Fix gosec scan: G112 (CWE-400) Potential Slowloris Attack (#10872)

This commit is contained in:
terencechain 2022-06-13 15:29:26 -07:00 committed by GitHub
parent 80f4f22401
commit 4c4fb9f2c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 13 additions and 8 deletions

View File

@ -121,8 +121,9 @@ func (g *Gateway) Start() {
}
g.server = &http.Server{
Addr: g.cfg.gatewayAddr,
Handler: corsMux,
Addr: g.cfg.gatewayAddr,
Handler: corsMux,
ReadHeaderTimeout: time.Second,
}
go func() {

View File

@ -52,7 +52,7 @@ func NewService(addr string, svcRegistry *runtime.ServiceRegistry, additionalHan
mux.HandleFunc(h.Path, h.Handler)
}
s.server = &http.Server{Addr: addr, Handler: mux}
s.server = &http.Server{Addr: addr, Handler: mux, ReadHeaderTimeout: time.Second}
return s
}

View File

@ -2,6 +2,7 @@ package prometheus
import (
"net/http"
"time"
"github.com/prometheus/client_golang/prometheus/promhttp"
)
@ -12,6 +13,6 @@ func RunSimpleServerOrDie(addr string) {
mux := http.NewServeMux()
mux.Handle("/metrics", promhttp.Handler())
svr := &http.Server{Addr: addr, Handler: mux}
svr := &http.Server{Addr: addr, Handler: mux, ReadHeaderTimeout: time.Second}
log.Fatal(svr.ListenAndServe())
}

View File

@ -78,8 +78,9 @@ func (ts *TracingSink) Stop() error {
func (ts *TracingSink) initializeSink(ctx context.Context) {
mux := &http.ServeMux{}
ts.server = &http.Server{
Addr: ts.endpoint,
Handler: mux,
Addr: ts.endpoint,
Handler: mux,
ReadHeaderTimeout: time.Second,
}
defer func() {
if err := ts.server.Close(); err != nil {

View File

@ -14,6 +14,7 @@ import (
"net/http"
"strings"
"sync"
"time"
"github.com/pkg/errors"
"github.com/prysmaticlabs/prysm/network"
@ -72,8 +73,9 @@ func New(opts ...Option) (*Proxy, error) {
mux.Handle("/", p)
addr := fmt.Sprintf("%s:%d", p.cfg.proxyHost, p.cfg.proxyPort)
srv := &http.Server{
Handler: mux,
Addr: addr,
Handler: mux,
Addr: addr,
ReadHeaderTimeout: time.Second,
}
p.address = addr
p.srv = srv