This commit adds extensive test coverage for the IncrByFloat Redis command,
covering various edge cases and scenarios that were not previously tested.
Test cases added:
- Negative increment values
- Zero increment (should return current value)
- High precision floating point operations
- Non-existent key behavior (should start from 0)
- Integer values stored as strings
- Scientific notation (both positive and negative)
- Error handling for non-numeric values
- Very large numbers (near float64 limits)
- Very small numbers (near zero precision)
These tests ensure robust behavior of the IncrByFloat command across
different numeric formats and edge conditions, improving the overall
reliability and test coverage of the go-redis library.
The tests use Gomega's BeNumerically matcher for floating point
comparisons to handle precision issues appropriately.
* Bumps test image to 8.2.1-pre
Signed-off-by: Elena Kolevska <elena@kolevska.com>
* Missed the “benchmark” job
Signed-off-by: Elena Kolevska <elena@kolevska.com>
---------
Signed-off-by: Elena Kolevska <elena@kolevska.com>
Fix the remaining cluster test failure by updating the RedissUsernamePassword
test case to expect MinVersion: tls.VersionTLS12.
The test was failing because:
- Expected: TLSConfig with MinVersion: 0 (not set)
- Actual: TLSConfig with MinVersion: 771 (TLS 1.2)
This completes the alignment of all cluster test cases with our security-first
approach where all rediss:// URLs automatically enforce TLS 1.2 minimum.
All cluster test cases now consistently expect MinVersion: tls.VersionTLS12
for rediss:// URLs, matching the behavior of single client tests.
Fix the failing cluster test 'ClusterClient ParseURL match ParseClusterURL'
by updating the MissingRedissPort test case to expect MinVersion: tls.VersionTLS12.
The test was failing because:
- Expected: MinVersion: 0 (not set)
- Actual: MinVersion: 771 (TLS 1.2)
This aligns with our security-first approach where all rediss:// URLs
automatically enforce TLS 1.2 minimum, even when no TLS parameters
are explicitly specified.
Test verification:
- Created and ran isolated test confirming ParseClusterURL now correctly
sets MinVersion: 771 for basic rediss://localhost URLs
- All cluster URL parsing now consistent with single client behavior
This resolves the cluster test failure while maintaining the enhanced
security posture across all client types.
After pulling the latest security fixes, update test cases to match the new
security-first behavior where all rediss:// URLs enforce TLS 1.2 minimum:
**Changes Made**:
1. **Cluster Test Fixes**:
- Updated ParseRedissURL test to expect MinVersion: tls.VersionTLS12
- Updated MultipleRedissURLs test to expect MinVersion: tls.VersionTLS12
- Updated RedissTLSCert test to expect MinVersion: tls.VersionTLS12
- Updated RedissSkipVerify test to expect MinVersion: tls.VersionTLS12
2. **Sentinel Client Consistency**:
- Made sentinel client behavior consistent with single/cluster clients
- Always set MinVersion to TLS 1.2 for rediss:// URLs, even when not specified
- Matches the security-first approach across all client types
**Security Behavior**:
- All rediss:// URLs now enforce minimum TLS 1.2 by default
- Consistent security posture across single, cluster, and sentinel clients
- No breaking changes for secure configurations
- Enhanced security for all TLS connections
**Test Results**:
- All single client tests pass ✅
- All builds successful ✅
- Consistent behavior across all client types ✅
This ensures uniform security enforcement and test expectations across
the entire go-redis library.
Address the final 3 CodeQL security alerts for 'Insecure TLS configuration':
**Root Cause**:
CodeQL detected that setting or
would result in , which is insecure
(TLS version 0).
**Security Fix**:
- When or is specified, don't set
the TLS version at all - let Go use its secure defaults
- Only set explicit TLS versions when they are >= TLS 1.2 (secure)
- Applied fix consistently across all client types
**Files Fixed**:
- options.go (lines 609, 620) - Single client
- osscluster.go (lines 336, 350) - Cluster client
- sentinel.go (lines 446, 460) - Sentinel client
**Security Behavior**:
- → Don't set MinVersion (Go default: secure)
- → Error: insecure, minimum TLS 1.2 required
- → Set explicit secure version
- Same logic applies to
**Test Coverage**:
- Added test case for behavior
- Verified all security validation tests pass
- Confirmed no regression in functionality
This resolves all remaining CodeQL security alerts while maintaining
secure defaults and clear error messages for insecure configurations.
Add comprehensive TLS URL parameter support across all Redis client types:
- Cluster Client (ParseClusterURL): Full TLS parameter support
- Sentinel Client (ParseFailoverURL): Full TLS parameter support
- Universal Client: Inherits support from underlying clients
Supported parameters for all client types:
- tls_cert_file and tls_key_file: Client certificate authentication
- tls_min_version and tls_max_version: TLS version constraints
- tls_server_name: Server name override for certificate validation
- skip_verify: Skip certificate verification (existing parameter)
Features:
- Consistent API across all client types
- Comprehensive test coverage for cluster client
- Enhanced documentation for all client configurations
- Proper error handling and validation
This ensures users have the same TLS configuration capabilities
regardless of which Redis client type they use, providing a
consistent and complete TLS configuration experience.
Building on Ben Weissmann's original implementation, this commit adds:
- Snake_case parameter names (addressing reviewer feedback):
* tls_cert_file and tls_key_file (instead of TLSCertPEMFile/TLSKeyPEMFile)
* tls_min_version and tls_max_version (instead of TLSMinVersion/TLSMaxVersion)
* tls_server_name (instead of ServerName)
- Improved error messages for better user experience
- Updated test cases to use snake_case parameters
- Removed redundant tls_insecure_skip_verify (use existing skip_verify)
- Enhanced documentation with clear parameter descriptions
This addresses all reviewer feedback from PR #2076 while maintaining
the core functionality and comprehensive test coverage.
* fix conflicts
* Fix JSON nil response handling
Ensure that JSON.GET returns redis.Nil for missing keys/paths,
making it consistent with other Redis commands.
- Restore proper nil detection logic in JSONCmd.readReply
- Add comprehensive test coverage for JSON nil scenarios
- Handle both non-existent keys and non-existent paths consistently
- Distinguish between empty arrays and nil responses
- Add documentation for Val() and Expanded() methods
Original work and problem identification by Nic Gibson.
Enhanced implementation with comprehensive testing and fixes
for the broken nil detection logic.
Fixes#2987
* Fix JSON nil response handling - align with Redis behavior
- Non-existent keys return redis.Nil (consistent with other Redis commands)
- Non-existent paths in existing keys return empty array '[]'
- Fix broken test that was using wrong doc1 reference
- Add comprehensive test coverage for JSON nil scenarios
This aligns with official Redis JSON.GET behavior:
- Missing keys should return nil error like other Redis commands
- Missing paths should return empty JSON array, not error
* Fix JSONDel tests
---------
Co-authored-by: Nic Gibson <nic.gibson@redis.com>
Co-authored-by: Nedyalko Dyakov <1547186+ndyakov@users.noreply.github.com>
* Fix hard code of failing timeout
1. if not set failing time limit, default is 15 seconds.
* feat: Complete configurable FailingTimeoutSeconds implementation
---------
Co-authored-by: Shino Wu <shino_wu@trendmicro.com>
- replace two similar functions `appendUniqueNode` and `appendIfNotExists` with a generic function.
- simplify the implementation of the `get` method in `clusterNodes`
- keep the member name `_generation` of `clusterNodes` consistent with other types.
- rename a data member `_masterAddr` to `masterAddr`.
Signed-off-by: Xiaolong Chen <fukua95@gmail.com>
* updated stale issue policy
Signed-off-by: Elena Kolevska <elena@kolevska.com>
* Adds a temporary dry run
Signed-off-by: Elena Kolevska <elena@kolevska.com>
---------
Signed-off-by: Elena Kolevska <elena@kolevska.com>
