Add Chromium to websocket proxy. #7
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| http.HandleFunc("/up", handler.HandleUpstreamRequest) | ||
| http.HandleFunc("/down", handler.HandleDownstreamRequest) | ||
|
|
||
| http.ListenAndServe(c.String("listen-address"), nil) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] The profiling 'pprof' endpoint is automatically exposed on /debug/pprof. This could leak information about the server. Instead, use import "net/http/pprof". See https://www.farsightsecurity.com/blog/txt-record/go-remote-profiling-20161028/ for more information and mitigation.
Source: https://semgrep.dev/r/go.lang.security.audit.net.pprof.pprof-debug-exposure
Cc @thypon @kdenhartog
goodov
force-pushed
the
crtws
branch
4 times, most recently
from
eaf1357 to
3d22f1a
Compare
| return | ||
| } | ||
| binary.Write(w, binary.BigEndian, uint32(len(bytes))) | ||
| w.Write(bytes) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.
Source: https://semgrep.dev/r/go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
Cc @thypon @kdenhartog
| return | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetCloseHandler is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
| return | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetPongHandler is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
| return | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetReadDeadline is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
| return | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetReadLimit is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
| return | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetWriteDeadline is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
| } | ||
| return nil | ||
| }, | ||
| ) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetReadDeadline is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
| } | ||
| return nil | ||
| }, | ||
| ) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetReadLimit is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
| } | ||
| return nil | ||
| }, | ||
| ) |
There was a problem hiding this comment.
reported by reviewdog 🐶
[semgrep] Potential wsConn nil dereference when SetWriteDeadline is called
Source: https://semgrep.dev/r/trailofbits.go.nil-check-after-call.nil-check-after-call
Cc @thypon @kdenhartog
|
@goodov is this something that you're writing up with the intent to productionize it or just experimenting with a feature? If it's intended to be productionized, I can go through the sec alerts and provide suggestions if needed. |
yes, this is intended to be productionized. We're waiting for a vendor to solve some issues on their side before rolling this. Please, I would love to hear suggestions! |
|
Sounds good, I'll come back to this tomorrow morning. |
No description provided.