Closed peczenyj closed 1 month ago
using govulncheck we got this issue:
=== Symbol Results === Vulnerability #1: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Module: golang.org/x/net Found in: golang.org/x/net@v0.22.0 Fixed in: golang.org/x/net@v0.23.0 Example traces found: #1: internal/impl/azure/input_cosmosdb.go:10:2: azure.init calls runtime.init, which eventually calls http2.ConfigureTransports #2: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.ConnectionError.Error #3: cmd/tools/benthos_docs_gen/main.go:119:20: benthos_docs_gen.doTemplates calls fmt.Sprintf, which eventually calls http2.ErrCode.String #4: cmd/tools/benthos_docs_gen/main.go:119:20: benthos_docs_gen.doTemplates calls fmt.Sprintf, which eventually calls http2.FrameHeader.String #5: cmd/tools/benthos_docs_gen/main.go:119:20: benthos_docs_gen.doTemplates calls fmt.Sprintf, which eventually calls http2.FrameType.String #6: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.ReadFrame #7: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WriteContinuation #8: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WriteData #9: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WriteHeaders #10: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WritePing #11: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WriteRSTStream #12: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WriteSettings #13: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WriteSettingsAck #14: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.Framer.WriteWindowUpdate #15: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.GoAwayError.Error #16: cmd/tools/benthos_docs_gen/main.go:119:20: benthos_docs_gen.doTemplates calls fmt.Sprintf, which eventually calls http2.Setting.String #17: cmd/tools/benthos_docs_gen/main.go:119:20: benthos_docs_gen.doTemplates calls fmt.Sprintf, which eventually calls http2.SettingID.String #18: internal/serverless/lambda/lambda.go:31:22: lambda.Run calls os.Getenv, which eventually calls http2.SettingsFrame.ForeachSetting #19: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.StreamError.Error #20: internal/impl/influxdb/metrics_influxdb.go:396:16: influxdb.influxDBMetrics.Close calls influxdb1.client.Close, which eventually calls http2.Transport.NewClientConn #21: internal/serverless/lambda/lambda.go:91:14: lambda.Run calls lambda.Start, which eventually calls http2.Transport.RoundTrip #22: internal/serverless/lambda/lambda.go:37:14: lambda.Run calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write #23: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.connError.Error #24: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.duplicatePseudoHeaderError.Error #25: internal/cli/studio/sync_schema.go:70:4: studio.syncSchemaCommand calls http2.gzipReader.Close #26: internal/config/lint.go:89:34: config.ReadFileEnvSwap calls io.ReadAll, which calls http2.gzipReader.Read #27: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.headerFieldNameError.Error #28: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.headerFieldValueError.Error #29: internal/serverless/lambda/lambda.go:91:14: lambda.Run calls lambda.Start, which eventually calls http2.noDialH2RoundTripper.RoundTrip #30: internal/impl/pure/output_drop_on.go:259:23: pure.dropOnWriter.loop calls http2.pseudoHeaderError.Error #31: internal/serverless/lambda/lambda.go:37:14: lambda.Run calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write #32: internal/cli/studio/sync_schema.go:70:4: studio.syncSchemaCommand calls http2.transportResponseBody.Close #33: internal/config/lint.go:89:34: config.ReadFileEnvSwap calls io.ReadAll, which calls http2.transportResponseBody.Read #34: cmd/tools/benthos_docs_gen/main.go:119:20: benthos_docs_gen.doTemplates calls fmt.Sprintf, which eventually calls http2.writeData.String
Thanks @peczenyj!
using govulncheck we got this issue: