archivista icon indicating copy to clipboard operation
archivista copied to clipboard

Published 20 hours ago verified publisher icon in-toto

Enhance HTTP Server Configuration and File Permissions in file.go

Open naveensrinivasan opened this issue 1 year ago • 3 comments

HTTP Timeout

Mitigation of Slowloris Attacks: By introducing read and write timeouts to the HTTP server configuration, we mitigate potential Slowloris attacks. Slowloris is a denial-of-service attack where a client holds as many connections to the server open as possible for a long time, effectively tying up all available connections and preventing legitimate users from accessing the server. By limiting how long the server will wait for a complete request (ReadTimeout) or a complete response (WriteTimeout), we ensure that resources are not tied up indefinitely, thus reducing the effectiveness of Slowloris attacks.

File Permission

Prevention of Unauthorized File Access: The file permissions for storing files have been updated to 0600 (read and write permissions for the owner only). AFAIK this shouldn't be an issue for the server functionality.

gosec

Included gosec as one of the linters.

These were reported by gosec

naveensrinivasan avatar Oct 20 '23 16:10 naveensrinivasan

Hey Naveen, finally got all the pipeline stuff worked out. Can you rebase this? Thanks!

jkjell avatar Nov 20 '23 19:11 jkjell

Hey Naveen, finally got all the pipeline stuff worked out. Can you rebase this? Thanks!

👍

naveensrinivasan avatar Nov 20 '23 19:11 naveensrinivasan

Codecov Report

Attention: Patch coverage is 5.88235% with 16 lines in your changes are missing coverage. Please review.

Project coverage is 1.49%. Comparing base (a035c62) to head (6bbc0a7). Report is 73 commits behind head on main.

Files Patch % Lines
internal/objectstorage/filestore/file.go 10.00% 9 Missing :warning:
cmd/archivista/main.go 0.00% 7 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #65       +/-   ##
==========================================
- Coverage   82.40%   1.49%   -80.91%     
==========================================
  Files          10     117      +107     
  Lines         358   28645    +28287     
==========================================
+ Hits          295     429      +134     
- Misses         43   28159    +28116     
- Partials       20      57       +37

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar May 02 '24 02:05 codecov[bot]