linting: gosec: fix or suppress G112, G114 in test code

Updating test-code only; set ReadHeaderTimeout for some, or suppress the linter error for others. contrib/httpserver/server.go:11:12: G114: Use of net/http serve function that has no support for setting timeouts (gosec) log.Panic(http.ListenAndServe(":80", nil)) ^ integration/plugin/logging/cmd/close_on_start/main.go:42:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := http.Server{ Addr: l.Addr().String(), Handler: mux, } integration/plugin/logging/cmd/discard/main.go:17:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := http.Server{ Addr: l.Addr().String(), Handler: mux, } integration/plugin/logging/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := http.Server{ Addr: l.Addr().String(), Handler: http.NewServeMux(), } integration/plugin/volumes/cmd/dummy/main.go:14:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := http.Server{ Addr: l.Addr().String(), Handler: http.NewServeMux(), } testutil/fixtures/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) server := http.Server{ Addr: l.Addr().String(), Handler: http.NewServeMux(), } volume/testutils/testutils.go:170:5: G114: Use of net/http serve function that has no support for setting timeouts (gosec) go http.Serve(l, mux) ^ Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-04 14:44:55 +02:00 · 2022-09-04 14:44:55 +02:00 · 31fb92c609
commit 31fb92c609
parent 561a010161
7 changed files with 22 additions and 12 deletions
--- a/contrib/httpserver/server.go
+++ b/contrib/httpserver/server.go
@ -8,5 +8,5 @@ import (
 func main() {
 	fs := http.FileServer(http.Dir("/static"))
 	http.Handle("/", fs)
-	log.Panic(http.ListenAndServe(":80", nil))
+	log.Panic(http.ListenAndServe(":80", nil)) // #nosec G114 -- Ignoring for test-code: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
 }
--- a/integration/plugin/logging/cmd/close_on_start/main.go
+++ b/integration/plugin/logging/cmd/close_on_start/main.go
@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"os"
 	"time"
 )
 type start struct {
@ -40,8 +41,9 @@ func main() {
 		fmt.Fprintln(w, `{}`)
 	})
 	server := http.Server{
-		Addr:    l.Addr().String(),
+		Addr:              l.Addr().String(),
-		Handler: mux,
+		Handler:           mux,
 		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
--- a/integration/plugin/logging/cmd/discard/main.go
+++ b/integration/plugin/logging/cmd/discard/main.go
@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
 	"time"
 )
 func main() {
@ -15,8 +16,9 @@ func main() {
 	handle(mux)
 	server := http.Server{
-		Addr:    l.Addr().String(),
+		Addr:              l.Addr().String(),
-		Handler: mux,
+		Handler:           mux,
 		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }
--- a/integration/plugin/logging/cmd/dummy/main.go
+++ b/integration/plugin/logging/cmd/dummy/main.go
@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
 	"time"
 )
 func main() {
@ -12,8 +13,9 @@ func main() {
 	}
 	server := http.Server{
-		Addr:    l.Addr().String(),
+		Addr:              l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Handler:           http.NewServeMux(),
 		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }
--- a/integration/plugin/volumes/cmd/dummy/main.go
+++ b/integration/plugin/volumes/cmd/dummy/main.go
@ -3,6 +3,7 @@ package main
 import (
 	"net"
 	"net/http"
 	"time"
 )
 func main() {
@ -12,8 +13,9 @@ func main() {
 	}
 	server := http.Server{
-		Addr:    l.Addr().String(),
+		Addr:              l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Handler:           http.NewServeMux(),
 		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	server.Serve(l)
 }
--- a/testutil/fixtures/plugin/basic/basic.go
+++ b/testutil/fixtures/plugin/basic/basic.go
@ -6,6 +6,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
 	"time"
 )
 func main() {
@ -23,8 +24,9 @@ func main() {
 	mux := http.NewServeMux()
 	server := http.Server{
-		Addr:    l.Addr().String(),
+		Addr:              l.Addr().String(),
-		Handler: http.NewServeMux(),
+		Handler:           http.NewServeMux(),
 		ReadHeaderTimeout: 2 * time.Second, // This server is not for production code; picked an arbitrary timeout to statisfy gosec (G112: Potential Slowloris Attack)
 	}
 	mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1.1+json")
--- a/volume/testutils/testutils.go
+++ b/volume/testutils/testutils.go
@ -167,7 +167,7 @@ func MakeFakePlugin(d volume.Driver, l net.Listener) (plugingetter.CompatPlugin,
 		w.Write([]byte("{}"))
 	})
-	go http.Serve(l, mux)
+	go http.Serve(l, mux) // #nosec G114 -- Ignoring for test-code: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
 	return &fakePlugin{client: c, name: d.Name()}, nil
 }