What happened:
The buildURL function in the router silently discards the error returned by url.Parse. When a sandbox entry point contains a malformed or empty endpoint string, url.Parse returns nil for the URL along with an error — but the error is thrown away with _. That nil URL is then returned to determineUpstreamURL, which wraps it in a successful (*url.URL, nil) return, giving the caller no indication anything went wrong. Downstream, httputil.NewSingleHostReverseProxy(nil) is called with that nil pointer, causing a panic that crashes the router process.
// pkg/router/handlers.go
func buildURL(protocol, endpoint string) *url.URL {
...
url, _ := url.Parse(endpoint) // error silently dropped
return url // may return nil
}What you expected to happen:
A malformed or empty endpoint in a sandbox's entry points should result in a descriptive HTTP error response (e.g. 500 Internal Server Error or 502 Bad Gateway) — not a router panic. The error from url.Parse should be propagated up through determineUpstreamURL so forwardToSandbox can handle it gracefully and return an error to the client.
How to reproduce it (as minimally and precisely as possible):
- Register a sandbox whose
EntryPoints contains an entry with a malformed endpoint (e.g. "://\x00bad" or an empty string "").
- Send any HTTP request to the router that resolves to that sandbox (e.g.
GET /agents/{namespace}/{name}/).
- The router calls
buildURL → gets a nil *url.URL → passes it to httputil.NewSingleHostReverseProxy(nil) → panic / router crash.
Anything else we need to know?:
The fix is straightforward — change buildURL to return (*url.URL, error), propagate the error up through determineUpstreamURL, and handle it in forwardToSandbox the same way other URL errors are already handled (log + return HTTP error). No API surface changes required, this is entirely internal to the router package.
Relevant call chain:
forwardToSandbox → determineUpstreamURL → buildURL → httputil.NewSingleHostReverseProxy
Environment:
- AgentCube version: main (commit
7502b78)
- Kubernetes version: N/A (reproducible at unit test level without a cluster)
- Others: affects the router component (
cmd/router) only
What happened:
The
buildURLfunction in the router silently discards the error returned byurl.Parse. When a sandbox entry point contains a malformed or empty endpoint string,url.Parsereturnsnilfor the URL along with an error — but the error is thrown away with_. ThatnilURL is then returned todetermineUpstreamURL, which wraps it in a successful(*url.URL, nil)return, giving the caller no indication anything went wrong. Downstream,httputil.NewSingleHostReverseProxy(nil)is called with that nil pointer, causing a panic that crashes the router process.What you expected to happen:
A malformed or empty endpoint in a sandbox's entry points should result in a descriptive HTTP error response (e.g.
500 Internal Server Erroror502 Bad Gateway) — not a router panic. The error fromurl.Parseshould be propagated up throughdetermineUpstreamURLsoforwardToSandboxcan handle it gracefully and return an error to the client.How to reproduce it (as minimally and precisely as possible):
EntryPointscontains an entry with a malformed endpoint (e.g."://\x00bad"or an empty string"").GET /agents/{namespace}/{name}/).buildURL→ gets anil *url.URL→ passes it tohttputil.NewSingleHostReverseProxy(nil)→ panic / router crash.Anything else we need to know?:
The fix is straightforward — change
buildURLto return(*url.URL, error), propagate the error up throughdetermineUpstreamURL, and handle it inforwardToSandboxthe same way other URL errors are already handled (log + return HTTP error). No API surface changes required, this is entirely internal to the router package.Relevant call chain:
forwardToSandbox→determineUpstreamURL→buildURL→httputil.NewSingleHostReverseProxyEnvironment:
7502b78)cmd/router) only