Skip to content
unfault

go.nethttp.missing_timeout

Stability Critical

Detects net/http clients and servers without timeout configuration.

Why It Matters

Section titled “Why It Matters”

Missing HTTP timeouts:

  • Resource exhaustion — Hanging connections consume resources
  • Slowloris attacks — Servers vulnerable to slow clients
  • Cascading failures — Slow dependencies block callers

Example

Section titled “Example”
// ❌ Before (no timeout - client)
client := &http.Client{}
resp, err := client.Get("https://api.example.com/data")


// ❌ Before (no timeout - server)
server := &http.Server{
    Addr: ":8080",
}
// ✅ After (with timeout - client)
client := &http.Client{
    Timeout: 30 * time.Second,
    Transport: &http.Transport{
        DialContext: (&net.Dialer{
            Timeout: 5 * time.Second,
        }).DialContext,
        ResponseHeaderTimeout: 10 * time.Second,
        IdleConnTimeout:       90 * time.Second,
    },
}


// ✅ After (with timeout - server)
server := &http.Server{
    Addr:         ":8080",
    ReadTimeout:  15 * time.Second,
    WriteTimeout: 15 * time.Second,
    IdleTimeout:  60 * time.Second,
}

What Unfault Detects

Section titled “What Unfault Detects”
  • http.Client without Timeout
  • http.Server without ReadTimeout/WriteTimeout
  • http.Transport without timeouts
  • Use of http.DefaultClient

Auto-Fix

Section titled “Auto-Fix”

Unfault can add appropriate timeout configuration to HTTP clients and servers.

Section titled “Related Rules”