TT-14891 - adds client ip from XFF by depth #7063

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

sedkis merged 11 commits into master from TT-14891/dynamic-xff-client-ip

Nov 12, 2025

Merged

TT-14891 - adds client ip from XFF by depth #7063

Merge remote-tracking branch 'origin/TT-14891/dynamic-xff-client-ip' …

probelabs / Visor: quality failed Nov 3, 2025 in 3m 55s

🚨 Check Failed

quality check failed because fail_if condition was met.

Details

📊 Summary

Total Issues: 5
Critical Issues: 1
Error Issues: 2
Warning Issues: 2

🔍 Failure Condition Results

❌ Failed Conditions

global_fail_if: Global failure condition met
- ⚠️ Severity: Error

🐛 Issues by Category

🧠 Logic (4)

🚨 request/real_ip.go:42 - A negative XFFDepth value can cause a runtime panic due to an out-of-bounds slice access in xffs[len(xffs)-depth]. The code does not validate against negative inputs.
⚠️ request/real_ip_test.go:193 - The test suite for XFFDepth does not include a test case for a negative depth value. This omission means the potential for a runtime panic from invalid configuration is not covered by tests.
⚠️ request/real_ip.go:31 - The check if len(xffs) == 0 is unreachable because strings.Split() on a non-empty string always returns a slice with at least one element. The associated comment is also misleading.
❌ system:0 - Global failure condition met

🏗️ Architecture (1)

❌ request/real_ip.go:12 - The use of a global function variable (request.Global) to access configuration introduces a hidden dependency, complicates testing, and creates a dependency on initialization order. This makes the code harder to maintain and reason about.

Powered by Visor from Probelabs

💡 TIP: You can chat with Visor using /visor ask <your question>

Annotations

Check failure on line 53 in request/real_ip.go

probelabs / Visor: quality

logic Issue

A negative `XFFDepth` value can cause a runtime panic due to an out-of-bounds slice access in `xffs[len(xffs)-depth]`. The code does not validate against negative inputs.

Raw output


            Add a check to handle negative `depth` values, treating them as invalid or falling back to the default behavior (depth 0). Also, consider adding a `minimum: 0` constraint to the `xff_depth` property in `cli/linter/schema.json`.

Check failure on line 13 in request/real_ip.go

probelabs / Visor: quality

architecture Issue

The use of a global function variable (`request.Global`) to access configuration introduces a hidden dependency, complicates testing, and creates a dependency on initialization order. This makes the code harder to maintain and reason about.

Raw output


            Refactor to use explicit dependency injection. The `XFFDepth` value should be passed as an argument to functions that need it, such as `RealIP(r *http.Request, xffDepth int)`. This makes dependencies explicit and removes the global state.

Check warning on line 241 in request/real_ip_test.go

probelabs / Visor: quality

logic Issue

The test suite for `XFFDepth` does not include a test case for a negative `depth` value. This omission means the potential for a runtime panic from invalid configuration is not covered by tests.

Raw output


            Add a test case to `TestXFFDepth` to verify the system's behavior when `XFFDepth` is negative, ensuring it handles the invalid configuration gracefully (e.g., by falling back to the default).

Check warning on line 34 in request/real_ip.go

probelabs / Visor: quality

logic Issue

The check `if len(xffs) == 0` is unreachable because `strings.Split()` on a non-empty string always returns a slice with at least one element. The associated comment is also misleading.

Raw output


            Remove the dead code block and the misleading comment to improve code clarity.

View more details on probelabs