fix: add timeouts to HTTP server

chmouel · chmouel · commit c4e24c56bf13 · 2025-06-25T16:12:12.000+02:00
- Added ReadHeaderTimeout, ReadTimeout, and IdleTimeout to HTTP server
  for improved security and reliability
diff --git a/pkg/adapter/adapter.go b/pkg/adapter/adapter.go
@@ -93,11 +93,13 @@ func (l *listener) Start(ctx context.Context) error {
 
 	mux.HandleFunc("/", l.handleEvent(ctx))
 
-	//nolint: gosec
 	srv := &http.Server{
 		Addr: ":" + adapterPort,
 		Handler: http.TimeoutHandler(mux,
 			httpTimeoutHandler, "Listener Timeout!\n"),
+		ReadHeaderTimeout: 5 * time.Second,
+		ReadTimeout:       10 * time.Second,
+		IdleTimeout:       30 * time.Second,
 	}
 
 	enabled, tlsCertFile, tlsKeyFile := l.isTLSEnabled()
diff --git a/pkg/cmd/tknpac/bootstrap/web.go b/pkg/cmd/tknpac/bootstrap/web.go
@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"path/filepath"
+	"time"
 
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/cli/browser"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/cli/info"
@@ -19,7 +20,13 @@ import (
 func startWebServer(ctx context.Context, opts *bootstrapOpts, run *params.Run, jeez string) error {
 	m := http.NewServeMux()
 	//nolint: gosec
-	s := http.Server{Addr: fmt.Sprintf(":%d", opts.webserverPort), Handler: m}
+	s := http.Server{
+		Addr:              fmt.Sprintf(":%d", opts.webserverPort),
+		Handler:           m,
+		ReadHeaderTimeout: 5 * time.Second,
+		ReadTimeout:       10 * time.Second,
+		IdleTimeout:       30 * time.Second,
+	}
 	codeCh := make(chan string)
 	m.HandleFunc("/", func(rw http.ResponseWriter, r *http.Request) {
 		code := r.URL.Query().Get("code")
