GitList

Browse code

linting: gosec: fix or suppress G112, G114 in test code

Updating test-code only; set ReadHeaderTimeout for some, or suppress the linter
error for others.

contrib/httpserver/server.go:11:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
log.Panic(http.ListenAndServe(":80", nil))
^
integration/plugin/logging/cmd/close_on_start/main.go:42:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
server := http.Server{
Addr: l.Addr().String(),
Handler: mux,
}
integration/plugin/logging/cmd/discard/main.go:17:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
server := http.Server{
Addr: l.Addr().String(),
Handler: mux,
}
integration/plugin/logging/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
server := http.Server{
Addr: l.Addr().String(),
Handler: http.NewServeMux(),
}
integration/plugin/volumes/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
server := http.Server{
Addr: l.Addr().String(),
Handler: http.NewServeMux(),
}
testutil/fixtures/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
server := http.Server{
Addr: l.Addr().String(),
Handler: http.NewServeMux(),
}
volume/testutils/testutils.go:170:5: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
go http.Serve(l, mux)
^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Sebastiaan van Stijn authored on 2022/09/04 21:44:55
Showing 7 changed files

contrib/httpserver/server.go index a75d5ab..74e60b0 100644
integration/plugin/logging/cmd/close_on_start/main.go index 6891d6a..66a9ae2 100644
integration/plugin/logging/cmd/discard/main.go index 15577ca..3a7f2a8 100644
integration/plugin/logging/cmd/dummy/main.go index f91b4f3..f2c8122 100644
integration/plugin/volumes/cmd/dummy/main.go index f91b4f3..f2c8122 100644
testutil/fixtures/plugin/basic/basic.go index 8922728..09b84ba 100644
volume/testutils/testutils.go index 0a20a35..624f760 100644

contrib/httpserver/server.go

History View file @ 31fb92c

@@ -8,5 +8,5 @@ import (
                      func main() {
                      	fs := http.FileServer(http.Dir("/static"))
                      	http.Handle("/", fs)
                     -	log.Panic(http.ListenAndServe(":80", nil))
                     +	log.Panic(http.ListenAndServe(":80", nil)) // #nosec G114 -- Ignoring for test-code: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
+                     }

integration/plugin/logging/cmd/close_on_start/main.go

History View file @ 31fb92c

@@ -6,6 +6,7 @@ import (
                      	"net"
                      	"net/http"
                      	"os"
                     +	"time"
+                     )
                      type start struct {
@@ -40,8 +41,9 @@ func main() {
                      		fmt.Fprintln(w, `{}`)
                      	})
                      	server := http.Server{
                     -		Addr:    l.Addr().String(),
                     -		Handler: mux,
                     +		Addr:              l.Addr().String(),
                     +		Handler:           mux,
                     +		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+                     	}
                      	server.Serve(l)

integration/plugin/logging/cmd/discard/main.go

History View file @ 31fb92c

@@ -3,6 +3,7 @@ package main
                      import (
                      	"net"
                      	"net/http"
                     +	"time"
+                     )
                      func main() {
@@ -15,8 +16,9 @@ func main() {
                      	handle(mux)
                      	server := http.Server{
                     -		Addr:    l.Addr().String(),
                     -		Handler: mux,
                     +		Addr:              l.Addr().String(),
                     +		Handler:           mux,
                     +		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+                     	}
                      	server.Serve(l)
+                     }

integration/plugin/logging/cmd/dummy/main.go

History View file @ 31fb92c

@@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
+	"time"
 )
 
 func main() {
@@ -12,8 +13,9 @@ func main() {
 	}
 
 	server := http.Server{
-		Addr:    l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Addr:              l.Addr().String(),
+		Handler:           http.NewServeMux(),
+		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }

integration/plugin/volumes/cmd/dummy/main.go

History View file @ 31fb92c

@@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
+	"time"
 )
 
 func main() {
@@ -12,8 +13,9 @@ func main() {
 	}
 
 	server := http.Server{
-		Addr:    l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Addr:              l.Addr().String(),
+		Handler:           http.NewServeMux(),
+		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }

testutil/fixtures/plugin/basic/basic.go

History View file @ 31fb92c

@@ -6,6 +6,7 @@ import (
                      	"net/http"
                      	"os"
                      	"path/filepath"
                     +	"time"
+                     )
                      func main() {
@@ -23,8 +24,9 @@ func main() {
                      	mux := http.NewServeMux()
                      	server := http.Server{
                     -		Addr:    l.Addr().String(),
                     -		Handler: http.NewServeMux(),
                     +		Addr:              l.Addr().String(),
                     +		Handler:           http.NewServeMux(),
                     +		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
+                     	}
                      	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
                      		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1.1+json")

volume/testutils/testutils.go

History View file @ 31fb92c

@@ -167,7 +167,7 @@ func MakeFakePlugin(d volume.Driver, l net.Listener) (plugingetter.CompatPlugin,
                      		w.Write([]byte("{}"))
                      	})
                     -	go http.Serve(l, mux)
                     +	go http.Serve(l, mux) // #nosec G114 -- Ignoring for test-code: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
                      	return &fakePlugin{client: c, name: d.Name()}, nil
+                     }

...	...	@@ -3,6 +3,7 @@ package main
3	3	import (
4	4	"net"
5	5	"net/http"
	6	+ "time"
6	7	)
7	8
8	9	func main() {
...	...	@@ -12,8 +13,9 @@ func main() {
12	12	}
13	13
14	14	server := http.Server{
15		- Addr: l.Addr().String(),
16		- Handler: http.NewServeMux(),
	15	+ Addr: l.Addr().String(),
	16	+ Handler: http.NewServeMux(),
	17	+ ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
17	18	}
18	19	server.Serve(l)
19	20	}