Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade linter and address new warnings #340

Merged
merged 4 commits into from
Aug 11, 2022
Merged

Conversation

chlowell
Copy link
Collaborator

No description provided.

@sonarcloud
Copy link

sonarcloud bot commented Aug 11, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@@ -84,7 +85,7 @@ func New(reqState string, port int) (*Server, error) {

serv := &Server{
Addr: fmt.Sprintf("http://localhost:%s", portStr),
s: &http.Server{Addr: "localhost:0"},
s: &http.Server{Addr: "localhost:0", ReadHeaderTimeout: time.Second},
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the Slowloris fix. We could simply disable the check because there's no vulnerability here--this is the only server in MSAL and it runs on localhost. If users want to Slowloris the local server trying to help them authenticate, that's okay. But the header timeout won't hurt anything and it feels cleaner to me than disabling a warning 🤷

@chlowell chlowell merged commit 8abadc8 into dev Aug 11, 2022
@chlowell chlowell deleted the chlowell/golint-upgrade branch August 11, 2022 18:56
@rayluo rayluo mentioned this pull request Sep 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants