Skip to content

Commit

Permalink
fix(autossl): fixed deepsource warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
@cnlangzi
cnlangzi committed Jan 5, 2025
1 parent c13ddbd commit ba34d59
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 2 deletions.
5 changes: 5 additions & 0 deletions ext/autossl/autossl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package autossl
import (
"crypto/tls"
"net/http"
"time"

"golang.org/x/crypto/acme/autocert"
)
Expand Down Expand Up @@ -56,6 +57,10 @@ func New(opts ...Option) *AutoSSL {
func (autossl *AutoSSL) Configure(httpSrv *http.Server, httpsSrv *http.Server) {
httpSrv.Handler = autossl.Manager.HTTPHandler(httpSrv.Handler)

if httpSrv.ReadHeaderTimeout == 0 {
httpSrv.ReadHeaderTimeout = 3 * time.Second // Potential slowloris attack
}

if httpsSrv.TLSConfig == nil {
httpsSrv.TLSConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
Expand Down
11 changes: 9 additions & 2 deletions ext/autossl/autossl_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"crypto/tls"
"net/http"
"testing"
"time"

"github.com/stretchr/testify/require"
"golang.org/x/crypto/acme/autocert"
Expand All @@ -31,15 +32,19 @@ func TestConfigure(t *testing.T) {
require.NotNil(t, httpSrv.Handler)
require.NotNil(t, httpsSrv.TLSConfig)

require.Equal(t, 3*time.Second, httpSrv.ReadHeaderTimeout)

require.Equal(t, uint16(tls.VersionTLS12), httpsSrv.TLSConfig.MinVersion)
require.Equal(t, uint16(0), httpsSrv.TLSConfig.MaxVersion)

require.NotNil(t, httpsSrv.TLSConfig.GetCertificate)

httpSrv = &http.Server{}
httpSrv = &http.Server{
ReadHeaderTimeout: 1 * time.Second,
}
httpsSrv = &http.Server{
TLSConfig: &tls.Config{
MinVersion: tls.VersionTLS10,
MinVersion: tls.VersionTLS10, // skipcq: GSC-G402
MaxVersion: tls.VersionTLS13,
},
}
Expand All @@ -48,6 +53,8 @@ func TestConfigure(t *testing.T) {
require.NotNil(t, httpSrv.Handler)
require.NotNil(t, httpsSrv.TLSConfig)

require.Equal(t, 1*time.Second, httpSrv.ReadHeaderTimeout)

require.Equal(t, uint16(tls.VersionTLS10), httpsSrv.TLSConfig.MinVersion)
require.Equal(t, uint16(tls.VersionTLS13), httpsSrv.TLSConfig.MaxVersion)

Expand Down

0 comments on commit ba34d59

Please sign in to comment.