Description
All RwLock acquisitions in src/main.rs (lines 122, 131, 144, 159, 167) use .unwrap(). If a thread panics while holding the lock (e.g., due to an unexpected error in the Redis backend), the RwLock becomes permanently poisoned and every subsequent .unwrap() will panic, crashing the server on every request.
Severity
Medium
Impact
A single panic while the lock is held causes a permanent denial of service - the server stays running but returns no responses, only panics.
Suggested Fix
Replace .unwrap() with proper error handling that returns StatusCode::INTERNAL_SERVER_ERROR and logs the error.
Description
All
RwLockacquisitions insrc/main.rs(lines 122, 131, 144, 159, 167) use.unwrap(). If a thread panics while holding the lock (e.g., due to an unexpected error in the Redis backend), theRwLockbecomes permanently poisoned and every subsequent.unwrap()will panic, crashing the server on every request.Severity
Medium
Impact
A single panic while the lock is held causes a permanent denial of service - the server stays running but returns no responses, only panics.
Suggested Fix
Replace
.unwrap()with proper error handling that returnsStatusCode::INTERNAL_SERVER_ERRORand logs the error.