Summary
The wait_for_status polling loop checks elapsed time at the top, then sleeps for poll_interval. If poll_interval > max_wait, the timeout is never enforced and the function blocks for the full sleep duration.
Location
- File:
src/lib.rs
- Line(s): 236–270
Severity
High
Details
loop {
if started.elapsed() > self.client.max_wait {
return Err(Error::Timeout(...));
}
tokio::time::sleep(self.client.poll_interval).await; // sleep happens AFTER the check
// ...
}With max_wait=10s and poll_interval=60s, the elapsed check passes (t≈0 < 10s), then sleeps 60s — the timeout is never enforced.
Suggested Fix
Clamp the sleep duration to the remaining time:
let remaining = self.client.max_wait
.checked_sub(started.elapsed())
.ok_or(Error::Timeout(self.client.max_wait))?;
tokio::time::sleep(remaining.min(self.client.poll_interval)).await;
Automated finding by repo-monitor
Summary
The
wait_for_statuspolling loop checks elapsed time at the top, then sleeps forpoll_interval. Ifpoll_interval > max_wait, the timeout is never enforced and the function blocks for the full sleep duration.Location
src/lib.rsSeverity
High
Details
With
max_wait=10sandpoll_interval=60s, the elapsed check passes (t≈0 < 10s), then sleeps 60s — the timeout is never enforced.Suggested Fix
Clamp the sleep duration to the remaining time:
Automated finding by repo-monitor