fix: respect duration unit in -rl/-rls rate limit options#1743
fix: respect duration unit in -rl/-rls rate limit options#1743jpirstin wants to merge 1 commit intoprojectdiscovery:devfrom
Conversation
Previously, only MaxCount was stored from parsed rate limits, and duration was hardcoded to time.Second. This meant formats like 'hackertarget=10/m' (per minute) were treated as 10/s. Now SourceRateLimit stores both MaxCount and Duration, and the MultiRateLimiter uses the actual parsed duration. Fixes projectdiscovery#1434
WalkthroughThese changes implement per-source rate limiting with configurable durations. A new Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Poem
🚥 Pre-merge checks | ✅ 6✅ Passed checks (6 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
🤖 Fix all issues with AI agents
Verify each finding against the current code and only fix it if needed.
In `@pkg/runner/runner.go`:
- Line 68: The condition inside the if statement uses a tautology: remove the
redundant check against math.MaxUint and just test the meaningful part; replace
the compound check "sourceRateLimit.MaxCount > 0 && sourceRateLimit.MaxCount <=
math.MaxUint" with a single check for "sourceRateLimit.MaxCount > 0"
(referencing sourceRateLimit.MaxCount in runner.go) and remove the math.MaxUint
dependency; if the intent was to guard against overflow or a sentinel, instead
introduce an explicit sentinel constant or change the type and adjust callers
accordingly.
🧹 Nitpick comments (1)
🤖 Fix all nitpicks with AI agents
Verify each finding against the current code and only fix it if needed. In `@pkg/runner/runner.go`: - Line 68: The condition inside the if statement uses a tautology: remove the redundant check against math.MaxUint and just test the meaningful part; replace the compound check "sourceRateLimit.MaxCount > 0 && sourceRateLimit.MaxCount <= math.MaxUint" with a single check for "sourceRateLimit.MaxCount > 0" (referencing sourceRateLimit.MaxCount in runner.go) and remove the math.MaxUint dependency; if the intent was to guard against overflow or a sentinel, instead introduce an explicit sentinel constant or change the type and adjust callers accordingly.pkg/runner/runner.go (1)
68-68: Tautological condition:sourceRateLimit.MaxCount <= math.MaxUintis always true for auint.Since
MaxCountis of typeuint, it can never exceedmath.MaxUint. This half of the condition is dead code. Likely pre-existing, but worth cleaning up.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@pkg/runner/runner.go` at line 68, The condition inside the if statement uses a tautology: remove the redundant check against math.MaxUint and just test the meaningful part; replace the compound check "sourceRateLimit.MaxCount > 0 && sourceRateLimit.MaxCount <= math.MaxUint" with a single check for "sourceRateLimit.MaxCount > 0" (referencing sourceRateLimit.MaxCount in runner.go) and remove the math.MaxUint dependency; if the intent was to guard against overflow or a sentinel, instead introduce an explicit sentinel constant or change the type and adjust callers accordingly.
Proposed Changes
Fixes #1434 — the
-rland-rlsrate limit options were ignoring the duration unit (e.g.,/mfor per-minute). OnlyMaxCountwas being stored; duration was hardcoded totime.Second./claim #1434
Root Cause
In
pkg/runner/runner.go, when processingoptions.RateLimits.AsMap(), onlysourceRateLimit.MaxCountwas extracted — theDurationfield was discarded. Inpkg/passive/passive.go, the duration passed toaddRateLimiterwas alwaystime.Second.Changes
pkg/subscraping/types.go: AddedSourceRateLimitstruct (MaxCount + Duration). ChangedCustomRateLimit.Customfrommap[string]uinttomap[string]SourceRateLimit.pkg/runner/runner.go: Store bothMaxCountandDurationfrom parsed rate limits (defaulting totime.Secondif unset).pkg/passive/passive.go: Use the stored duration when building theMultiRateLimiterinstead of hardcodedtime.Second.Proof
Before:
subfinder -rls sitedossier=2/m→ treated as 2 requests/second (duration ignored)After:
subfinder -rls sitedossier=2/m→ correctly treated as 2 requests/minuteBuild compiles cleanly:
go build ./...passes with no errors.Checklist
devbranchSummary by CodeRabbit