Fixed Headers logic

[pmj1426]

Originally the headers would not execute unless the ContentType field was set to empty and the Headers string contained a semi-colon. Moved the logic and made it so the Headers executes if not empty now.

Summary by CodeRabbit

• Refactor

  • Moved header population to a single post-request-creation step so headers are applied consistently for empty and non-empty requests; public interfaces unchanged.

• Bug Fixes

  • Added strict header format validation: semicolon-separated entries must be header:value with exactly one colon; single entries must also follow header:value.
  • Returns explicit errors when header parts are malformed.

[coderabbitai]

📝 Walkthrough

Walkthrough

Header parsing and population in main.go was moved to a unified post-request-creation block; headers are now validated and split (semicolon-separated) into key:value pairs with explicit error returns for malformed entries. No exported signatures were changed.

Changes

Cohort / File(s)	Summary
Header Processing main.go	Relocated header parsing/adding logic to run after HTTP request creation. Added validation: semicolon-separated headers must be key:value with exactly one colon; single header must also be key:value. Explicit errors returned on malformed header parts. Content-Type handling and request construction unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• Added a new functionality to add custom headers to checks #10 — Modifies header parsing and header-attachment logic in main.go, closely related to this refactor.

Suggested reviewers

• 1nv8rzim

Poem

🐇 I nudged the headers, neat and spry,
From branches hidden to the open sky,
Semicolons split, each key finds its mate,
Errors catch the tangles, tidy and straight,
A rabbit’s nudge — requests now ship on time.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fixed Headers logic' is directly related to the main change: relocating and improving header parsing/validation logic to execute whenever Headers are non-empty, replacing the previous conditional logic.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d9fd42e and f7623fa.

📒 Files selected for processing (1)

• main.go

🧰 Additional context used

🪛 ast-grep (0.40.5)

main.go

[warning] 145-145: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{InsecureSkipVerify: conf.Insecure}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@main.go`:
- Around line 146-148: The tls.Config created as tls_config currently lacks an
explicit MinVersion, which can allow TLS 1.0/1.1; update the tls_config
initialization in the main's setup (where tls_config, http_transpot and client
are created) to set MinVersion to tls.VersionTLS13 (or at minimum
tls.VersionTLS12) so the HTTP client enforces a modern TLS minimum and prevents
downgrade to legacy protocols.
- Line 140: The header parsing at the req.Header.Add call uses strings.Split and
calls it twice, which truncates values containing colons; change this to use
strings.SplitN(element, ":", 2), store the split result in a local variable
(e.g., parts := strings.SplitN(element, ":", 2)), and then call
req.Header.Add(parts[0], parts[1]) to match the behavior of Validate() and avoid
duplicate splits.
- Around line 142-144: The else branch unconditionally calls
strings.Split(conf.Headers, ":")[1] which panics when conf.Headers is empty;
remove the entire else block so headers are only applied when conf.Headers is
non-empty, and update the header handling around req.Header.Add to first check
conf.Headers != "" (or use strings.SplitN(conf.Headers, ":", 2) and validate
length) before accessing the second element; target the conf.Headers usage and
the req.Header.Add call in main.go when making this change.

[1nv8rzim]

Let’s split first, check if there are two elements and then add the header.

This could cause an out of bounds error and kill the the minions

[coderabbitai]

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f7623fa and d434f7b.

📒 Files selected for processing (1)

• main.go

🧰 Additional context used

🪛 ast-grep (0.40.5)

main.go

[warning] 147-147: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{InsecureSkipVerify: conf.Insecure}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@main.go`:
- Around line 138-146: Collapse the two-branch header parsing into a single loop
over strings.Split(conf.Headers, ";") inside Run(), avoid calling strings.Split
twice, and use strings.SplitN(element, ":", 2) with a length check to prevent
panics for elements missing ":" (skip or return an error as per Validate()
behavior); also TrimSpace both header name and value before req.Header.Add so
values containing ":" are preserved and empty/trailing segments don't cause
index-out-of-range errors.
- Line 148: The tls_config currently created as tls_config :=
&tls.Config{InsecureSkipVerify: conf.Insecure} lacks an explicit MinVersion,
allowing TLS 1.0/1.1; update the tls.Config initialization (tls_config) to set
MinVersion to a safe minimum (e.g., tls.VersionTLS12) alongside
InsecureSkipVerify (e.g., include MinVersion: tls.VersionTLS12), so the
connection will reject older TLS versions; ensure the tls package symbol
(tls.VersionTLS12) is used and imports remain correct.

[coderabbitai]

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d434f7b and e207b3a.

📒 Files selected for processing (1)

• main.go

🧰 Additional context used

🪛 ast-grep (0.40.5)

main.go

[warning] 156-156: MinVersionis missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. AddMinVersion: tls.VersionTLS13' to the TLS configuration to bump the minimum version to TLS 1.3.
Context: tls.Config{InsecureSkipVerify: conf.Insecure}
Note: [CWE-327]: Use of a Broken or Risky Cryptographic Algorithm [OWASP A03:2017]: Sensitive Data Exposure [OWASP A02:2021]: Cryptographic Failures [REFERENCES]
https://owasp.org/Top10/A02_2021-Cryptographic_Failures

(missing-ssl-minversion-go)

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@main.go`:
- Around line 138-155: The runtime header-parsing in Run currently diverges from
Validate: it uses strings.Split and a conditional branch on
strings.Contains(conf.Headers, ";"), causing values with colons to be rejected
and duplicating logic; change the block that reads conf.Headers to mirror
Validate by removing the semicolon bifurcation, iterating over
strings.Split(conf.Headers, ";") and for each element using
strings.SplitN(element, ":", 2), validating len(parts) == 2, and then calling
req.Header.Add(parts[0], parts[1]) so inputs accepted by Validate() will be
accepted at runtime.
- Line 157: The tls.Config initialization for tls_config misses a MinVersion,
allowing TLS 1.0/1.1; update the tls.Config literal used where tls_config is
defined to include MinVersion: set MinVersion to tls.VersionTLS12 (or
tls.VersionTLS13 if you want to require TLS1.3) alongside the existing
InsecureSkipVerify: conf.Insecure so the config becomes a tls.Config with both
InsecureSkipVerify and MinVersion set (ensure you reference the crypto/tls
constants tls.VersionTLS12/tls.VersionTLS13).