add checks for invalid casts

Author: aldas

middleware/body_limit.go

@@ -6,6 +6,7 @@ package middleware
 import (
 	"fmt"
 	"io"
+	"net/http"
 	"sync"
 
 	"github.com/labstack/echo/v4"
@@ -77,7 +78,10 @@ func BodyLimitWithConfig(config BodyLimitConfig) echo.MiddlewareFunc {
 			}
 
 			// Based on content read
-			r := pool.Get().(*limitedReader)
+			r, ok := pool.Get().(*limitedReader)
+			if !ok {
+				return echo.NewHTTPError(http.StatusInternalServerError, "invalid pool object")
+			}
 			r.Reset(req.Body)
 			defer pool.Put(r)
 			req.Body = r

middleware/compress.go

@@ -96,7 +96,7 @@ func GzipWithConfig(config GzipConfig) echo.MiddlewareFunc {
 				i := pool.Get()
 				w, ok := i.(*gzip.Writer)
 				if !ok {
-					return echo.NewHTTPError(http.StatusInternalServerError, i.(error).Error())
+					return echo.NewHTTPError(http.StatusInternalServerError, "invalid pool object")
 				}
 				rw := res.Writer
 				w.Reset(rw)
@@ -189,7 +189,9 @@ func (w *gzipResponseWriter) Flush() {
 		w.Writer.Write(w.buffer.Bytes())
 	}
 
-	w.Writer.(*gzip.Writer).Flush()
+	if gw, ok := w.Writer.(*gzip.Writer); ok {
+		gw.Flush()
+	}
 	_ = http.NewResponseController(w.ResponseWriter).Flush()
 }
 

middleware/compress_test.go

@@ -284,7 +284,7 @@ func TestGzipErrorReturnedInvalidConfig(t *testing.T) {
 	rec := httptest.NewRecorder()
 	e.ServeHTTP(rec, req)
 	assert.Equal(t, http.StatusInternalServerError, rec.Code)
-	assert.Contains(t, rec.Body.String(), "gzip")
+	assert.Contains(t, rec.Body.String(), `{"message":"invalid pool object"}`)
 }
 
 // Issue #806