-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update GO to 1.19 and format code #123
Conversation
2226132
to
404fff8
Compare
run e2e test |
allowedlist.yaml is temporarily added to address vulnerability CVE-2022-27664. |
404fff8
to
1ae28da
Compare
run e2e test |
ac70bc0
run e2e test |
|
||
server := &http.Server{ | ||
Addr: addr, | ||
ReadHeaderTimeout: 5 * time.Second, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Is 'ReadHeaderTimeout' only for TLS listener, or for all Read operation?
- Is 5sec a recommended timeout value?
- Better to use a constant variable for the time out setting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ReadHeaderTimeout
is for the newserver
instance, and the instance is for TLS listener. It could say 'ReadHeaderTimeout' only for TLS listener- There is no recommended value. But [PowerStore ]('ReadHeaderTimeout' only for TLS listener) uses 5 the same.
- I flip through all the source code including CSM, 3rd, GO package, timeout values are all set as plain value, not constant. I think it should be good for us as well.
- Fix CVE-2022-27664 by updating GO to 1.19 and updating golang.org/x/net, golang.org/x/text to the latest - Fix Go Security check alert `Use of net/http serve function that has no support for setting timeouts` Use `server.Serve(tlsListener)` instead of `http.ListenAndServeTLS` - Format code to align with Go format rule
eb27e9f
ac70bc0
to
eb27e9f
Compare
run e2e test |
|
Description
Use of net/http serve function that has no support for setting timeouts
GitHub Issues
List the GitHub issues impacted by this PR:
Checklist:
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration
Run make check test
Grafana GUI check
Manual inspection of the GUI
I have verified that the dashboards show the data properly while generating I/O and storage resources