Detect use of net/http functions that have no support for setting timeouts (#842)

https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/ https://blog.cloudflare.com/exposing-go-on-the-internet/ Closes https://github.com/securego/gosec/issues/833
2025-11-23 22:15:04 +02:00 · 2022-08-02 18:16:44 +03:00
parent 6a26c231fc
commit 0c8e63ed86
5 changed files with 122 additions and 0 deletions
--- a/rules/rulelist.go
+++ b/rules/rulelist.go
@@ -76,6 +76,7 @@ func Generate(trackSuppressions bool, filters ...RuleFilter) RuleList {
 		{"G111", "Detect http.Dir('/') as a potential risk", NewDirectoryTraversal},
 		{"G112", "Detect ReadHeaderTimeout not configured as a potential risk", NewSlowloris},
 		{"G113", "Usage of Rat.SetString in math/big with an overflow", NewUsingOldMathBig},
+		{"G114", "Use of net/http serve function that has no support for setting timeouts", NewHTTPServeWithoutTimeouts},

 		// injection
 		{"G201", "SQL query construction using format string", NewSQLStrFormat},