gosec

duc-cnzj · Nov 1, 2023 · 0b6f08f · 0b6f08f
1 parent 3414c88
commit 0b6f08f
Show file tree

Hide file tree

Showing 40 changed files with 140 additions and 105 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 config.yaml
+gosec-results.json
 app
 !app*/
 cover.out
diff --git a/Makefile b/Makefile
@@ -17,6 +17,7 @@ build_tools:
 		google.golang.org/protobuf/cmd/protoc-gen-go \
 		github.com/golangci/golangci-lint/cmd/golangci-lint \
 		golang.org/x/tools/cmd/goimports \
+		github.com/securego/gosec/v2/cmd/gosec \
 		github.com/golang/mock/mockgen
 
 .PHONY: gen_proto
@@ -27,6 +28,10 @@ gen_proto:
 gen:
 	go generate ./... && make fmt
 
+.PHONY: sec
+sec:
+	gosec -exclude=G104,G304 -stdout -tests=false -exclude-generated -fmt=json -out=gosec-results.json  ./...
+
 .PHONY: lint
 lint:
 	golangci-lint run -D errcheck

diff --git a/cmd/init.go b/cmd/init.go
@@ -19,7 +19,7 @@ var initCmd = &cobra.Command{
 				log.Println("config.yaml 文件已存在！")
 				return
 			}
-			if err := os.WriteFile("config.yaml", configExampleFile, 0644); err != nil {
+			if err := os.WriteFile("config.yaml", configExampleFile, 0600); err != nil {
 				log.Println("写入 config.yaml 文件失败")
 				return
 			}

diff --git a/frontend/package.json b/frontend/package.json
@@ -27,8 +27,8 @@
     "antd": "^5.8.4",
     "assert": "^2.0.0",
     "axios": "^1.1.3",
-    "blueimp-md5": "^2.18.0",
     "classnames": "^2.3.1",
+    "crypto-js": "^4.2.0",
     "dayjs": "^1.11.1",
     "escape-html": "^1.0.3",
     "eslint-config-react-app": "^7.0.1",
@@ -102,6 +102,7 @@
   "devDependencies": {
     "@emotion/babel-plugin": "^11.10.6",
     "@types/blueimp-md5": "^2.18.0",
+    "@types/crypto-js": "^4.1.3",
     "@types/escape-html": "^1.0.2",
     "@types/js-yaml": "^4.0.2",
     "@types/jshint": "^2.12.1",

diff --git a/frontend/src/components/Login.tsx b/frontend/src/components/Login.tsx
@@ -10,6 +10,7 @@ import { setState, isRandomBg, toggleRandomBg } from "../utils/token";
 import { css } from "@emotion/css";
 import theme from "../styles/theme";
 import styled from "@emotion/styled";
+
 const Login: React.FC = () => {
   const [bgInfo, setBgInfo] = useState<pb.picture.BackgroundResponse>();
   const [settings, setSettings] = useState<pb.auth.SettingsResponse>();

diff --git a/frontend/src/utils/slug.ts b/frontend/src/utils/slug.ts
@@ -1,5 +1,5 @@
-import md5 from "blueimp-md5";
+import sha256 from "crypto-js/sha256";
 
 export function toSlug(namespaceId: number, name: string) {
-  return md5(namespaceId + "-" + name);
+  return sha256(namespaceId + "-" + name).toString();
 }
diff --git a/frontend/yarn.lock b/frontend/yarn.lock
@@ -2755,6 +2755,11 @@
   dependencies:
     "@types/node" "*"
 
+"@types/crypto-js@^4.1.3":
+  version "4.1.3"
+  resolved "https://registry.npmmirror.com/@types/crypto-js/-/crypto-js-4.1.3.tgz#7f2fa22857ae2b5d3221edcba9644f67f8ea984c"
+  integrity sha512-YP1sYYayLe7Eg5oXyLLvOLfxBfZ5Fgpz6sVWkpB18wDMywCLPWmqzRz+9gyuOoLF0fzDTTFwlyNbx7koONUwqA==
+
 "@types/d3-array@^3.0.3":
   version "3.0.4"
   resolved "https://registry.npmmirror.com/@types/d3-array/-/d3-array-3.0.4.tgz#44eebe40be57476cad6a0cd6a85b0f57d54185a2"
@@ -4062,11 +4067,6 @@ bluebird@^3.5.5, bluebird@^3.7.2:
   resolved "https://registry.npmmirror.com/bluebird/-/bluebird-3.7.2.tgz#9f229c15be272454ffa973ace0dbee79a1b0c36f"
   integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
 
-blueimp-md5@^2.18.0:
-  version "2.19.0"
-  resolved "https://registry.npmmirror.com/blueimp-md5/-/blueimp-md5-2.19.0.tgz#b53feea5498dcb53dc6ec4b823adb84b729c4af0"
-  integrity sha512-DRQrD6gJyy8FbiE4s+bDoXS9hiW3Vbx5uCdwvcCf3zLHL+Iv7LtGHLpr+GZV8rHG8tK766FGYBwRbu8pELTt+w==
-
 body-parser@1.20.1:
   version "1.20.1"
   resolved "https://registry.npmmirror.com/body-parser/-/body-parser-1.20.1.tgz#b1812a8912c195cd371a3ee5e66faa2338a5c668"
@@ -4658,6 +4658,11 @@ cross-spawn@^7.0.0, cross-spawn@^7.0.2, cross-spawn@^7.0.3:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
+crypto-js@^4.2.0:
+  version "4.2.0"
+  resolved "https://registry.npmmirror.com/crypto-js/-/crypto-js-4.2.0.tgz#4d931639ecdfd12ff80e8186dba6af2c2e856631"
+  integrity sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==
+
 crypto-random-string@^2.0.0:
   version "2.0.0"
   resolved "https://registry.npmmirror.com/crypto-random-string/-/crypto-random-string-2.0.0.tgz#ef2a7a966ec11083388369baa02ebead229b30d5"

diff --git a/go.mod b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/golang/mock v1.6.0
 	github.com/golangci/golangci-lint v1.54.2
 	github.com/google/go-github/v47 v47.0.1-0.20220822225427-243bda850b1f
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.4.0
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/gosimple/slug v1.12.0
@@ -34,6 +34,7 @@ require (
 	github.com/prometheus/client_golang v1.16.0
 	github.com/pterm/pterm v0.12.69
 	github.com/robfig/cron/v3 v3.0.1
+	github.com/securego/gosec/v2 v2.18.2
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
@@ -48,8 +49,8 @@ require (
 	go.uber.org/config v1.4.0
 	go.uber.org/zap v1.26.0
 	golang.org/x/oauth2 v0.8.0
-	golang.org/x/sync v0.3.0
-	golang.org/x/tools v0.13.0
+	golang.org/x/sync v0.4.0
+	golang.org/x/tools v0.14.0
 	google.golang.org/grpc v1.56.3
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
 	google.golang.org/protobuf v1.31.0
@@ -168,7 +169,7 @@ require (
 	github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -277,7 +278,6 @@ require (
 	github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect
 	github.com/sashamelentyev/interfacebloat v1.1.0 // indirect
 	github.com/sashamelentyev/usestdlibvars v1.24.0 // indirect
-	github.com/securego/gosec/v2 v2.17.0 // indirect
 	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sivchari/containedctx v1.0.3 // indirect
@@ -323,7 +323,7 @@ require (
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/term v0.13.0 // indirect

diff --git a/go.sum b/go.sum
@@ -470,8 +470,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v47 v47.0.1-0.20220822225427-243bda850b1f h1:8D2wmvSVxLueygUFs2Z+6iOsfo4XP0/ggzfI73GtmTc=
 github.com/google/go-github/v47 v47.0.1-0.20220822225427-243bda850b1f/go.mod h1:DRjdvizXE876j0YOZwInB1ESpOcU/xFBClNiQLSdorE=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
@@ -501,8 +501,9 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
@@ -851,10 +852,10 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
-github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
-github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
-github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
+github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
+github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
+github.com/onsi/gomega v1.28.1 h1:MijcGUbfYuznzK/5R4CPNoUP/9Xvuo20sXfEm6XxoTA=
+github.com/onsi/gomega v1.28.1/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
@@ -978,8 +979,8 @@ github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84d
 github.com/sashamelentyev/usestdlibvars v1.24.0 h1:MKNzmXtGh5N0y74Z/CIaJh4GlB364l0K1RUT08WSWAc=
 github.com/sashamelentyev/usestdlibvars v1.24.0/go.mod h1:9cYkq+gYJ+a5W2RPdhfaSCnTVUC1OQP/bSiiBhq3OZE=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/securego/gosec/v2 v2.17.0 h1:ZpAStTDKY39insEG9OH6kV3IkhQZPTq9a9eGOLOjcdI=
-github.com/securego/gosec/v2 v2.17.0/go.mod h1:lt+mgC91VSmriVoJLentrMkRCYs+HLTBnUFUBuhV2hc=
+github.com/securego/gosec/v2 v2.18.2 h1:DkDt3wCiOtAHf1XkiXZBhQ6m6mK/b9T/wD257R3/c+I=
+github.com/securego/gosec/v2 v2.18.2/go.mod h1:xUuqSF6i0So56Y2wwohWAmB07EdBkUN6crbLlHwbyJs=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU=
@@ -1246,8 +1247,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1329,8 +1330,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
+golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1522,8 +1523,8 @@ golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
 golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/internal/app/bootstrappers/apigateway_bootstrapper.go b/internal/app/bootstrappers/apigateway_bootstrapper.go
@@ -170,8 +170,9 @@ func initServer(ctx context.Context, a *apiGateway) (httpServer, error) {
 	router.PathPrefix("/").Handler(gmux)
 
 	s := &http.Server{
-		Addr:    ":" + app.Config().AppPort,
-		Handler: defaultMiddlewares.Wrap(router),
+		Addr:              ":" + app.Config().AppPort,
+		Handler:           defaultMiddlewares.Wrap(router),
+		ReadHeaderTimeout: 5 * time.Second,
 	}
 
 	return s, nil

diff --git a/internal/app/bootstrappers/app_bootstrapper.go b/internal/app/bootstrappers/app_bootstrapper.go
@@ -117,10 +117,12 @@ func syncImagePullSecrets(app contracts.ApplicationInterface) {
 		}
 	}
 	app.DB().Select("ID", "Name", "ImagePullSecrets").Find(&namespaceList)
-	for _, ns := range namespaceList {
-		var checked = make(map[string]struct{})
-		var missing config.DockerAuths
-
+	for _, namespace := range namespaceList {
+		var (
+			checked = make(map[string]struct{})
+			missing config.DockerAuths
+			ns      = namespace
+		)
 		for _, secretName := range ns.ImagePullSecretsArray() {
 			secret, err := k8sClient.SecretLister.Secrets(ns.Name).Get(secretName)
 			if err != nil {

diff --git a/internal/app/bootstrappers/auth_bootstrapper_test.go b/internal/app/bootstrappers/auth_bootstrapper_test.go
@@ -30,7 +30,7 @@ func (t *testapp) SetAuth(a contracts.AuthInterface) {
 }
 
 func TestAuthBootstrapper_Bootstrap(t *testing.T) {
-	key, _ := rsa.GenerateKey(rand.Reader, 1024)
+	key, _ := rsa.GenerateKey(rand.Reader, 2048)
 	privateKey, _ := x509.MarshalPKCS8PrivateKey(key)
 	bf := bytes.Buffer{}
 	pem.Encode(&bf, &pem.Block{Type: "PRIVATE KEY", Bytes: privateKey})

diff --git a/internal/app/bootstrappers/metrics_bootstrapper.go b/internal/app/bootstrappers/metrics_bootstrapper.go
@@ -3,6 +3,7 @@ package bootstrappers
 import (
 	"context"
 	"net/http"
+	"time"
 
 	"github.com/duc-cnzj/mars/v4/internal/contracts"
 	"github.com/duc-cnzj/mars/v4/internal/mlog"
@@ -31,7 +32,7 @@ func (m *metricsRunner) Run(ctx context.Context) error {
 	mux := http.NewServeMux()
 	mlog.Infof("[Server]: metrics running at :%s/metrics", m.port)
 	mux.Handle("/metrics", promhttp.Handler())
-	m.s = &http.Server{Addr: ":" + m.port, Handler: mux}
+	m.s = &http.Server{Addr: ":" + m.port, Handler: mux, ReadHeaderTimeout: 5 * time.Second}
 	go func() {
 		m.s.ListenAndServe()
 	}()

diff --git a/internal/app/bootstrappers/pprof_bootstrapper.go b/internal/app/bootstrappers/pprof_bootstrapper.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 	"net/http/pprof"
+	"time"
 
 	"github.com/duc-cnzj/mars/v4/internal/contracts"
 	"github.com/duc-cnzj/mars/v4/internal/mlog"
@@ -16,18 +17,28 @@ func (p *PprofBootstrapper) Tags() []string {
 }
 
 func (p *PprofBootstrapper) Bootstrap(app contracts.ApplicationInterface) error {
-	app.AddServer(&pprofRunner{})
+	app.AddServer(&pprofRunner{
+		server: &http.Server{
+			Addr:              "localhost:6060",
+			ReadTimeout:       10 * time.Second,
+			ReadHeaderTimeout: 5 * time.Second,
+			WriteTimeout:      30 * time.Second,
+			Handler:           pprofMux(),
+		},
+	})
 
 	return nil
 }
 
-type pprofRunner struct{}
+type pprofRunner struct {
+	server httpServer
+}
 
 func (p *pprofRunner) Run(ctx context.Context) error {
 	mlog.Info("[Server]: start pprofRunner runner.")
 	go func() {
 		mlog.Info("Starting pprof server on localhost:6060.")
-		if err := http.ListenAndServe("localhost:6060", pprofMux()); err != nil && err != http.ErrServerClosed {
+		if err := p.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
 			mlog.Error(err)
 		}
 	}()
@@ -47,6 +58,5 @@ func pprofMux() *http.ServeMux {
 
 func (p *pprofRunner) Shutdown(ctx context.Context) error {
 	mlog.Info("[Server]: shutdown pprofRunner runner.")
-
-	return nil
+	return p.server.Shutdown(ctx)
 }
diff --git a/internal/app/bootstrappers/pprof_bootstrapper_test.go b/internal/app/bootstrappers/pprof_bootstrapper_test.go
@@ -21,7 +21,9 @@ func TestPprofBootstrapper_Bootstrap(t *testing.T) {
 }
 
 func TestPprofRunner_Shutdown(t *testing.T) {
-	assert.Nil(t, (&pprofRunner{}).Shutdown(context.TODO()))
+	s := &mockHttpServer{}
+	assert.Nil(t, (&pprofRunner{server: s}).Shutdown(context.TODO()))
+	assert.True(t, s.shutdownCalled)
 }
 
 func TestPprofBootstrapper_Tags(t *testing.T) {

diff --git a/internal/app/bootstrappers/upload_bootstrapper.go b/internal/app/bootstrappers/upload_bootstrapper.go
@@ -21,7 +21,7 @@ func (*UploadBootstrapper) Bootstrap(app contracts.ApplicationInterface) error {
 		if info, err := os.Stat(cfg.UploadDir); err != nil {
 			if os.IsNotExist(err) {
 				mlog.Infof("[UploadBootstrapper]: create upload dir %s", cfg.UploadDir)
-				if err := os.MkdirAll(cfg.UploadDir, 0755); err != nil {
+				if err := os.MkdirAll(cfg.UploadDir, 0750); err != nil {
 					return err
 				}
 			}

diff --git a/internal/cachelock/database_lock.go b/internal/cachelock/database_lock.go
@@ -5,7 +5,6 @@ package cachelock
 
 import (
 	"context"
-	"math/rand"
 	"time"
 
 	"gorm.io/gorm"
@@ -14,6 +13,7 @@ import (
 	"github.com/duc-cnzj/mars/v4/internal/mlog"
 	"github.com/duc-cnzj/mars/v4/internal/models"
 	"github.com/duc-cnzj/mars/v4/internal/utils"
+	"github.com/duc-cnzj/mars/v4/internal/utils/rand"
 	"github.com/duc-cnzj/mars/v4/internal/utils/recovery"
 )
 

diff --git a/internal/cachelock/memory_lock.go b/internal/cachelock/memory_lock.go
@@ -2,13 +2,13 @@ package cachelock
 
 import (
 	"context"
-	"math/rand"
 	"sync"
 	"time"
 
 	"github.com/duc-cnzj/mars/v4/internal/contracts"
 	"github.com/duc-cnzj/mars/v4/internal/mlog"
 	"github.com/duc-cnzj/mars/v4/internal/utils"
+	"github.com/duc-cnzj/mars/v4/internal/utils/rand"
 	"github.com/duc-cnzj/mars/v4/internal/utils/recovery"
 )