search

kubernetes-sigs / cluster-api-provider-nested

Cluster API Provider for Nested Clusters
Apache License 2.0
299 stars 65 forks source link

🐛 Add ReadHeaderTimeout values #291

Closed m-messiah closed 2 years ago

m-messiah commented 2 years ago

What steps did you take and what happened: [A clear and concise description on how to REPRODUCE the bug.] The following lint errors started showing up after the latest upgrade to golangci-lint (v1.47.1):

cmd/vn-agent/app/server.go:100:8: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        s := &http.Server{
                Addr:    fmt.Sprintf(":%d", serverOption.Port),
                Handler: handler,
                TLSConfig: &tls.Config{
                        ClientAuth: tls.RequestClientCert,
                        MinVersion: tls.VersionTLS12,
                },
        }

/kind bug [One or more /area label. See https://github.com/kubernetes-sigs/cluster-api-provider-nested/labels?q=area for the list of labels]

christopherhein commented 2 years ago

Thanks for catching this, I wonder if we should consider upgrading to 1.47.1 golangci-lint and then make sure we resolve this in that addition?