InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

pkg/authorization: fix G112 Potential Slowloris Attack (gosec)

Browse Source 
Not a real issue for tests, but easy to fix;

    pkg/authorization/authz_unix_test.go:387:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
2024-11-05 17:54:25 +01:00
parent e6e6f0cdca
commit 79196deae9
1 changed files with 124 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

247
pkg/authorization/authz_unix_test.go
View File

@@ -17,6 +17,7 @@ import (
"reflect"
"strings"
"testing"
"time"
"github.com/docker/docker/pkg/plugins"
"github.com/docker/go-connections/tlsconfig"
@@ -173,129 +174,127 @@ func TestDrainBody(t *testing.T) {
}
func TestSendBody(t *testing.T) {
var (
testcases = []struct {
url string
contentType string
expected bool
}{
{
contentType: "application/json",
expected: true,
},
{
contentType: "Application/json",
expected: true,
},
{
contentType: "application/JSON",
expected: true,
},
{
contentType: "APPLICATION/JSON",
expected: true,
},
{
contentType: "application/json; charset=utf-8",
expected: true,
},
{
contentType: "application/json;charset=utf-8",
expected: true,
},
{
contentType: "application/json; charset=UTF8",
expected: true,
},
{
contentType: "application/json;charset=UTF8",
expected: true,
},
{
contentType: "text/html",
expected: false,
},
{
contentType: "",
expected: false,
},
{
url: "nothing.com/auth",
contentType: "",
expected: false,
},
{
url: "nothing.com/auth",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/auth?p1=test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/test?p1=/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "nothing.com/something/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "nothing.com/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/v1/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "www.nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "https://www.nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "http://nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "www.nothing.com/test?p1=/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "http://www.nothing.com/test?p1=/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "www.nothing.com/something/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "https://www.nothing.com/something/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
}
)
testcases := []struct {
url string
contentType string
expected bool
}{
{
contentType: "application/json",
expected: true,
},
{
contentType: "Application/json",
expected: true,
},
{
contentType: "application/JSON",
expected: true,
},
{
contentType: "APPLICATION/JSON",
expected: true,
},
{
contentType: "application/json; charset=utf-8",
expected: true,
},
{
contentType: "application/json;charset=utf-8",
expected: true,
},
{
contentType: "application/json; charset=UTF8",
expected: true,
},
{
contentType: "application/json;charset=UTF8",
expected: true,
},
{
contentType: "text/html",
expected: false,
},
{
contentType: "",
expected: false,
},
{
url: "nothing.com/auth",
contentType: "",
expected: false,
},
{
url: "nothing.com/auth",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/auth?p1=test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/test?p1=/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "nothing.com/something/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "nothing.com/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "nothing.com/v1/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "www.nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "https://www.nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "http://nothing.com/v1.24/auth/test",
contentType: "application/json;charset=UTF8",
expected: false,
},
{
url: "www.nothing.com/test?p1=/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "http://www.nothing.com/test?p1=/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "www.nothing.com/something/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
{
url: "https://www.nothing.com/something/auth",
contentType: "application/json;charset=UTF8",
expected: true,
},
}
for _, testcase := range testcases {
header := http.Header{}
@@ -387,6 +386,8 @@ func (t *authZPluginTestServer) start() {
Config: &http.Server{
Handler: r,
Addr: pluginAddress,
ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
},
}
t.server.Start()