actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix ReadTimeout for G112 rule

Browse source
This commit is contained in:
云微 2022-06-23 20:58:13 +08:00 committed by GitHub
parent 05f3ca80f9
commit b0f3e78e07
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rules/slowloris.go
View file

@ -35,7 +35,7 @@ func containsReadHeaderTimeout(node *ast.CompositeLit) bool {
for _, elt := range node.Elts {
if kv, ok := elt.(*ast.KeyValueExpr); ok {
if ident, ok := kv.Key.(*ast.Ident); ok {
if ident.Name == "ReadHeaderTimeout" {
if ident.Name == "ReadHeaderTimeout" || ident.Name == "ReadTimeout" {
return true
}
}

23
testutils/source.go
View file

@ -1050,6 +1050,29 @@ func HelloServer(w http.ResponseWriter, r *http.Request) {
}
}
`}, 0, gosec.NewConfig()},
{[]string{`
package main
import (
"fmt"
"time"
"net/http"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %s!", r.URL.Path[1:])
})
server := &http.Server{
Addr: ":1234",
ReadTimeout: 1 * time.Second,
}
err := server.ListenAndServe()
if err != nil {
panic(err)
}
}
`}, 0, gosec.NewConfig()},
}
// SampleCodeG113 - Usage of Rat.SetString in math/big with an overflow