fix: address CodeRabbit review — resource leaks and locale thread-safety

pavelzeman · claude · pavelzeman · commit 1e871c129d5a · 2026-03-20T13:50:18.000Z
- Wrap MockWebServer and Response in use{} blocks to prevent resource
  leaks if assertions fail (socket exhaustion, test flakiness)
- Add LOCALE_LOCK companion object and synchronized{} blocks around
  Locale.setDefault() mutations to prevent races under parallel execution
- Applied to both BearerTokenSanitizationTest and
  CompressedResponseSizeInterceptorTest

Co-authored-by: Claude &lt;claude@anthropic.com&gt;
diff --git a/test-runner/src/test/kotlin/com/mattermost/networkclient/BearerTokenSanitizationTest.kt b/test-runner/src/test/kotlin/com/mattermost/networkclient/BearerTokenSanitizationTest.kt
@@ -50,108 +50,106 @@ class BearerTokenSanitizationTest {
     fun brokenInterceptor_failsWithControlCharInToken() {
         val corruptToken = "abc\u0002def"  // Contains 0x02 control character
 
-        val server = MockWebServer()
-        server.enqueue(MockResponse().setBody("ok"))
-        server.start()
-
-        val client = OkHttpClient.Builder()
-            .addInterceptor(BrokenTokenInterceptor(corruptToken))
-            .build()
-
-        val request = Request.Builder()
-            .url(server.url("/test"))
-            .build()
-
-        try {
-            client.newCall(request).execute()
-            Assert.fail("Expected IllegalArgumentException from OkHttp header validation")
-        } catch (e: IllegalArgumentException) {
-            Assert.assertTrue(
-                "Expected error about unexpected char",
-                e.message?.contains("Unexpected char") == true
-            )
-        }
+        MockWebServer().use { server ->
+            server.enqueue(MockResponse().setBody("ok"))
+            server.start()
+
+            val client = OkHttpClient.Builder()
+                .addInterceptor(BrokenTokenInterceptor(corruptToken))
+                .build()
 
-        server.shutdown()
+            val request = Request.Builder()
+                .url(server.url("/test"))
+                .build()
+
+            try {
+                client.newCall(request).execute().use { /* auto-close */ }
+                Assert.fail("Expected IllegalArgumentException from OkHttp header validation")
+            } catch (e: IllegalArgumentException) {
+                Assert.assertTrue(
+                    "Expected error about unexpected char",
+                    e.message?.contains("Unexpected char") == true
+                )
+            }
+        }
     }
 
     @Test
     fun fixedInterceptor_succeedsWithControlCharInToken() {
         val corruptToken = "abc\u0002def"
 
-        val server = MockWebServer()
-        server.enqueue(MockResponse().setBody("ok"))
-        server.start()
-
-        val client = OkHttpClient.Builder()
-            .addInterceptor(FixedTokenInterceptor(corruptToken))
-            .build()
-
-        val request = Request.Builder()
-            .url(server.url("/test"))
-            .build()
+        MockWebServer().use { server ->
+            server.enqueue(MockResponse().setBody("ok"))
+            server.start()
 
-        val response = client.newCall(request).execute()
+            val client = OkHttpClient.Builder()
+                .addInterceptor(FixedTokenInterceptor(corruptToken))
+                .build()
 
-        // Should succeed without throwing
-        Assert.assertEquals(200, response.code)
+            val request = Request.Builder()
+                .url(server.url("/test"))
+                .build()
 
-        // Verify the server received the sanitized token
-        val recordedRequest = server.takeRequest()
-        val authHeader = recordedRequest.getHeader("Authorization")
-        Assert.assertEquals("Bearer abcdef", authHeader)
+            client.newCall(request).execute().use { response ->
+                // Should succeed without throwing
+                Assert.assertEquals(200, response.code)
+            }
 
-        server.shutdown()
+            // Verify the server received the sanitized token
+            val recordedRequest = server.takeRequest()
+            val authHeader = recordedRequest.getHeader("Authorization")
+            Assert.assertEquals("Bearer abcdef", authHeader)
+        }
     }
 
     @Test
     fun fixedInterceptor_skipsHeaderWhenTokenIsAllControlChars() {
         val allControlChars = "\u0001\u0002\u0003"
 
-        val server = MockWebServer()
-        server.enqueue(MockResponse().setBody("ok"))
-        server.start()
-
-        val client = OkHttpClient.Builder()
-            .addInterceptor(FixedTokenInterceptor(allControlChars))
-            .build()
+        MockWebServer().use { server ->
+            server.enqueue(MockResponse().setBody("ok"))
+            server.start()
 
-        val request = Request.Builder()
-            .url(server.url("/test"))
-            .build()
+            val client = OkHttpClient.Builder()
+                .addInterceptor(FixedTokenInterceptor(allControlChars))
+                .build()
 
-        val response = client.newCall(request).execute()
-        Assert.assertEquals(200, response.code)
+            val request = Request.Builder()
+                .url(server.url("/test"))
+                .build()
 
-        // No Authorization header should be set
-        val recordedRequest = server.takeRequest()
-        Assert.assertNull(recordedRequest.getHeader("Authorization"))
+            client.newCall(request).execute().use { response ->
+                Assert.assertEquals(200, response.code)
+            }
 
-        server.shutdown()
+            // No Authorization header should be set
+            val recordedRequest = server.takeRequest()
+            Assert.assertNull(recordedRequest.getHeader("Authorization"))
+        }
     }
 
     @Test
     fun fixedInterceptor_passesCleanTokenUnmodified() {
         val cleanToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.valid.token"
 
-        val server = MockWebServer()
-        server.enqueue(MockResponse().setBody("ok"))
-        server.start()
+        MockWebServer().use { server ->
+            server.enqueue(MockResponse().setBody("ok"))
+            server.start()
 
-        val client = OkHttpClient.Builder()
-            .addInterceptor(FixedTokenInterceptor(cleanToken))
-            .build()
-
-        val request = Request.Builder()
-            .url(server.url("/test"))
-            .build()
+            val client = OkHttpClient.Builder()
+                .addInterceptor(FixedTokenInterceptor(cleanToken))
+                .build()
 
-        val response = client.newCall(request).execute()
-        Assert.assertEquals(200, response.code)
+            val request = Request.Builder()
+                .url(server.url("/test"))
+                .build()
 
-        val recordedRequest = server.takeRequest()
-        Assert.assertEquals("Bearer $cleanToken", recordedRequest.getHeader("Authorization"))
+            client.newCall(request).execute().use { response ->
+                Assert.assertEquals(200, response.code)
+            }
 
-        server.shutdown()
+            val recordedRequest = server.takeRequest()
+            Assert.assertEquals("Bearer $cleanToken", recordedRequest.getHeader("Authorization"))
+        }
     }
 }
diff --git a/test-runner/src/test/kotlin/com/mattermost/networkclient/CompressedResponseSizeInterceptorTest.kt b/test-runner/src/test/kotlin/com/mattermost/networkclient/CompressedResponseSizeInterceptorTest.kt
@@ -20,6 +20,14 @@ import java.util.Locale
  */
 class CompressedResponseSizeInterceptorTest {
 
+    companion object {
+        /**
+         * Lock to prevent parallel tests from racing on Locale.setDefault().
+         * JVM locale is global state — concurrent mutation causes flaky tests.
+         */
+        private val LOCALE_LOCK = Any()
+    }
+
     /**
      * Interceptor using the BROKEN locale-dependent formatting.
      * This is what the code did before the fix.
@@ -65,50 +73,86 @@ class CompressedResponseSizeInterceptorTest {
 
     @Test
     fun brokenInterceptor_failsWithArabicLocale() {
-        val originalLocale = Locale.getDefault()
-        try {
-            // Set Arabic locale — causes String.format to use Arabic-Indic digits
-            Locale.setDefault(Locale("ar"))
-
-            val server = MockWebServer()
-            server.enqueue(MockResponse()
-                .setBody("hello")
-                .setHeader("Content-Length", "5"))
-            server.start()
-
-            val client = OkHttpClient.Builder()
-                .addInterceptor(BrokenInterceptor())
-                .build()
-
-            val request = Request.Builder()
-                .url(server.url("/test"))
-                .build()
-
-            // The broken interceptor produces Arabic-Indic digits in the header value.
-            // OkHttp's header validation rejects non-ASCII characters.
+        synchronized(LOCALE_LOCK) {
+            val originalLocale = Locale.getDefault()
             try {
-                client.newCall(request).execute()
-                Assert.fail("Expected IllegalArgumentException from OkHttp header validation")
-            } catch (e: IllegalArgumentException) {
-                Assert.assertTrue(
-                    "Expected error about unexpected char in header value",
-                    e.message?.contains("Unexpected char") == true
-                )
+                // Set Arabic locale — causes String.format to use Arabic-Indic digits
+                Locale.setDefault(Locale("ar"))
+
+                MockWebServer().use { server ->
+                    server.enqueue(MockResponse()
+                        .setBody("hello")
+                        .setHeader("Content-Length", "5"))
+                    server.start()
+
+                    val client = OkHttpClient.Builder()
+                        .addInterceptor(BrokenInterceptor())
+                        .build()
+
+                    val request = Request.Builder()
+                        .url(server.url("/test"))
+                        .build()
+
+                    // The broken interceptor produces Arabic-Indic digits in the header value.
+                    // OkHttp's header validation rejects non-ASCII characters.
+                    try {
+                        client.newCall(request).execute().use { /* auto-close */ }
+                        Assert.fail("Expected IllegalArgumentException from OkHttp header validation")
+                    } catch (e: IllegalArgumentException) {
+                        Assert.assertTrue(
+                            "Expected error about unexpected char in header value",
+                            e.message?.contains("Unexpected char") == true
+                        )
+                    }
+                }
+            } finally {
+                Locale.setDefault(originalLocale)
             }
-
-            server.shutdown()
-        } finally {
-            Locale.setDefault(originalLocale)
         }
     }
 
     @Test
     fun fixedInterceptor_succeedsWithArabicLocale() {
-        val originalLocale = Locale.getDefault()
-        try {
-            Locale.setDefault(Locale("ar"))
+        synchronized(LOCALE_LOCK) {
+            val originalLocale = Locale.getDefault()
+            try {
+                Locale.setDefault(Locale("ar"))
+
+                MockWebServer().use { server ->
+                    server.enqueue(MockResponse()
+                        .setBody("hello")
+                        .setHeader("Content-Length", "5"))
+                    server.start()
+
+                    val client = OkHttpClient.Builder()
+                        .addInterceptor(FixedInterceptor())
+                        .build()
+
+                    val request = Request.Builder()
+                        .url(server.url("/test"))
+                        .build()
+
+                    client.newCall(request).execute().use { response ->
+                        // Should succeed without throwing
+                        val speedHeader = response.header("X-Speed-Mbps")
+                        Assert.assertNotNull("X-Speed-Mbps header should be present", speedHeader)
+
+                        // Verify the value contains only ASCII characters
+                        Assert.assertTrue(
+                            "Header value should contain only ASCII: $speedHeader",
+                            speedHeader!!.all { it.code in 0x20..0x7E }
+                        )
+                    }
+                }
+            } finally {
+                Locale.setDefault(originalLocale)
+            }
+        }
+    }
 
-            val server = MockWebServer()
+    @Test
+    fun fixedInterceptor_succeedsWithUSLocale() {
+        MockWebServer().use { server ->
             server.enqueue(MockResponse()
                 .setBody("hello")
                 .setHeader("Content-Length", "5"))
@@ -122,45 +166,11 @@ class CompressedResponseSizeInterceptorTest {
                 .url(server.url("/test"))
                 .build()
 
-            val response = client.newCall(request).execute()
-
-            // Should succeed without throwing
-            val speedHeader = response.header("X-Speed-Mbps")
-            Assert.assertNotNull("X-Speed-Mbps header should be present", speedHeader)
-
-            // Verify the value contains only ASCII characters
-            Assert.assertTrue(
-                "Header value should contain only ASCII: $speedHeader",
-                speedHeader!!.all { it.code in 0x20..0x7E }
-            )
-
-            server.shutdown()
-        } finally {
-            Locale.setDefault(originalLocale)
+            client.newCall(request).execute().use { response ->
+                val speedHeader = response.header("X-Speed-Mbps")
+                Assert.assertNotNull(speedHeader)
+                Assert.assertTrue(speedHeader!!.all { it.code in 0x20..0x7E })
+            }
         }
     }
-
-    @Test
-    fun fixedInterceptor_succeedsWithUSLocale() {
-        val server = MockWebServer()
-        server.enqueue(MockResponse()
-            .setBody("hello")
-            .setHeader("Content-Length", "5"))
-        server.start()
-
-        val client = OkHttpClient.Builder()
-            .addInterceptor(FixedInterceptor())
-            .build()
-
-        val request = Request.Builder()
-            .url(server.url("/test"))
-            .build()
-
-        val response = client.newCall(request).execute()
-        val speedHeader = response.header("X-Speed-Mbps")
-        Assert.assertNotNull(speedHeader)
-        Assert.assertTrue(speedHeader!!.all { it.code in 0x20..0x7E })
-
-        server.shutdown()
-    }
 }
