55fd77f724
After discussing in the maintainers meeting, we concluded that Slowloris attacks are not a real risk other than potentially having some additional goroutines lingering around, so setting a long timeout to satisfy the linter, and to at least have "some" timeout. libnetwork/diagnostic/server.go:96:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) srv := &http.Server{ Addr: net.JoinHostPort(ip, strconv.Itoa(port)), Handler: s, } api/server/server.go:60:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) srv: &http.Server{ Addr: addr, }, daemon/metrics_unix.go:34:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec) if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") { ^ cmd/dockerd/metrics.go:27:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec) if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") { ^ Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
---|---|---|
.. | ||
server.go | ||
types.go |