client: TestTLSCloseWriter: fix G112 Potential Slowloris Attack (gosec)

Not a real issue for tests, but easy to fix; client/hijack_test.go:23:34: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-01-11 18:51:37 +00:00 · 2024-11-05 17:52:24 +01:00
parent 963a9d7504
commit e6e6f0cdca
1 changed files with 32 additions and 28 deletions
--- a/client/hijack_test.go
+++ b/client/hijack_test.go
@@ -9,6 +9,7 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"testing"
+	"time"

 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/types"
@@ -20,36 +21,39 @@ func TestTLSCloseWriter(t *testing.T) {
 	t.Parallel()

 	var chErr chan error
-	ts := &httptest.Server{Config: &http.Server{Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		chErr = make(chan error, 1)
-		defer close(chErr)
-		if err := httputils.ParseForm(req); err != nil {
-			chErr <- errors.Wrap(err, "error parsing form")
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		r, rw, err := httputils.HijackConnection(w)
-		if err != nil {
-			chErr <- errors.Wrap(err, "error hijacking connection")
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		defer r.Close()
+	ts := &httptest.Server{Config: &http.Server{
+		ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			chErr = make(chan error, 1)
+			defer close(chErr)
+			if err := httputils.ParseForm(req); err != nil {
+				chErr <- errors.Wrap(err, "error parsing form")
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			r, rw, err := httputils.HijackConnection(w)
+			if err != nil {
+				chErr <- errors.Wrap(err, "error hijacking connection")
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			defer r.Close()

-		fmt.Fprint(rw, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\n")
+			fmt.Fprint(rw, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\n")

-		buf := make([]byte, 5)
-		_, err = r.Read(buf)
-		if err != nil {
-			chErr <- errors.Wrap(err, "error reading from client")
-			return
-		}
-		_, err = rw.Write(buf)
-		if err != nil {
-			chErr <- errors.Wrap(err, "error writing to client")
-			return
-		}
-	})}}
+			buf := make([]byte, 5)
+			_, err = r.Read(buf)
+			if err != nil {
+				chErr <- errors.Wrap(err, "error reading from client")
+				return
+			}
+			_, err = rw.Write(buf)
+			if err != nil {
+				chErr <- errors.Wrap(err, "error writing to client")
+				return
+			}
+		}),
+	}}

 	var (
 		l   net.Listener