From 1667c7a2f0273f04c8ca902cb948ee76dec22b4e Mon Sep 17 00:00:00 2001 From: Daniel Sonck Date: Wed, 10 Jul 2024 20:51:35 +0200 Subject: [PATCH] chore: webdav: enable gosec --- webdav/.golangci.yml | 1 - webdav/client/api_client.go | 2 +- webdav/config/config.go | 9 +++------ webdav/handler/method_get.go | 4 ++-- webdav/handler/method_put.go | 2 +- webdav/main.go | 25 ++++++++++++++++--------- 6 files changed, 23 insertions(+), 20 deletions(-) diff --git a/webdav/.golangci.yml b/webdav/.golangci.yml index 235f51c42..814d2a7fd 100644 --- a/webdav/.golangci.yml +++ b/webdav/.golangci.yml @@ -31,7 +31,6 @@ linters: - nestif - canonicalheader - lll - - gosec - funlen severity: diff --git a/webdav/client/api_client.go b/webdav/client/api_client.go index 4ab05fa73..e5f327ec2 100644 --- a/webdav/client/api_client.go +++ b/webdav/client/api_client.go @@ -435,7 +435,7 @@ func (cl *APIClient) DownloadOriginal(file *File, outputPath string) error { infra.GetLogger().Error(err.Error()) } }(resp.Body) - out, err := os.Create(outputPath) + out, err := os.Create(outputPath) //nolint:gosec // Known safe value if err != nil { return err } diff --git a/webdav/config/config.go b/webdav/config/config.go index 966bc9b06..7590b84dd 100644 --- a/webdav/config/config.go +++ b/webdav/config/config.go @@ -16,7 +16,8 @@ import ( ) type Config struct { - Port int + Host string + Port string APIURL string IdPURL string S3 S3Config @@ -46,12 +47,8 @@ var config *Config func GetConfig() *Config { if config == nil { - port, err := strconv.Atoi(os.Getenv("PORT")) - if err != nil { - panic(err) - } config = &Config{ - Port: port, + Port: os.Getenv("PORT"), } readURLs(config) readS3(config) diff --git a/webdav/handler/method_get.go b/webdav/handler/method_get.go index 24f9a28c5..ca6eba840 100644 --- a/webdav/handler/method_get.go +++ b/webdav/handler/method_get.go @@ -81,7 +81,7 @@ func (h *Handler) methodGet(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Length", fmt.Sprintf("%d", chunkSize)) w.Header().Set("Content-Type", "application/octet-stream") w.WriteHeader(http.StatusPartialContent) - file, err := os.Open(outputPath) + file, err := os.Open(outputPath) //nolint:gosec // Known safe path if err != nil { infra.HandleError(err, w) return @@ -106,7 +106,7 @@ func (h *Handler) methodGet(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Length", fmt.Sprintf("%d", stat.Size())) w.Header().Set("Content-Type", "application/octet-stream") w.WriteHeader(http.StatusOK) - file, err := os.Open(outputPath) + file, err := os.Open(outputPath) //nolint:gosec // Known safe path if err != nil { infra.HandleError(err, w) return diff --git a/webdav/handler/method_put.go b/webdav/handler/method_put.go index 907b83d59..b8614da7c 100644 --- a/webdav/handler/method_put.go +++ b/webdav/handler/method_put.go @@ -57,7 +57,7 @@ func (h *Handler) methodPut(w http.ResponseWriter, r *http.Request) { return } outputPath := filepath.Join(os.TempDir(), uuid.New().String()) - ws, err := os.Create(outputPath) + ws, err := os.Create(outputPath) //nolint:gosec // Known safe path if err != nil { infra.HandleError(err, w) return diff --git a/webdav/main.go b/webdav/main.go index ae3f5f9cc..d068725c1 100644 --- a/webdav/main.go +++ b/webdav/main.go @@ -12,8 +12,8 @@ package main import ( "context" - "fmt" "log" + "net" "net/http" "os" "strings" @@ -115,12 +115,19 @@ func main() { startTokenRefresh(idpClient) - log.Printf("Listening on port %d", cfg.Port) - log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", cfg.Port), http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if strings.HasPrefix(r.URL.Path, "/v2/health") { - mux.ServeHTTP(w, r) - } else { - basicAuthMiddleware(mux, idpClient).ServeHTTP(w, r) - } - }))) + server := &http.Server{ + Addr: net.JoinHostPort(cfg.Host, cfg.Port), + ReadHeaderTimeout: 30 * time.Second, + Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if strings.HasPrefix(r.URL.Path, "/v2/health") { + mux.ServeHTTP(w, r) + } else { + basicAuthMiddleware(mux, idpClient).ServeHTTP(w, r) + } + }), + } + + log.Printf("Listening on %s", server.Addr) + + log.Fatal(server.ListenAndServe()) }