x

internal/cmd/oohelperd/main.go

@@ -100,16 +100,12 @@ func main() {
 		} else {
 			w.Header().Set("WWW-Authenticate", "Basic realm=metrics")
 			w.WriteHeader(401)
-			_, _ = w.Write([]byte("401 Unauthorized\n"))
+			w.Write([]byte("401 Unauthorized\n"))
 		}
 	})
 
 	// create a listening server for serving ooniprobe requests
-	srv := &http.Server{
-		Addr:              *apiEndpoint,
-		Handler:           mux,
-		ReadHeaderTimeout: 8 * time.Second,
-	}
+	srv := &http.Server{Addr: *apiEndpoint, Handler: mux}
 	listener, err := net.Listen("tcp", *apiEndpoint)
 	runtimex.PanicOnError(err, "net.Listen failed")
 
@@ -125,11 +121,7 @@ func main() {
 	pprofMux := http.NewServeMux()
 	pprofMux.Handle("/debug/pprof/profile", http.HandlerFunc(pprof.Profile))
 	pprofMux.Handle("/debug/pprof/trace", http.HandlerFunc(pprof.Trace))
-	pprofSrv := &http.Server{
-		Addr:              *pprofEndpoint,
-		Handler:           pprofMux,
-		ReadHeaderTimeout: 8 * time.Second,
-	}
+	pprofSrv := &http.Server{Addr: *pprofEndpoint, Handler: pprofMux}
 	go pprofSrv.ListenAndServe()
 	log.Infof("serving CPU profile at http://%s/debug/pprof/profile", *pprofEndpoint)
 	log.Infof("serving execution traces at http://%s/debug/pprof/trace", *pprofEndpoint)

internal/netemx/http.go

@@ -5,7 +5,6 @@ import (
 	"net"
 	"net/http"
 	"sync"
-	"time"
 
 	"github.com/ooni/netem"
 	"github.com/ooni/probe-cli/v3/internal/runtimex"
@@ -100,10 +99,7 @@ func (srv *httpCleartextServer) mustListenPortLocked(handler http.Handler, ipAdd
 	listener := runtimex.Try1(srv.unet.ListenTCP("tcp", addr))
 
 	// serve requests in a background goroutine
-	srvr := &http.Server{
-		Handler:           handler,
-		ReadHeaderTimeout: 5 * time.Second,
-	}
+	srvr := &http.Server{Handler: handler}
 	go srvr.Serve(listener)
 
 	// make sure we track the server (the .Serve method will close the

internal/netemx/https.go

@@ -5,7 +5,6 @@ import (
 	"net"
 	"net/http"
 	"sync"
-	"time"
 
 	"github.com/ooni/netem"
 	"github.com/ooni/probe-cli/v3/internal/runtimex"
@@ -99,9 +98,8 @@ func (srv *httpSecureServer) mustListenPortLocked(handler http.Handler, ipAddr n
 
 	// serve requests in a background goroutine
 	srvr := &http.Server{
-		Handler:           handler,
-		ReadHeaderTimeout: 5 * time.Second,
-		TLSConfig:         tlsConfig,
+		Handler:   handler,
+		TLSConfig: tlsConfig,
 	}
 	go srvr.ServeTLS(listener, "", "")
 

internal/testingx/httptestx.go

@@ -68,10 +68,7 @@ func MustNewHTTPServerEx(addr *net.TCPAddr, httpListener TCPListener, handler ht
 		Path:   "/",
 	}
 	srv := &HTTPServer{
-		Config: &http.Server{
-			Handler:           handler,
-			ReadHeaderTimeout: 5 * time.Second,
-		},
+		Config:       &http.Server{Handler: handler},
 		Listener:     listener,
 		TLS:          nil,
 		URL:          baseURL.String(),
@@ -116,10 +113,7 @@ func MustNewHTTPServerTLSEx(
 	otherNames = append(otherNames, extraSNIs...)
 
 	srv := &HTTPServer{
-		Config: &http.Server{
-			Handler:           handler,
-			ReadHeaderTimeout: 5 * time.Second,
-		},
+		Config:       &http.Server{Handler: handler},
 		Listener:     listener,
 		TLS:          ca.MustNewServerTLSConfig(commonName, otherNames...),
 		URL:          baseURL.String(),

pkg/gobash/version.go

@@ -56,7 +56,7 @@ func Run(version string) {
 
 func runGo(root string) {
 	gobin := filepath.Join(root, "bin", "go"+exe())
-	cmd := exec.Command(gobin, os.Args[1:]...) // #nosec G204 - this is working as intended
+	cmd := exec.Command(gobin, os.Args[1:]...)
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
@@ -105,12 +105,11 @@ func install(targetDir, version string) error {
 		return nil
 	}
 
-	err := os.MkdirAll(targetDir, 0755) // #nosec G301 - no need to be more strict
-	if err != nil {
+	if err := os.MkdirAll(targetDir, 0755); err != nil {
 		return err
 	}
 	goURL := versionArchiveURL(version)
-	res, err := http.Head(goURL) // #nosec G107 -- this is working as intended
+	res, err := http.Head(goURL)
 	if err != nil {
 		return err
 	}
@@ -149,8 +148,7 @@ func install(targetDir, version string) error {
 	if err := unpackArchive(targetDir, archiveFile); err != nil {
 		return fmt.Errorf("extracting archive %v: %v", archiveFile, err)
 	}
-	err = ioutil.WriteFile(filepath.Join(targetDir, unpackedOkay), nil, 0644) // #nosec G306 - no need to be more strict
-	if err != nil {
+	if err := ioutil.WriteFile(filepath.Join(targetDir, unpackedOkay), nil, 0644); err != nil {
 		return err
 	}
 	log.Printf("Success. You may now run '%v'", version)
@@ -172,7 +170,7 @@ func unpackArchive(targetDir, archiveFile string) error {
 
 // unpackTarGz is the tar.gz implementation of unpackArchive.
 func unpackTarGz(targetDir, archiveFile string) error {
-	r, err := os.Open(archiveFile) // #nosec G304 - this is working as intended
+	r, err := os.Open(archiveFile)
 	if err != nil {
 		return err
 	}
@@ -207,14 +205,12 @@ func unpackTarGz(targetDir, archiveFile string) error {
 			// write will fail with the same error.
 			dir := filepath.Dir(abs)
 			if !madeDir[dir] {
-				err := os.MkdirAll(filepath.Dir(abs), 0755) // #nosec G301 - no need to be more strict
-				if err != nil {
+				if err := os.MkdirAll(filepath.Dir(abs), 0755); err != nil {
 					return err
 				}
 				madeDir[dir] = true
 			}
-			wf, err := os.OpenFile( // #nosec G304 - this is working as intended
-				abs, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode.Perm())
+			wf, err := os.OpenFile(abs, os.O_RDWR|os.O_CREATE|os.O_TRUNC, mode.Perm())
 			if err != nil {
 				return err
 			}
@@ -239,8 +235,7 @@ func unpackTarGz(targetDir, archiveFile string) error {
 				}
 			}
 		case mode.IsDir():
-			err := os.MkdirAll(abs, 0755) // #nosec G301 - no need to be more strict
-			if err != nil {
+			if err := os.MkdirAll(abs, 0755); err != nil {
 				return err
 			}
 			madeDir[abs] = true
@@ -276,8 +271,7 @@ func unpackZip(targetDir, archiveFile string) error {
 
 		outpath := filepath.Join(targetDir, name)
 		if f.FileInfo().IsDir() {
-			err := os.MkdirAll(outpath, 0755) // #nosec G301 - no need to be more strict
-			if err != nil {
+			if err := os.MkdirAll(outpath, 0755); err != nil {
 				return err
 			}
 			continue
@@ -289,19 +283,17 @@ func unpackZip(targetDir, archiveFile string) error {
 		}
 
 		// File
-		err = os.MkdirAll(filepath.Dir(outpath), 0755) // #nosec G301 - no need to be more strict
-		if err != nil {
+		if err := os.MkdirAll(filepath.Dir(outpath), 0755); err != nil {
 			return err
 		}
-		out, err := os.OpenFile( // #nosec G304 - this is working as intended
-			outpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
+		out, err := os.OpenFile(outpath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
 		if err != nil {
 			return err
 		}
 		_, err = io.Copy(out, rc)
-		_ = rc.Close()
+		rc.Close()
 		if err != nil {
-			_ = out.Close()
+			out.Close()
 			return err
 		}
 		if err := out.Close(); err != nil {
@@ -314,7 +306,7 @@ func unpackZip(targetDir, archiveFile string) error {
 // verifySHA256 reports whether the named file has contents with
 // SHA-256 of the given wantHex value.
 func verifySHA256(file, wantHex string) error {
-	f, err := os.Open(file) // #nosec G304 - this is working as intended
+	f, err := os.Open(file)
 	if err != nil {
 		return err
 	}
@@ -331,7 +323,7 @@ func verifySHA256(file, wantHex string) error {
 
 // slurpURLToString downloads the given URL and returns it as a string.
 func slurpURLToString(url_ string) (string, error) {
-	res, err := http.Get(url_) // #nosec G107 -- this is working as intended
+	res, err := http.Get(url_)
 	if err != nil {
 		return "", err
 	}
@@ -348,14 +340,14 @@ func slurpURLToString(url_ string) (string, error) {
 
 // copyFromURL downloads srcURL to dstFile.
 func copyFromURL(dstFile, srcURL string) (err error) {
-	f, err := os.Create(dstFile) // #nosec G304 - this is working as intended
+	f, err := os.Create(dstFile)
 	if err != nil {
 		return err
 	}
 	defer func() {
 		if err != nil {
-			_ = f.Close()
-			_ = os.Remove(dstFile)
+			f.Close()
+			os.Remove(dstFile)
 		}
 	}()
 	c := &http.Client{