From 0d7fee0cb1a4d2bfa3d16e9927c1d96e65a3b5e4 Mon Sep 17 00:00:00 2001
From: Tiger Wang <tigerwang@outlook.com>
Date: Wed, 28 Sep 2022 17:30:34 -0400
Subject: [PATCH] fix gosec G114/G112

---
 common/version.go | 2 +-
 main.go           | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/common/version.go b/common/version.go
index 6564be8..ebc0f4c 100644
--- a/common/version.go
+++ b/common/version.go
@@ -1,3 +1,3 @@
 package common
 
-const Version = "0.3.6"
+const Version = "0.3.7"
diff --git a/main.go b/main.go
index e410fcd..03822e7 100644
--- a/main.go
+++ b/main.go
@@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"time"
 
 	"github.com/IceWhaleTech/CasaOS-Common/utils/logger"
 	"github.com/IceWhaleTech/CasaOS-Gateway/common"
@@ -94,7 +95,13 @@ func main() {
 	}
 
 	logger.Info("User service is listening...", zap.Any("address", listener.Addr().String()))
-	err = http.Serve(listener, r)
+
+	s := &http.Server{
+		Handler:           r,
+		ReadHeaderTimeout: 5 * time.Second, // fix G112: Potential slowloris attack (see https://github.com/securego/gosec)
+	}
+
+	err = s.Serve(listener) // not using http.serve() to fix G114: Use of net/http serve function that has no support for setting timeouts (see https://github.com/securego/gosec)
 	if err != nil {
 		panic(err)
 	}