Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secure outgoing http client with max connections #3508

Merged
merged 6 commits into from
Oct 22, 2024
Merged

secure outgoing http client with max connections #3508

merged 6 commits into from
Oct 22, 2024

Conversation

woutslakhorst
Copy link
Member

fixes outcome from Elevation Of Privilege.

checked all creations of http.Client and replaced with client.New, client.NewWithCache or client.NewWithTLSConfig.

Also connected the limitreader to the strictClient.

gerardsn
gerardsn approved these changes Oct 22, 2024
View reviewed changes
http/client/client.go
// DefaultMaxHttpResponseSize is a default maximum size of an HTTP response body that will be read.
// Very large or unbounded HTTP responses can cause denial-of-service, so it's good to limit how much data is read.
// This of course heavily depends on the use case, but 1MB is a reasonable default.
const DefaultMaxHttpResponseSize = 1024 * 1024
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be nice if this is configurable

http/client/client.go Show resolved Hide resolved
http/client/caching.go Outdated Show resolved Hide resolved
docs/pages/deployment/security-considerations.rst Outdated Show resolved Hide resolved
pki/denylist.go
@@ -219,6 +219,7 @@ func (b *denylistImpl) Subscribe(f func()) {
// download retrieves and parses the denylist
func (b *denylistImpl) download() ([]byte, error) {
// Make an HTTP GET request for the denylist URL
// We do not use our safe http client here since we're downloading from our own resource
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

download is from a configurable endpoint. (hidden config flag though)
Probably doesn't matter since it is a trusted endpoint.

core/http_client.go
// The result HTTPRequestDoer can be supplied to OpenAPI generated clients for executing requests.
// This does not use the generated client options for e.g. authentication,
// because each generated OpenAPI client reimplements the client options using structs,
// which makes them incompatible with each other, making it impossible to use write generic client code for common traits like authorization.
// If the given authorization token builder is non-nil, it calls it and passes the resulting token as bearer token with requests.
func CreateHTTPClient(cfg ClientConfig, generator AuthorizationTokenGenerator) (HTTPRequestDoer, error) {
func CreateHTTPInternalClient(cfg ClientConfig, generator AuthorizationTokenGenerator) (HTTPRequestDoer, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a bit weird that this is under core and all the other under http like the rest. Import cycle on config?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these are for our commands, the other are outgoing.

@woutslakhorst woutslakhorst merged commit bfe1d26 into master Oct 22, 2024
9 checks passed
@woutslakhorst woutslakhorst deleted the feature/limit_outgoing_connections branch October 22, 2024 13:08
rolandgroen added a commit that referenced this pull request Nov 1, 2024
@rolandgroen
Merge branch 'master' into x509
89ebc2d 
* master: (72 commits)
  PKI add ValidateStrict (#3531)
  PEX: Return capture group for matched patterns (#3526)
  Schedule CodeQL twice a week (#3525)
  change cron schedule (#3524)
  Add gh action for CodeQL schedule (#3523)
  Bump github.com/lestrrat-go/jwx/v2 from 2.1.1 to 2.1.2 (#3520)
  docs: v6 release date (#3519)
  status codes for discovery client (#3513)
  Require SQL connection string in strictmode (#3517)
  Fix duplicate discovery results (#3515)
  Bump github.com/chromedp/chromedp from 0.11.0 to 0.11.1 (#3514)
  fix duplicate search results for wildcard param (#3512)
  Bump github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys (#3511)
  remove network migration and optimize network event retry (#3510)
  secure outgoing http client with max connections (#3508)
  make gen-mocks (#3509)
  Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.15.0 to 1.16.0 (#3506)
  fix invalid keyReference migration objects (#3504)
  Bump go.uber.org/mock from 0.4.0 to 0.5.0 (#3507)
  Bump github.com/nats-io/nats-server/v2 from 2.10.21 to 2.10.22 (#3505)
  ...

# Conflicts:
#	vcr/test.go
#	vdr/legacy_integration_test.go
#	vdr/vdr.go
#	vdr/vdr_test.go
@gerardsn gerardsn mentioned this pull request Nov 5, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gerardsn gerardsn gerardsn approved these changes

@reinkrul reinkrul Awaiting requested review from reinkrul reinkrul is a code owner

@stevenvegt stevenvegt Awaiting requested review from stevenvegt stevenvegt is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@woutslakhorst @gerardsn