fix(health): avoid 32-bit circuit breaker overflow

omarluq · omarluq · commit da2cd50b1fa1 · 2026-01-30T22:26:54.000-06:00
diff --git a/internal/health/circuit.go b/internal/health/circuit.go
@@ -4,7 +4,6 @@ package health
 import (
 	"context"
 	"errors"
-	"math"
 
 	"github.com/rs/zerolog"
 	"github.com/sony/gobreaker/v2"
@@ -31,18 +30,8 @@ type CircuitBreaker struct {
 // If logger is non-nil, state transitions are logged (Info level, Warn when the breaker opens).
 // The breaker treats a nil error and context.Canceled as successful outcomes.
 func NewCircuitBreaker(name string, cfg CircuitBreakerConfig, logger *zerolog.Logger) *CircuitBreaker {
-	// Get config values with safe uint32 conversion
-	halfOpenProbes := cfg.GetHalfOpenProbes()
-	if halfOpenProbes < 0 {
-		halfOpenProbes = DefaultHalfOpenProbes
-	}
-	failureThreshold := cfg.GetFailureThreshold()
-	if failureThreshold < 0 {
-		failureThreshold = DefaultFailureThreshold
-	}
-
-	maxRequests := safeUint32(halfOpenProbes)
-	failureLimit := safeUint32(failureThreshold)
+	maxRequests := cfg.GetHalfOpenProbes()
+	failureLimit := cfg.GetFailureThreshold()
 
 	settings := gobreaker.Settings{
 		Name:        name,
@@ -76,16 +65,6 @@ func NewCircuitBreaker(name string, cfg CircuitBreakerConfig, logger *zerolog.Lo
 	}
 }
 
-func safeUint32(value int) uint32 {
-	if value <= 0 {
-		return 0
-	}
-	if value > math.MaxUint32 {
-		return math.MaxUint32
-	}
-	return uint32(value)
-}
-
 // Allow checks if a request is allowed through the circuit breaker.
 func (c *CircuitBreaker) Allow() (done func(err error), err error) {
 	d, err := c.cb.Allow()
diff --git a/internal/health/config.go b/internal/health/config.go
@@ -22,23 +22,14 @@ const (
 
 // CircuitBreakerConfig defines circuit breaker behavior.
 type CircuitBreakerConfig struct {
-	// FailureThreshold is the number of consecutive failures before opening the circuit.
-	// Default: 5
-	FailureThreshold int `yaml:"failure_threshold" toml:"failure_threshold"`
-
-	// OpenDurationMS is the duration in milliseconds the circuit stays open before
-	// transitioning to half-open state. Default: 30000 (30 seconds)
-	OpenDurationMS int `yaml:"open_duration_ms" toml:"open_duration_ms"`
-
-	// HalfOpenProbes is the number of probe requests allowed in half-open state.
-	// If all probes succeed, circuit closes. If any fails, circuit reopens.
-	// Default: 3
-	HalfOpenProbes int `yaml:"half_open_probes" toml:"half_open_probes"`
+	OpenDurationMS   int    `yaml:"open_duration_ms" toml:"open_duration_ms"`
+	FailureThreshold uint32 `yaml:"failure_threshold" toml:"failure_threshold"`
+	HalfOpenProbes   uint32 `yaml:"half_open_probes" toml:"half_open_probes"`
 }
 
 // GetFailureThreshold returns the configured failure threshold or default 5.
-func (c *CircuitBreakerConfig) GetFailureThreshold() int {
-	if c.FailureThreshold <= 0 {
+func (c *CircuitBreakerConfig) GetFailureThreshold() uint32 {
+	if c.FailureThreshold == 0 {
 		return DefaultFailureThreshold
 	}
 	return c.FailureThreshold
@@ -54,8 +45,8 @@ func (c *CircuitBreakerConfig) GetOpenDuration() time.Duration {
 }
 
 // GetHalfOpenProbes returns the configured half-open probes or default 3.
-func (c *CircuitBreakerConfig) GetHalfOpenProbes() int {
-	if c.HalfOpenProbes <= 0 {
+func (c *CircuitBreakerConfig) GetHalfOpenProbes() uint32 {
+	if c.HalfOpenProbes == 0 {
 		return DefaultHalfOpenProbes
 	}
 	return c.HalfOpenProbes
diff --git a/internal/health/config_test.go b/internal/health/config_test.go
@@ -11,7 +11,7 @@ func TestCircuitBreakerConfigGetFailureThreshold(t *testing.T) {
 	tests := []struct {
 		name     string
 		config   CircuitBreakerConfig
-		expected int
+		expected uint32
 	}{
 		{
 			name:     "zero value returns default 5",
@@ -28,11 +28,6 @@ func TestCircuitBreakerConfigGetFailureThreshold(t *testing.T) {
 			config:   CircuitBreakerConfig{FailureThreshold: 1},
 			expected: 1,
 		},
-		{
-			name:     "negative value returns default 5",
-			config:   CircuitBreakerConfig{FailureThreshold: -1},
-			expected: 5,
-		},
 	}
 
 	for _, tt := range tests {
@@ -93,7 +88,7 @@ func TestCircuitBreakerConfigGetHalfOpenProbes(t *testing.T) {
 	tests := []struct {
 		name     string
 		config   CircuitBreakerConfig
-		expected int
+		expected uint32
 	}{
 		{
 			name:     "zero value returns default 3",
@@ -110,11 +105,6 @@ func TestCircuitBreakerConfigGetHalfOpenProbes(t *testing.T) {
 			config:   CircuitBreakerConfig{HalfOpenProbes: 1},
 			expected: 1,
 		},
-		{
-			name:     "negative value returns default 3",
-			config:   CircuitBreakerConfig{HalfOpenProbes: -2},
-			expected: 3,
-		},
 	}
 
 	for _, tt := range tests {
diff --git a/internal/proxy/handler_test.go b/internal/proxy/handler_test.go
@@ -111,7 +111,7 @@ func serveMessages(t *testing.T, handler http.Handler) *httptest.ResponseRecorde
 func newTrackedHandler(
 	t *testing.T,
 	providerName, backendURL, routerName string,
-	failureThreshold int,
+	failureThreshold uint32,
 ) (*Handler, *health.Tracker) {
 	t.Helper()
 
