2016-07-20 23:11:28 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2023-06-23 00:33:17 +00:00
|
|
|
"context"
|
2016-07-20 23:11:28 +00:00
|
|
|
"net"
|
|
|
|
"net/http"
|
2020-01-29 16:51:01 +00:00
|
|
|
"strings"
|
set ReadHeaderTimeout to address G112: Potential Slowloris Attack (gosec)
After discussing in the maintainers meeting, we concluded that Slowloris attacks
are not a real risk other than potentially having some additional goroutines
lingering around, so setting a long timeout to satisfy the linter, and to at
least have "some" timeout.
libnetwork/diagnostic/server.go:96:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv := &http.Server{
Addr: net.JoinHostPort(ip, strconv.Itoa(port)),
Handler: s,
}
api/server/server.go:60:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv: &http.Server{
Addr: addr,
},
daemon/metrics_unix.go:34:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
cmd/dockerd/metrics.go:27:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 10:13:28 +00:00
|
|
|
"time"
|
2016-07-20 23:11:28 +00:00
|
|
|
|
2023-09-13 15:41:45 +00:00
|
|
|
"github.com/containerd/log"
|
2019-08-05 14:37:47 +00:00
|
|
|
metrics "github.com/docker/go-metrics"
|
2016-07-20 23:11:28 +00:00
|
|
|
)
|
|
|
|
|
2020-01-29 16:51:01 +00:00
|
|
|
func startMetricsServer(addr string) error {
|
2019-09-11 11:40:11 +00:00
|
|
|
if addr == "" {
|
|
|
|
return nil
|
|
|
|
}
|
2016-07-20 23:11:28 +00:00
|
|
|
if err := allocateDaemonPort(addr); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
l, err := net.Listen("tcp", addr)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
mux := http.NewServeMux()
|
|
|
|
mux.Handle("/metrics", metrics.Handler())
|
|
|
|
go func() {
|
2023-06-23 00:33:17 +00:00
|
|
|
log.G(context.TODO()).Infof("metrics API listening on %s", l.Addr())
|
set ReadHeaderTimeout to address G112: Potential Slowloris Attack (gosec)
After discussing in the maintainers meeting, we concluded that Slowloris attacks
are not a real risk other than potentially having some additional goroutines
lingering around, so setting a long timeout to satisfy the linter, and to at
least have "some" timeout.
libnetwork/diagnostic/server.go:96:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv := &http.Server{
Addr: net.JoinHostPort(ip, strconv.Itoa(port)),
Handler: s,
}
api/server/server.go:60:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv: &http.Server{
Addr: addr,
},
daemon/metrics_unix.go:34:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
cmd/dockerd/metrics.go:27:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 10:13:28 +00:00
|
|
|
srv := &http.Server{
|
|
|
|
Handler: mux,
|
|
|
|
ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
|
|
|
|
}
|
|
|
|
if err := srv.Serve(l); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
|
2023-06-23 00:33:17 +00:00
|
|
|
log.G(context.TODO()).WithError(err).Error("error serving metrics API")
|
2016-07-20 23:11:28 +00:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
return nil
|
|
|
|
}
|