diff --git a/.trivyignore b/.trivyignore index 704d4a556..63fec304c 100644 --- a/.trivyignore +++ b/.trivyignore @@ -82,3 +82,6 @@ CVE-2024-24791 CVE-2023-5678 # MEDIUM - ruby CVE-2024-27281 +# MEDIUM - targetallocator +CVE-2023-42363 +CVE-2023-42365 diff --git a/otelcollector/configuration-reader-builder/main.go b/otelcollector/configuration-reader-builder/main.go index 4470aff56..a410ee7d5 100644 --- a/otelcollector/configuration-reader-builder/main.go +++ b/otelcollector/configuration-reader-builder/main.go @@ -180,28 +180,35 @@ func taHealthHandler(w http.ResponseWriter, r *http.Request) { status := http.StatusOK message := "\ntargetallocator is running." - resp, _ := http.Get("http://localhost:8080/metrics") - - if resp != nil && resp.StatusCode == http.StatusOK { - if taConfigUpdated { - if !taLivenessStartTime.IsZero() { - duration := time.Since(taLivenessStartTime) - // Serve the response of ServiceUnavailable for 60s and then reset - if duration.Seconds() < 60 { - status = http.StatusServiceUnavailable - message += "targetallocator-config changed" - } else { - taConfigUpdated = false - taLivenessStartTime = time.Time{} + client := &http.Client{Timeout: time.Duration(2) * time.Second} + + req, err := http.NewRequest("GET", "http://localhost:8080/metrics", nil) + if err == nil { + resp, _ := client.Do(req) + if resp != nil && resp.StatusCode == http.StatusOK { + if taConfigUpdated { + if !taLivenessStartTime.IsZero() { + duration := time.Since(taLivenessStartTime) + // Serve the response of ServiceUnavailable for 60s and then reset + if duration.Seconds() < 60 { + status = http.StatusServiceUnavailable + message += "targetallocator-config changed" + } else { + taConfigUpdated = false + taLivenessStartTime = time.Time{} + } } } - } - if status != http.StatusOK { - fmt.Printf(message) + if status != http.StatusOK { + fmt.Printf(message) + } + w.WriteHeader(status) + fmt.Fprintln(w, message) + } + if resp != nil && resp.Body != nil { + defer resp.Body.Close() } - w.WriteHeader(status) - fmt.Fprintln(w, message) } else { message = "\ncall to get TA metrics failed" status = http.StatusServiceUnavailable diff --git a/otelcollector/shared/process_utilities.go b/otelcollector/shared/process_utilities.go index 38d198f11..794cf68b0 100644 --- a/otelcollector/shared/process_utilities.go +++ b/otelcollector/shared/process_utilities.go @@ -406,16 +406,26 @@ func WaitForTokenAdapter(ccpMetricsEnabled string) { } waitedSecsSoFar := 1 + var resp *http.Response + var err error + + client := &http.Client{Timeout: time.Duration(2) * time.Second} + + req, err := http.NewRequest("GET", "http://localhost:9999/healthz", nil) + if err != nil { + log.Printf("Unable to create http request for the healthz endpoint") + return + } for { if waitedSecsSoFar > tokenAdapterWaitSecs { - if _, err := http.Get("http://localhost:9999/healthz"); err != nil { + if resp, err = client.Do(req); err != nil { log.Printf("giving up waiting for token adapter to become healthy after %d secs\n", waitedSecsSoFar) log.Printf("export tokenadapterUnhealthyAfterSecs=%d\n", waitedSecsSoFar) break } } else { log.Printf("checking health of token adapter after %d secs\n", waitedSecsSoFar) - resp, err := http.Get("http://localhost:9999/healthz") + resp, err = client.Do(req) if err == nil && resp.StatusCode == http.StatusOK { log.Printf("found token adapter to be healthy after %d secs\n", waitedSecsSoFar) log.Printf("export tokenadapterHealthyAfterSecs=%d\n", waitedSecsSoFar) @@ -425,6 +435,10 @@ func WaitForTokenAdapter(ccpMetricsEnabled string) { time.Sleep(1 * time.Second) waitedSecsSoFar++ } + + if resp != nil && resp.Body != nil { + defer resp.Body.Close() + } } func StartFluentBit(fluentBitConfigFile string) {