Skip to content

fix: set maximum of goroutines #295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cx-rogerio-dalot wants to merge 1 commit into from
Closed

fix: set maximum of goroutines #295

cx-rogerio-dalot wants to merge 1 commit into from

Conversation

@cx-rogerio-dalot
Copy link
Contributor

@cx-rogerio-dalot cx-rogerio-dalot commented Jun 4, 2025

Proposed Changes

The binary as is can take the process to resource exhaustion due to going over the limit of 10k goroutines.

This is a quickfix/hotfix and in no case sustainable for the future, we need indeed to refactor our current implementation but it should solve the issue for now.

Checklist

  • I covered my changes with tests.
  • I Updated the documentation that is affected by my changes:
    • Change in the CLI arguments
    • Change in the configuration file

I submit this contribution under the Apache-2.0 license.

@cx-rogerio-dalot cx-rogerio-dalot requested a review from a team as a code owner June 4, 2025 11:38
@cx-rogerio-dalot cx-rogerio-dalot changed the base branch from master to release/v3.17.0 June 4, 2025 11:45
@cx-rogerio-dalot cx-rogerio-dalot changed the title hotfix: Set maximum of goroutines fix: Set maximum of goroutines Jun 4, 2025
@cx-rogerio-dalot cx-rogerio-dalot changed the title fix: Set maximum of goroutines fix: set maximum of goroutines Jun 4, 2025
@cx-rogerio-dalot cx-rogerio-dalot force-pushed the AST-99769-thread-exhaustion-error-in-2-ms branch from 5d30718 to f484bab Compare June 4, 2025 12:03
@github-actions
Copy link

github-actions bot commented Jun 4, 2025

Logo
Checkmarx One – Scan Summary & Details6508ff0a-5f6b-438d-bce1-8b8fd196aaf3

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2024-45338 Go-golang.org/x/net-v0.25.0
detailsRecommended version: v0.38.0
Description: An attacker can craft an input to the "Parse" function, that will be processed non-linearly with respect to its length, resulting in extremely slow...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: tRnPSYuTtwgPdwZkCj3tzIijvKYO%2BL1rTT6NcDgfICU%3D
Vulnerable Package
HIGH CVE-2025-22868 Go-golang.org/x/oauth2-v0.18.0
detailsRecommended version: v0.27.0
Description: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. This issue affects golang.org/x/oaut...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: cn6xMI4a7m6KXPwjXZbH%2Fjzd4PgPAa46B2rqzqCZ8SA%3D
Vulnerable Package
HIGH CVE-2025-22869 Go-golang.org/x/crypto-v0.32.0
detailsRecommended version: v0.34.1-0.20250224173925-7292932d45d5
Description: SSH servers which implement file transfer protocols are vulnerable to a Denial of Service (DoS) attack from clients which complete the key exchange...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: jtE2fVBzfQNYBofvW2HfzgGOPK66O0vdSgllCmGE2rk%3D
Vulnerable Package
MEDIUM CVE-2025-22872 Go-golang.org/x/net-v0.25.0
detailsRecommended version: v0.38.0
Description: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (`/`) as self-closing. When directly usi...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: pqJZWRQT8wubLAB%2FdHVGRX6NeO%2FZ34rMxt5y0Lc7%2BiQ%3D
Vulnerable Package
Policy Management Violations (1)
Policy Name Rule(s) Break Build
FluentAssertions v8 true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cx-rogerio-dalot