linting: address gosec G112/G114

GOGC=75 golangci-lint run services/server/server.go:320:27: G114: Use of net/http serve function that has no support for setting timeouts (gosec) return trapClosedConnErr(http.Serve(l, m)) ^ services/server/server.go:340:27: G114: Use of net/http serve function that has no support for setting timeouts (gosec) return trapClosedConnErr(http.Serve(l, m)) ^ cmd/containerd-stress/main.go:238:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec) if err := http.ListenAndServe(c.Metrics, metrics.Handler()); err != nil { ^ Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 3ebeb6d) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
containerd · Mar 7, 2023 · 682a567 · 682a567
1 parent 627f563
commit 682a567
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/cmd/containerd-stress/main.go b/cmd/containerd-stress/main.go
@@ -211,7 +211,12 @@ func (c config) newClient() (*containerd.Client, error) {
 
 func serve(c config) error {
 	go func() {
-		if err := http.ListenAndServe(c.Metrics, metrics.Handler()); err != nil {
+		srv := &http.Server{
+			Addr:              c.Metrics,
+			Handler:           metrics.Handler(),
+			ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
+		}
+		if err := srv.ListenAndServe(); err != nil {
 			logrus.WithError(err).Error("listen and serve")
 		}
 	}()

diff --git a/services/server/server.go b/services/server/server.go
@@ -330,7 +330,11 @@ func (s *Server) ServeTTRPC(l net.Listener) error {
 func (s *Server) ServeMetrics(l net.Listener) error {
 	m := http.NewServeMux()
 	m.Handle("/v1/metrics", metrics.Handler())
-	return trapClosedConnErr(http.Serve(l, m))
+	srv := &http.Server{
+		Handler:           m,
+		ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
+	}
+	return trapClosedConnErr(srv.Serve(l))
 }
 
 // ServeTCP allows services to serve over tcp
@@ -350,7 +354,11 @@ func (s *Server) ServeDebug(l net.Listener) error {
 	m.Handle("/debug/pprof/profile", http.HandlerFunc(pprof.Profile))
 	m.Handle("/debug/pprof/symbol", http.HandlerFunc(pprof.Symbol))
 	m.Handle("/debug/pprof/trace", http.HandlerFunc(pprof.Trace))
-	return trapClosedConnErr(http.Serve(l, m))
+	srv := &http.Server{
+		Handler:           m,
+		ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
+	}
+	return trapClosedConnErr(srv.Serve(l))
 }
 
 // Stop the containerd server canceling any open connections