feat: add scheme length validation to prevent invalid protocols

[gfpcom]

Summary by Sourcery

Bug Fixes:

• Reject proxy URLs with empty or excessively long schemes to prevent invalid or malformed protocols from being parsed.

Summary by CodeRabbit

• Bug Fixes
  • Added validation to reject proxy URLs with scheme lengths exceeding limits, preventing invalid configuration errors.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds defensive validation on parsed proxy URL schemes by enforcing a reasonable length range before proceeding with protocol-specific handling, returning ErrInvalidProxy when the scheme is empty or excessively long.

Sequence diagram for proxy URL parsing with scheme length validation

sequenceDiagram
    participant Caller
    participant Parser as ParseProxyURL
    participant URLPkg as url_Parse

    Caller->>Parser: ParseProxyURL(proto, proxyURL)
    Parser->>URLPkg: Parse(proxyURL)
    URLPkg-->>Parser: URL u or error
    alt url parse error
        Parser-->>Caller: return nil, ErrInvalidProxy
    else url parse ok
        Parser->>Parser: scheme = toLower(u.Scheme)
        alt invalid scheme length
            Parser-->>Caller: return nil, ErrInvalidProxy
        else valid scheme length
            Parser->>Parser: switch scheme
            Parser-->>Caller: return Proxy, nil
        end
    end

Loading

File-Level Changes

Change	Details	Files
Add scheme length validation before protocol handling to reject empty or overly long proxy schemes.	Introduce a length check on the normalized scheme, rejecting schemes with length 0 or greater than 15 Return ErrInvalidProxy when the scheme fails the length validation, before any protocol-specific switch logic is executed Leave existing protocol mapping and default handling logic unchanged aside from flowing through the new validation	internal/parser.go

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

A new exported constant MaxSchemeLength (value 15) is introduced to the internal parser package, along with validation logic in ParseProxyURL that rejects proxy schemes with length zero or exceeding the maximum threshold, returning an error before downstream protocol processing.

Changes

Cohort / File(s)	Summary
Scheme length validation internal/parser.go	Added exported constant MaxSchemeLength (15) and validation in ParseProxyURL to reject schemes with invalid lengths (0 or > 15), returning ErrInvalidProxy before protocol-specific parsing logic

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A length limit carved in stone,
MaxSchemeLength now makes its home,
Fifteen characters max, no more,
Validation guards the parser's door! 🚪✨

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The hardcoded 15 for maximum scheme length is a magic number; consider extracting it into a named constant (with a brief comment on why 15) so future maintainers understand and can safely adjust the limit.
• There is an extra blank line added before the default case body in the switch; consider removing it to keep the formatting consistent with the other cases.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The hardcoded `15` for maximum scheme length is a magic number; consider extracting it into a named constant (with a brief comment on why 15) so future maintainers understand and can safely adjust the limit.
- There is an extra blank line added before the `default` case body in the switch; consider removing it to keep the formatting consistent with the other cases.

## Individual Comments

### Comment 1
<location> `internal/parser.go:52-53` </location>
<code_context>

 	scheme := strings.ToLower(u.Scheme)

+	// Validate scheme length to prevent invalid protocols
+	if len(scheme) == 0 || len(scheme) > 15 {
+		return nil, ErrInvalidProxy
+	}
</code_context>

<issue_to_address>
**issue (bug_risk):** The hard-coded 15-character scheme length limit may reject valid or future proxy schemes.

Since RFC 3986 does not specify a length limit for schemes and some valid schemes exceed 15 characters, this cap risks rejecting legitimate or future protocols. If the goal is input validation, consider checking only that the scheme is non-empty and matches the allowed character pattern (e.g. `[A-Za-z][A-Za-z0-9+.-]*`), or, if a product-specific limit is required, document it and extract the limit into a named constant for easier adjustment.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}