panicweb: Set http.Server.ReadHeaderTimeout to 2s

maruel · maruel · commit 0852717eccfe · 2022-08-28T20:05:34.000-04:00
This silences gosec G114 and fixes the slowloris DoS attack.
diff --git a/cmd/panicweb/main.go b/cmd/panicweb/main.go
@@ -107,7 +107,11 @@ func main() {
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		_, _ = w.Write(rootPage)
 	})
-	go http.Serve(ln, http.DefaultServeMux)
+	srv := &http.Server{
+		Handler:           http.DefaultServeMux,
+		ReadHeaderTimeout: 2 * time.Second,
+	}
+	go srv.Serve(ln)
 
 	// Start many clients.
 	a := ln.Addr()
diff --git a/stack/context_test.go b/stack/context_test.go
@@ -2352,7 +2352,7 @@ func identifyPanicwebSignature(t *testing.T, b *Bucket, pwebDir string) panicweb
 				t.Fatal("expected Locked")
 			}
 			// This is a change detector on internal/main.go.
-			want := Stack{Calls: []Call{newCallLocal("main.main", Args{}, pathJoin(pwebDir, "main.go"), 141)}}
+			want := Stack{Calls: []Call{newCallLocal("main.main", Args{}, pathJoin(pwebDir, "main.go"), 145)}}
 			compareStacks(t, &b.Signature.CreatedBy, &want)
 			for i := range b.Signature.Stack.Calls {
 				if strings.HasPrefix(b.Signature.Stack.Calls[i].ImportPath, "github.com/mattn/go-colorable") {

Original file line number	Diff line number	Diff line change
`@@ -2352,7 +2352,7 @@ func identifyPanicwebSignature(t testing.T, b Bucket, pwebDir string) panicweb`
`2352`	`2352`	`t.Fatal("expected Locked")`
`2353`	`2353`	`}`
`2354`	`2354`	`// This is a change detector on internal/main.go.`
`2355`		`- want := Stack{Calls: []Call{newCallLocal("main.main", Args{}, pathJoin(pwebDir, "main.go"), 141)}}`
	`2355`	`+ want := Stack{Calls: []Call{newCallLocal("main.main", Args{}, pathJoin(pwebDir, "main.go"), 145)}}`
`2356`	`2356`	`compareStacks(t, &b.Signature.CreatedBy, &want)`
`2357`	`2357`	`for i := range b.Signature.Stack.Calls {`
`2358`	`2358`	`if strings.HasPrefix(b.Signature.Stack.Calls[i].ImportPath, "github.com/mattn/go-colorable") {`