membphis commented on code in PR #13467:
URL: https://github.com/apache/apisix/pull/13467#discussion_r3361363441


##########
apisix/plugins/limit-conn/init.lua:
##########
@@ -43,14 +44,29 @@ local _M = {}
 
 local function resolve_var(ctx, value)
     if type(value) == "string" then
+        local original = value
         local err, _
         value, err, _ = core.utils.resolve_var(value, ctx.var)
         if err then
-            return nil, "could not resolve var for value: " .. value .. ", 
err: " .. err
+            return nil, "could not resolve var for value: " .. original .. ", 
err: " .. err
         end
+        local resolved = value
         value = tonumber(value)
         if not value then
-            return nil, "resolved value is not a number: " .. tostring(value)
+            return nil, "resolved value is not a number: " .. 
tostring(resolved)
+        end
+        if value <= 0 then

Review Comment:
   Could we split validation between `conn` and `burst` here? `burst = 0` is 
valid in the schema/docs (`integer`, `minimum = 0`), but this helper is also 
used for `conf.burst` and `rule.burst`, so a config like `burst = "${http_burst 
?? 0}"` will pass schema and then fail requests with 500 once it resolves to 0 
(or skip the matching rule in `rules`). `conn` should stay positive, but 
dynamic `burst` should allow 0 while still rejecting negative, fractional, and 
unsafe integer values.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to