Skip to content

feat: init dynamic modules work #1564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
mathetake wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

feat: init dynamic modules work #1564

mathetake wants to merge 5 commits into from

Conversation

@mathetake
Copy link
Member

@mathetake mathetake commented Nov 24, 2025

Description

wip -- aiming to pass all tests in tests/extproc, without control plane impl

Related Issues/PRs (if applicable)

#90

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 24, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 24, 2025
View reviewed changes
@mathetake mathetake changed the title init dynamic modules feat: init dynamic modules work Nov 24, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 25, 2025
View reviewed changes
@mathetake
feat: init dynamic modules work
8da6b4a 
Signed-off-by: Takeshi Yoneda <[email protected]>
@mathetake
feat: init dynamic modules work
5ff010a 
Signed-off-by: Takeshi Yoneda <[email protected]>
@mathetake
more
b122463 
Signed-off-by: Takeshi Yoneda <[email protected]>
@mathetake
wip
6ae4e4a 
Signed-off-by: Takeshi Yoneda <[email protected]>
@mathetake
moer
b9898a1 
Signed-off-by: Takeshi Yoneda <[email protected]>
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 8, 2025
View reviewed changes
internal/dynamicmodule/upstream_filter.go
e.SendLocalReply(500, nil, []byte(fmt.Sprintf("invalid router filter pointer: %v", err)))
return sdk.RequestHeadersStatusStopIteration
}
rf := (*routerFilter)(unsafe.Pointer(uintptr(rfPtr))) // nolint:govet

Check failure

Code scanning / CodeQL

Incorrect conversion between integer types High

Incorrect conversion of a signed 64-bit integer from
strconv.ParseInt
Loading
to a lower bit size type uintptr without an upper bound check.

Copilot Autofix

AI 1 day ago

To fix this problem:

  • Before converting the int64 value from strconv.ParseInt into a uintptr, check that it's within the representable (non-negative, and <= math.MaxUintptr) range of type uintptr.
  • The lower bound should ensure the parsed value isn't negative (>= 0), since uintptr is unsigned.
  • The upper bound can use math.MaxUintptr from the math package for the maximum allowed uintptr value.
  • If the check fails, send a local reply error and bail out as with other failure cases.
  • Add an import for "math" if it isn't already present in this snippet.

The edits are limited to the code shown in internal/dynamicmodule/upstream_filter.go, specifically in the block covering lines 64-138 (the RequestHeaders function), as well as potentially adding the required import.

Suggested changeset 1
internal/dynamicmodule/upstream_filter.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/internal/dynamicmodule/upstream_filter.go b/internal/dynamicmodule/upstream_filter.go
--- a/internal/dynamicmodule/upstream_filter.go
+++ b/internal/dynamicmodule/upstream_filter.go
@@ -10,6 +10,7 @@
 	"fmt"
 	"strconv"
 	"unsafe"
+	"math"
 
 	"github.com/envoyproxy/ai-gateway/internal/apischema/anthropic"
 	cohereschema "github.com/envoyproxy/ai-gateway/internal/apischema/cohere"
@@ -73,6 +74,10 @@
 		e.SendLocalReply(500, nil, []byte(fmt.Sprintf("invalid router filter pointer: %v", err)))
 		return sdk.RequestHeadersStatusStopIteration
 	}
+	if rfPtr < 0 || uint64(rfPtr) > math.MaxUintptr {
+		e.SendLocalReply(500, nil, []byte(fmt.Sprintf("router filter pointer out of uintptr range: %v", rfPtr)))
+		return sdk.RequestHeadersStatusStopIteration
+	}
 	rf := (*routerFilter)(unsafe.Pointer(uintptr(rfPtr))) // nolint:govet
 	rf.attemptCount++
 	onRetry := rf.attemptCount > 1
EOF
@@ -10,6 +10,7 @@
"fmt"
"strconv"
"unsafe"
"math"

"github.com/envoyproxy/ai-gateway/internal/apischema/anthropic"
cohereschema "github.com/envoyproxy/ai-gateway/internal/apischema/cohere"
@@ -73,6 +74,10 @@
e.SendLocalReply(500, nil, []byte(fmt.Sprintf("invalid router filter pointer: %v", err)))
return sdk.RequestHeadersStatusStopIteration
}
if rfPtr < 0 || uint64(rfPtr) > math.MaxUintptr {
e.SendLocalReply(500, nil, []byte(fmt.Sprintf("router filter pointer out of uintptr range: %v", rfPtr)))
return sdk.RequestHeadersStatusStopIteration
}
rf := (*routerFilter)(unsafe.Pointer(uintptr(rfPtr))) // nolint:govet
rf.attemptCount++
onRetry := rf.attemptCount > 1
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mathetake