fix gosec G114/G112

2025-03-15 23:25:35 +07:00 · 2022-09-28 17:30:34 -04:00 · 2022-09-28 17:30:34 -04:00 · 0d7fee0cb1
commit 0d7fee0cb1
parent 8fcaee063d
2 changed files with 9 additions and 2 deletions
--- a/common/version.go
+++ b/common/version.go
@ -1,3 +1,3 @@
 package common

-const Version = "0.3.6"
+const Version = "0.3.7"
--- a/main.go
+++ b/main.go
@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"time"

 	"github.com/IceWhaleTech/CasaOS-Common/utils/logger"
 	"github.com/IceWhaleTech/CasaOS-Gateway/common"
@ -94,7 +95,13 @@ func main() {
 	}

 	logger.Info("User service is listening...", zap.Any("address", listener.Addr().String()))
-	err = http.Serve(listener, r)
+
+	s := &http.Server{
+		Handler:           r,
+		ReadHeaderTimeout: 5 * time.Second, // fix G112: Potential slowloris attack (see https://github.com/securego/gosec)
+	}
+
+	err = s.Serve(listener) // not using http.serve() to fix G114: Use of net/http serve function that has no support for setting timeouts (see https://github.com/securego/gosec)
 	if err != nil {
 		panic(err)
 	}