linting: gosec: fix or suppress G112, G114 in test code

Updating test-code only; set ReadHeaderTimeout for some, or suppress the linter
error for others.

     contrib/httpserver/server.go:11:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
        log.Panic(http.ListenAndServe(":80", nil))
                  ^
     integration/plugin/logging/cmd/close_on_start/main.go:42:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: mux,
        }
     integration/plugin/logging/cmd/discard/main.go:17:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: mux,
        }
     integration/plugin/logging/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     integration/plugin/volumes/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     testutil/fixtures/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }
     volume/testutils/testutils.go:170:5: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
        go http.Serve(l, mux)
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

contrib/httpserver/server.go

@@ -8,5 +8,5 @@ import (
 func main() {
 	fs := http.FileServer(http.Dir("/static"))
 	http.Handle("/", fs)
-	log.Panic(http.ListenAndServe(":80", nil))
+	log.Panic(http.ListenAndServe(":80", nil)) // #nosec G114 -- Ignoring for test-code: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
 }

integration/plugin/logging/cmd/close_on_start/main.go

@@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"time"
 )
 
 type start struct {
@@ -40,8 +41,9 @@ func main() {
 		fmt.Fprintln(w, `{}`)
 	})
 	server := http.Server{
-		Addr:    l.Addr().String(),
-		Handler: mux,
+		Addr:              l.Addr().String(),
+		Handler:           mux,
+		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 
 	server.Serve(l)

integration/plugin/logging/cmd/discard/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
+	"time"
 )
 
 func main() {
@@ -15,8 +16,9 @@ func main() {
 	handle(mux)
 
 	server := http.Server{
-		Addr:    l.Addr().String(),
-		Handler: mux,
+		Addr:              l.Addr().String(),
+		Handler:           mux,
+		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }

integration/plugin/logging/cmd/dummy/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
+	"time"
 )
 
 func main() {
@@ -12,8 +13,9 @@ func main() {
 	}
 
 	server := http.Server{
-		Addr:    l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Addr:              l.Addr().String(),
+		Handler:           http.NewServeMux(),
+		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }

integration/plugin/volumes/cmd/dummy/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
+	"time"
 )
 
 func main() {
@@ -12,8 +13,9 @@ func main() {
 	}
 
 	server := http.Server{
-		Addr:    l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Addr:              l.Addr().String(),
+		Handler:           http.NewServeMux(),
+		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }

testutil/fixtures/plugin/basic/basic.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"time"
 )
 
 func main() {
@@ -23,8 +24,9 @@ func main() {
 
 	mux := http.NewServeMux()
 	server := http.Server{
-		Addr:    l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Addr:              l.Addr().String(),
+		Handler:           http.NewServeMux(),
+		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1.1+json")

volume/testutils/testutils.go

@@ -167,7 +167,7 @@ func MakeFakePlugin(d volume.Driver, l net.Listener) (plugingetter.CompatPlugin,
 		w.Write([]byte("{}"))
 	})
 
-	go http.Serve(l, mux)
+	go http.Serve(l, mux) // #nosec G114 -- Ignoring for test-code: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
 	return &fakePlugin{client: c, name: d.Name()}, nil
 }