparameters, normalizing
kvStoretokv_store_idand preventing duplicateparameter issues.
web/src/app/api/admin/config/proxy.ts [16-36]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 8
__
Why: This is a valuable security hardening suggestion that prevents query parameter pollution by explicitly sanitizing and rebuilding the upstream URL's query string.
Validate required SPIFFE env vars
Add validation to ensure
CORE_TRUST_DOMAINandCORE_SERVER_SPIFFE_IDenvironmentvariables are not empty when using SPIFFE security mode.
pkg/config/bootstrap/core_client.go [52-95]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies that missing SPIFFE environment variables can lead to runtime failures and adds validation to fail fast with a clear error message.
Validate watcher snapshot fields
Add validation to ensure the
StatusandKVKeyfields of aWatcherInfoare notempty before publishing a snapshot to the key-value store.
pkg/config/watchers_snapshot.go [33-51]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 6
__
Why: The suggestion improves data integrity by adding validation for required fields before publishing a watcher snapshot, preventing incomplete records from being stored in the KV.
Write explicit HTTP status
Add an explicit
w.WriteHeader(http.StatusOK)call inwriteRawConfigResponsebefore writing the response body to improve clarity and robustness.
pkg/core/api/auth.go [819-850]
[To ensure code accuracy, apply this suggestion manually]Suggestion importance[1-10]: 4
__
Why: While Go's HTTP server implicitly sends a 200 OK status, explicitly calling
WriteHeaderis a good practice for clarity and robustness, especially in environments with proxies or middleware.Previous suggestions
✅ Suggestions up to commit
15f83a6Use correct gRPC dial API
Replace the non-existent
grpc.NewClientwith the correctgrpc.DialContextfunction to fix a compilation error when creating a gRPC client connection.
pkg/config/bootstrap/template.go [202-206]
Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies that
grpc.NewClientis not a function in the standardgoogle.golang.org/grpcpackage, and replacing it withgrpc.DialContextfixes a compilation error.✅
Avoid nil kvStore panicSuggestion Impact:
The commit added a c.kvStore != nil check around the Put call and introduced a debug log when kvStore is nil, preventing a nil pointer dereference.code diff:
Add a nil check for
c.kvStorebefore attempting to write back the normalizedconfiguration to prevent a potential panic.
pkg/config/config.go [211-220]
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly identifies a potential nil pointer dereference on
c.kvStoreand provides a check to prevent a panic, which is a significant bug fix.✅
Harden error response writingSuggestion Impact:
The commit updated writeAPIError to early-return without writing a body for StatusNoContent and StatusNotModified, and it deletes Content-Type before setting it, matching the suggestion's intent.code diff:
Modify
writeAPIErrorto avoid writing a response body for HTTP statuses like204No Contentand304 Not Modified, which must not include one.pkg/core/api/auth.go [852-862]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies that writing a body for status codes like
204or304violates the HTTP protocol, and the proposed change fixes this, improving the robustness of the newwriteAPIErrorhelper function.✅
Reject numeric duration inputsSuggestion Impact:
The commit implemented rejecting numeric jwt_expiration inputs, preferred string parsing with TrimSpace, and returned specific errors for invalid formats, aligning with the suggestion’s intent.code diff:
Modify the
UnmarshalJSONmethod forAuthConfigto reject numeric values forjwt_expiration, enforcing the use of duration strings to prevent silentmisconfiguration.
pkg/models/auth.go [97-135]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies that parsing a numeric JSON value for
jwt_expirationcan lead to misinterpretation as nanoseconds, and proposes a stricter validation that improves configuration robustness.✅
Nil-safe KV client cleanupSuggestion Impact:
The commit added a conditional nil check around closeFn before deferring it, matching the suggestion.code diff:
In
getKVEntry, add anilcheck forcloseFnbefore deferring its call to preventa potential panic.
pkg/core/api/auth.go [898-926]
Suggestion importance[1-10]: 5
__
Why: The suggestion correctly points out a potential nil pointer dereference if
closeFnisnil. While the implementation ofgetKVClientmight prevent this, adding anilcheck is a good defensive programming practice.✅
Strip hop-by-hop proxy headersSuggestion Impact:
The commit added logic to remove hop-by-hop headers from forwarded requests and adjusted Content-Type handling to only set it for PUT requests based on incoming content-type.code diff:
Prevent potential request smuggling vulnerabilities by stripping hop-by-hop
headers (e.g.,
connection,upgrade) before forwarding requests to the upstreamAPI.
web/src/app/api/admin/config/proxy.ts [37-81]
Suggestion importance[1-10]: 8
__
Why: The suggestion addresses a valid security concern by proposing to strip hop-by-hop headers, which helps prevent HTTP request smuggling vulnerabilities in this proxy implementation.
✅
Harden key unsanitize parsingSuggestion Impact:
The commit updated unsanitizeSegment to require an even number of hex digits, return an error for invalid length, restrict decoded values to 0x20–0x7E with an error otherwise, write bytes instead of runes, and explicitly handle lone '='. It also introduced specific error variables for these cases.code diff:
In
unsanitizeSegment, add validation to ensure hex escape sequences have an evennumber of digits and that the decoded character is within the printable ASCII
range.
cmd/tools/kv-sweep/main.go [543-577]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies that the
unsanitizeSegmentfunction could misinterpret malformed hex escape sequences. Adding validation for an even number of hex digits and restricting the output to a safe ASCII range makes the key parsing more robust and secure.✅
Fix provider close lifecycleSuggestion Impact:
The commit moved the deferred provider.Close() directly after creating the provider and removed the conditional explicit close in the client creation error path, fixing the double-close issue.code diff:
Fix a double-close bug by moving the deferred call to
provider.Close()toimmediately after its creation and removing the redundant explicit close in the
error path.
pkg/core/api/server.go [148-179]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies a double-close bug in the original code and proposes a fix that follows the standard Go idiom for resource cleanup, making the code more robust.
✅
Harden TOML key extraction parserSuggestion Impact:
The commit refactored extractKey to a stateful tomlKeyScanner that handles single and double-quoted strings, multiline triple-quoted strings, escape sequences, and bracket/brace nesting, and stops at comments only outside strings—fulfilling the suggested hardening.code diff:
Harden the
extractKeyfunction's TOML parser to correctly handle various TOMLconstructs like single-quoted strings, multiline strings, and inline tables.
This ensures accurate key extraction for sanitization purposes.
pkg/config/toml_mask.go [109-140]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies that the simple TOML parser in
extractKeyis not robust and could fail to sanitize sensitive data in more complex but valid TOML files, and the proposed change makes it more resilient.✅
Handle encrypted/non-RSA PEM safelySuggestion Impact:
The commit added an encrypted PEM check and adjusted the RSA type assertion to assign only when ok, matching the suggestion's intent. It implemented the encrypted check via a helper isEncryptedPEMBlock instead of x509.IsEncryptedPEMBlock.code diff:
Improve
derivePublicKeyPEMto explicitly check for and reject encrypted PEMblocks and non-RSA keys, providing clearer error messages for unsupported key
formats.
pkg/config/kv_client.go [295-329]
Suggestion importance[1-10]: 6
__
Why: The suggestion improves the robustness of the
derivePublicKeyPEMfunction by adding an explicit check for encrypted PEM blocks and refining the type assertion for RSA keys. This leads to clearer error messages for unsupported key types, which is a valuable improvement for maintainability and debugging.✅
Return 400 on bad service inputSuggestion Impact:
The commit normalized the service name, changed validation to throw TypeError("bad-service"), used the normalized name in the URL, and added a try/catch to return a 400 response with an error message when the service name is invalid.code diff:
Modify the
buildUpstreamUrlfunction to handle invalidservicenames by enablinga 400 Bad Request response instead of throwing an exception that causes a 500
Internal Server Error. Also, normalize the service name to lowercase.
web/src/app/api/admin/config/proxy.ts [17-35]
Suggestion importance[1-10]: 6
__
Why: The suggestion correctly points out that throwing an error for invalid input leads to a 500 response, and proposes a better approach of returning a 400 error, which improves error handling and security.
Add WithBlock to dial options
Add the
grpc.WithBlock()dial option to gRPC connections to ensure connectionerrors are surfaced promptly during startup.
pkg/config/bootstrap/core_client.go [26-49]
Suggestion importance[1-10]: 7
__
Why: Adding
grpc.WithBlock()is a good practice to make gRPC connections fail fast on startup if the endpoint is unreachable, improving service reliability and providing clearer startup error messages.✅ Suggestions up to commit
c096ab3✅
Use grpc.Dial instead of NewClientSuggestion Impact:
The commit replaced grpc.NewClient with grpc.DialContext and adjusted provider cleanup, implementing the suggested fix for creating the gRPC client connection.code diff:
Replace the incorrect
grpc.NewClientcall withgrpc.DialContextto fix acritical bug that prevents gRPC connections.
cmd/tools/kv-sweep/main.go [453-483]
Suggestion importance[1-10]: 10
__
Why: The suggestion correctly identifies a critical bug where
grpc.NewClientis used instead ofgrpc.Dialorgrpc.DialContext, which would cause a runtime failure and prevent the tool from connecting to the gRPC server.✅
Fix unsafe KV fallback key resolutionSuggestion Impact:
The commit updated the fallback logic to strip a "domains/" prefix from the base key, re-qualify the key for the default store, and retry loading. It also guarded the logger call and adjusted format hinting. This addresses the unsafe key resolution during KV fallback as suggested.code diff:
Fix an unsafe key resolution issue in the KV fallback logic. When falling back
to the default store, ensure the key is correctly unqualified to prevent reading
from a domain-specific path.
pkg/core/api/auth.go [608-614]
Suggestion importance[1-10]: 8
__
Why: This suggestion correctly identifies a critical bug where a fallback to the default KV store could use a domain-qualified key, leading to incorrect data access or failures. The fix is accurate and prevents this cross-namespace issue.
✅
Prevent nil pointer on shutdownSuggestion Impact:
The commit added a nil check around bootstrapResult.Close() in the ListenAndServe error handling path, aligning with the suggestion. It also added graceful shutdown handling, but the nil check directly reflects the suggestion’s intent.code diff:
Add a nil check for
bootstrapResultbefore callingClose()in theserver.ListenAndServe()error path to prevent a panic.cmd/faker/main.go [474-477]
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly identifies a potential nil pointer dereference on
bootstrapResultin an error handling path, which would cause a panic during server shutdown.Prevent unsafe duration coercion
Modify
formatDurationValueto avoid interpreting raw numeric values asnanoseconds for durations, as this can lead to misconfiguration.
pkg/config/config.go [354-382]
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly points out that treating numeric JSON values as nanoseconds for
time.Durationis likely incorrect and can lead to silent configuration errors.✅
Prevent security provider resource leaksSuggestion Impact:
The function signature was changed to return a closer func(), with no-op closer on error/insecure paths, and a proper closer that closes the provider. It also handles error paths by closing the provider and returning the no-op closer, aligning with the suggestion’s intent to prevent leaks.code diff:
Imported GitHub PR comment.
Original author: @gitguardian[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1926#issuecomment-3509257034
Original created: 2025-11-10T03:30:19Z
️✅ There are no secrets present in this pull request anymore.
If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Imported GitHub PR comment.
Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1926#issuecomment-3513563431
Original created: 2025-11-10T19:35:53Z
Persistent suggestions updated to latest commit
af6b19d