From 3f8c85128d93762acd9f2a61e3ea4a278016c340 Mon Sep 17 00:00:00 2001 From: Luca Burgazzoli Date: Fri, 23 Aug 2024 12:40:25 +0200 Subject: [PATCH] fix(lint/gosec): use of net/http serve function that has no support for setting timeouts --- pkg/cmd/server.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkg/cmd/server.go b/pkg/cmd/server.go index 9652eba7..13a0ba3e 100644 --- a/pkg/cmd/server.go +++ b/pkg/cmd/server.go @@ -159,7 +159,17 @@ var serverCmd = &cobra.Command{ addr := fmt.Sprintf(":%d", port) log.Info().Int("port", port).Msg("Starting HTTP server") - log.Fatal().Err(http.ListenAndServe(addr, router)) + + // TODO: must validate values + s := &http.Server{ + Addr: addr, + ReadHeaderTimeout: 20 * time.Second, + ReadTimeout: 1 * time.Minute, + WriteTimeout: 2 * time.Minute, + Handler: router, + } + + log.Fatal().Err(s.ListenAndServe()) }, }