From 8401c4a95b104e7b20948de089b1fb93d9fdce41 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Thu, 11 Aug 2022 16:17:35 +0200
Subject: [PATCH 1/2] update golangci-lint to 1.48.0

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 .github/workflows/verify.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
index 46576bafe..938c2f5d8 100644
--- a/.github/workflows/verify.yml
+++ b/.github/workflows/verify.yml
@@ -56,7 +56,7 @@ jobs:
         timeout-minutes: 5
         with:
           # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.46.0
+          version: v1.48.0
 
   oidc-config:
     name: oidc-config

From 5763d0c26ed098b9e5d7b3f8e845d9f27b0d30a8 Mon Sep 17 00:00:00 2001
From: cpanato <ctadeu@gmail.com>
Date: Thu, 11 Aug 2022 16:18:02 +0200
Subject: [PATCH 2/2] address Potential Slowloris Attack because
 ReadHeaderTimeout is not configured in the http.Server

Signed-off-by: cpanato <ctadeu@gmail.com>
---
 cmd/app/serve.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cmd/app/serve.go b/cmd/app/serve.go
index ed84464b4..9ec407a56 100644
--- a/cmd/app/serve.go
+++ b/cmd/app/serve.go
@@ -80,6 +80,7 @@ func newServeCmd() *cobra.Command {
 	cmd.Flags().String("grpc-host", "0.0.0.0", "The host on which to serve requests for GRPC")
 	cmd.Flags().String("grpc-port", "8081", "The port on which to serve requests for GRPC")
 	cmd.Flags().String("metrics-port", "2112", "The port on which to serve prometheus metrics endpoint")
+	cmd.Flags().Duration("read-header-timeout", 10*time.Second, "The time allowed to read the headers of the requests in seconds")
 
 	// convert "http-host" flag to "host" and "http-port" flag to be "port"
 	cmd.Flags().SetNormalizeFunc(func(f *pflag.FlagSet, name string) pflag.NormalizedName {
@@ -259,12 +260,13 @@ func runServeCmd(cmd *cobra.Command, args []string) {
 	httpServer := createHTTPServer(context.Background(), httpServerEndpoint, grpcServer, legacyGRPCServer)
 	httpServer.startListener()
 
+	readHeaderTimeout := viper.GetDuration("read-header-timeout")
 	prom := http.Server{
-		Addr:    fmt.Sprintf(":%v", viper.GetString("metrics-port")),
-		Handler: promhttp.Handler(),
+		Addr:              fmt.Sprintf(":%v", viper.GetString("metrics-port")),
+		Handler:           promhttp.Handler(),
+		ReadHeaderTimeout: readHeaderTimeout,
 	}
 	log.Logger.Error(prom.ListenAndServe())
-
 }
 
 func checkServeCmdConfigFile() error {