1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/api/server
Sebastiaan van Stijn 997ec12ec8
set ReadHeaderTimeout to address G112: Potential Slowloris Attack (gosec)
After discussing in the maintainers meeting, we concluded that Slowloris attacks
are not a real risk other than potentially having some additional goroutines
lingering around, so setting a long timeout to satisfy the linter, and to at
least have "some" timeout.

    libnetwork/diagnostic/server.go:96:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        srv := &http.Server{
            Addr:    net.JoinHostPort(ip, strconv.Itoa(port)),
            Handler: s,
        }
    api/server/server.go:60:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
                srv: &http.Server{
                    Addr: addr,
                },
    daemon/metrics_unix.go:34:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
            if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
                      ^
    cmd/dockerd/metrics.go:27:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
            if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
                      ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 55fd77f724)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 12:27:32 +02:00
..
backend/build API: add "prune" events 2020-07-28 12:41:14 +02:00
httpstatus errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus 2022-03-21 12:22:39 +01:00
httputils api/server/httputils: move WriteJSON() together with ReadJSON() 2022-04-11 21:37:57 +02:00
middleware bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
router api: set default "Builder-Version" to "2" (BuildKit) on Linux 2022-08-18 12:18:32 -06:00
errorhandler.go errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus 2022-03-21 12:22:39 +01:00
middleware.go api/server: remove "Logging" from config 2022-04-23 23:38:30 +02:00
server.go set ReadHeaderTimeout to address G112: Potential Slowloris Attack (gosec) 2022-09-22 12:27:32 +02:00
server_test.go api/server: use constants for http methods 2019-10-13 17:30:19 +02:00