fix: Improve http.Client usage for security and performance #1910
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jentfoo
commented
Feb 6, 2025
jentfoo
commented
Feb 6, 2025
jentfoo
force-pushed
the
jent/http.Client_handling
branch
from
f8ee52c to
da0f385
Compare
jrschumacher
reviewed
Feb 7, 2025
jrschumacher
reviewed
Feb 7, 2025
This change switches us from maintaining a tls config which we then on-demand initialize an `http.Client` with to instead maintain and reuse an `http.Client` instance. This enables us to utilize the connection pooling which occurs within the `http.Transport` to reduce ssl handshakes and thus reduce latency. In addition this change provides us a central place to configure out `http.Client` (`httputil`). Allowing us to easily set configuration options to reduce the security risks of using an unconfigured `http.Client`. Notably timeouts to reduce DoS risks, and control around following redirects to prevent blind SSRF's. This change will provide significant benefit without making API changes. A future PR will update the service and also cleanup some of the API.
jentfoo
force-pushed
the
jent/http.Client_handling
branch
from
06093c7 to
c7026b8
Compare
dmihalcik-virtru
previously approved these changes
Feb 13, 2025
dmihalcik-virtru
approved these changes
Feb 13, 2025
strantalis
approved these changes
Feb 14, 2025
jentfoo
added a commit
that referenced
this pull request
Feb 18, 2025
This PR follows #1910 by updating `service` to utilize the new `httputil` helper for constructing a client which wont follow redirects, and has sensible timeouts. The prior auth API was marked as deprecated. There is no remaining use within this repo, so it may be able to be removed. Merging this should fully resolve #1891.
3 tasks
github-merge-queue bot
pushed a commit
that referenced
this pull request
Feb 25, 2025
🤖 I have created a release *beep* *boop* --- ## [0.3.27](sdk/v0.3.26...sdk/v0.3.27) (2025-02-25) ### Features * **core:** EXPERIMENTAL: EC-wrapped key support ([#1902](#1902)) ([652266f](652266f)) * **policy:** adds new public keys table ([#1836](#1836)) ([cad5048](cad5048)) * **sdk:** Allow schema validation during TDF decrypt ([#1870](#1870)) ([b7e6fb2](b7e6fb2)) * **sdk:** MIC-1436: User can decrypt TDF files created with FileWatcher2.0.8 and older. ([#1833](#1833)) ([f77d110](f77d110)) * **sdk:** remove hex encoding for segment hash ([#1805](#1805)) ([d7179c2](d7179c2)) * **sdk:** sdk.New should validate platform connectivity and provide precise error ([#1937](#1937)) ([aa3696d](aa3696d)) ### Bug Fixes * **core:** Autobump sdk ([#1873](#1873)) ([085ac7a](085ac7a)) * **core:** Autobump sdk ([#1894](#1894)) ([201244e](201244e)) * **core:** Autobump sdk ([#1917](#1917)) ([edeeb74](edeeb74)) * **core:** Autobump sdk ([#1941](#1941)) ([0a5a948](0a5a948)) * Improve http.Client usage for security and performance ([#1910](#1910)) ([e6a53a3](e6a53a3)) * **sdk:** bump lib/ocrypto to 0.1.8 ([#1938](#1938)) ([53fa8ab](53fa8ab)) * **sdk:** Fix compatibility between bulk and non-bulk rewrap ([#1914](#1914)) ([74abbb6](74abbb6)) * **sdk:** Removes unnecessary down-cast of `int` ([#1869](#1869)) ([66f0c14](66f0c14)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
jentfoo
added a commit
that referenced
this pull request
Mar 5, 2025
This PR follows #1910 by updating `service` to utilize the new `httputil` helper for constructing a client which wont follow redirects, and has sensible timeouts. The prior auth API was marked as deprecated. There is no remaining use within this repo, so it may be able to be removed. Merging this should fully resolve #1891.
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 5, 2025
### Proposed Changes This PR follows #1910 by updating `service` to utilize the new `httputil` helper for constructing a client which wont follow redirects, and has sensible timeouts. To quote that description: > This change switches us from maintaining a tls config which we then on-demand initialize an http.Client with to instead maintain and reuse an http.Client instance. This enables us to utilize the connection pooling which occurs within the http.Transport to reduce ssl handshakes and thus reduce latency. > > In addition this change provides us a central place to configure out http.Client (httputil). Allowing us to easily set configuration options to reduce the security risks of using an unconfigured http.Client. Notably timeouts to reduce DoS risks, and control around following redirects to prevent blind SSRF's. The prior auth API was marked as deprecated. There is no remaining use within this repo, so it may be able to be removed. Merging this should fully resolve #1891. ### Checklist - [X] I have added or updated unit tests - [ ] I have added or updated integration tests (if appropriate) - [ ] I have added or updated documentation ### Testing Instructions
github-merge-queue bot
pushed a commit
that referenced
this pull request
Aug 26, 2025
🤖 I have created a release *beep* *boop* --- ## [0.7.0](sdk/v0.6.1...sdk/v0.7.0) (2025-08-25) ### ⚠ BREAKING CHANGES * **core:** Require go 1.23+ ([#1979](#1979)) ### Features * add system metadata assertions to TDFConfig ([#2446](#2446)) ([4eb9fff](4eb9fff)) * **authz:** authz v2 versioning implementation ([#2173](#2173)) ([557fc21](557fc21)) * **core:** adds bulk rewrap to sdk and service ([#1835](#1835)) ([11698ae](11698ae)) * **core:** Adds EC withSalt options ([#2126](#2126)) ([67b6fb8](67b6fb8)) * **core:** Adds ErrInvalidPerSchema ([#1860](#1860)) ([456639e](456639e)) * **core:** DSPX-608 - Deprecate public_client_id ([#2185](#2185)) ([0f58efa](0f58efa)) * **core:** EXPERIMENTAL: EC-wrapped key support ([#1902](#1902)) ([652266f](652266f)) * **core:** Expose version info ([#1841](#1841)) ([92a9f5e](92a9f5e)) * **core:** Require go 1.23+ ([#1979](#1979)) ([164c922](164c922)) * **core:** v2 ERS with proto updates ([#2210](#2210)) ([a161ef8](a161ef8)) * **policy:** actions service RPCs should actually hit storage layer CRUD ([#2063](#2063)) ([da4faf5](da4faf5)) * **policy:** Add list key mappings rpc. ([#2533](#2533)) ([fbc2724](fbc2724)) * **policy:** adds new public keys table ([#1836](#1836)) ([cad5048](cad5048)) * **policy:** Allow the deletion of a key. ([#2575](#2575)) ([82b96f0](82b96f0)) * **policy:** Default Platform Keys ([#2254](#2254)) ([d7447fe](d7447fe)) * **policy:** DSPX-902 NDR service crud implementation (2/2) ([#2066](#2066)) ([030ad33](030ad33)) * **policy:** key management crud ([#2110](#2110)) ([4c3d53d](4c3d53d)) * **sdk:** Add a KAS allowlist ([#2085](#2085)) ([d7cfdf3](d7cfdf3)) * **sdk:** add nanotdf plaintext policy ([#2182](#2182)) ([e5c56db](e5c56db)) * **sdk:** adds seeker interface to TDF Reader ([#2385](#2385)) ([63ccd9a](63ccd9a)) * **sdk:** Allow key splits with same algo ([#2454](#2454)) ([7422b15](7422b15)) * **sdk:** Allow schema validation during TDF decrypt ([#1870](#1870)) ([b7e6fb2](b7e6fb2)) * **sdk:** autoconfig kaos with kids ([#2438](#2438)) ([c272016](c272016)) * **sdk:** bump protocol/go v0.6.0 ([#2536](#2536)) ([23e4c2b](23e4c2b)) * **sdk:** CreateTDF option to run with specific target schema version ([#2045](#2045)) ([0976b15](0976b15)) * **sdk:** Enable base key support. ([#2425](#2425)) ([9ff3806](9ff3806)) * **sdk:** Expose connectrpc wrapper codegen for re-use ([#2322](#2322)) ([8b29392](8b29392)) * **sdk:** MIC-1436: User can decrypt TDF files created with FileWatcher2.0.8 and older. ([#1833](#1833)) ([f77d110](f77d110)) * **sdk:** remove hex encoding for segment hash ([#1805](#1805)) ([d7179c2](d7179c2)) * **sdk:** sdk.New should validate platform connectivity and provide precise error ([#1937](#1937)) ([aa3696d](aa3696d)) * **sdk:** Use ConnectRPC in the go client ([#2200](#2200)) ([fc34ee6](fc34ee6)) ### Bug Fixes * Allow parsing IPs as hostnames ([#1999](#1999)) ([d54b550](d54b550)) * **ci:** Fix intermittent failures from auth tests ([#2345](#2345)) ([395988a](395988a)) * **ci:** Update expired ca and certs in oauth unit tests ([#2113](#2113)) ([5440fcc](5440fcc)) * **core:** Autobump sdk ([#1863](#1863)) ([855cb2b](855cb2b)) * **core:** Autobump sdk ([#1873](#1873)) ([085ac7a](085ac7a)) * **core:** Autobump sdk ([#1894](#1894)) ([201244e](201244e)) * **core:** Autobump sdk ([#1917](#1917)) ([edeeb74](edeeb74)) * **core:** Autobump sdk ([#1941](#1941)) ([0a5a948](0a5a948)) * **core:** Autobump sdk ([#1948](#1948)) ([4dfb457](4dfb457)) * **core:** Autobump sdk ([#1968](#1968)) ([7084061](7084061)) * **core:** Autobump sdk ([#1972](#1972)) ([7258f5d](7258f5d)) * **core:** Autobump sdk ([#2102](#2102)) ([0315635](0315635)) * **core:** Fixes protoJSON parse bug on ec rewrap ([#1943](#1943)) ([9bebfd0](9bebfd0)) * **core:** Improves errors when under heavy load ([#2132](#2132)) ([4490a14](4490a14)) * **core:** Update fixtures and flattening in sdk and service ([#1827](#1827)) ([d6d6a7a](d6d6a7a)) * **core:** Updates ec-wrapped to newer salt ([#1961](#1961)) ([0e17968](0e17968)) * **deps:** bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /sdk ([#2597](#2597)) ([a68d00d](a68d00d)) * **deps:** bump github.com/opentdf/platform/lib/ocrypto from 0.2.0 to 0.3.0 in /sdk ([#2502](#2502)) ([3ec8b35](3ec8b35)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.3.6 to 0.4.0 in /sdk ([#2397](#2397)) ([99e3aa4](99e3aa4)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.4.0 to 0.5.0 in /sdk ([#2471](#2471)) ([e8f97e0](e8f97e0)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.5.0 to 0.5.1 in /sdk ([#2505](#2505)) ([4edab72](4edab72)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.6.0 to 0.6.2 in /sdk ([#2586](#2586)) ([4ed9856](4ed9856)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.6.2 to 0.7.0 in /sdk ([#2627](#2627)) ([e775e14](e775e14)) * **deps:** bump golang.org/x/oauth2 from 0.26.0 to 0.30.0 in /sdk ([#2252](#2252)) ([9b775a2](9b775a2)) * **deps:** bump google.golang.org/grpc from 1.71.0 to 1.72.1 in /sdk ([#2244](#2244)) ([49484e0](49484e0)) * **deps:** bump the external group across 1 directory with 5 updates ([#2400](#2400)) ([0b7ea79](0b7ea79)) * **deps:** bump toolchain in /lib/fixtures and /examples to resolve CVE GO-2025-3563 ([#2061](#2061)) ([9c16843](9c16843)) * Improve http.Client usage for security and performance ([#1910](#1910)) ([e6a53a3](e6a53a3)) * **sdk:** adds connection options to getPlatformConfiguration ([#2286](#2286)) ([a3af31e](a3af31e)) * **sdk:** Allow reuse of session key ([#2016](#2016)) ([d48c11e](d48c11e)) * **sdk:** bump lib/ocrypto to 0.1.8 ([#1938](#1938)) ([53fa8ab](53fa8ab)) * **sdk:** bump protocol/go module dependencies ([#2078](#2078)) ([e027f43](e027f43)) * **sdk:** Display proper error on kas rewrap failure ([#2081](#2081)) ([508cbcd](508cbcd)) * **sdk:** everything is `mixedSplits` now ([#1861](#1861)) ([ba78f14](ba78f14)) * **sdk:** Fix compatibility between bulk and non-bulk rewrap ([#1914](#1914)) ([74abbb6](74abbb6)) * **sdk:** Fixed token expiration time ([#1854](#1854)) ([c3cda1b](c3cda1b)) * **sdk:** perfsprint lint issues ([#2208](#2208)) ([d36a078](d36a078)) * **sdk:** Prefer KID and Algorithm selection from key maps ([#2475](#2475)) ([98fd392](98fd392)) * **sdk:** Removes unnecessary down-cast of `int` ([#1869](#1869)) ([66f0c14](66f0c14)) * **sdk:** Version config fix ([#1847](#1847)) ([be5d817](be5d817)) * Service utilize `httputil.SafeHttpClient` ([#1926](#1926)) ([af32700](af32700)) * set consistent system metadata id and schema ([#2451](#2451)) ([5db3cf2](5db3cf2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes
This change switches us from maintaining a tls config which we then on-demand initialize an
http.Clientwith to instead maintain and reuse anhttp.Clientinstance. This enables us to utilize the connection pooling which occurs within thehttp.Transportto reduce ssl handshakes and thus reduce latency.In addition this change provides us a central place to configure out
http.Client(httputil). Allowing us to easily set configuration options to reduce the security risks of using an unconfiguredhttp.Client. Notably timeouts to reduce DoS risks, and control around following redirects to prevent blind SSRF's.This PR 3/4 addresses #1891. After it's merged a small change will be made in the
serviceto fully utilize the API being introduced in the SDK here.Checklist
Testing Instructions