Skip to content

[security-fix] Fix unhandled error in mcp_inspect.go waitForServerReady function #7823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pelikhan merged 1 commit into from
Dec 26, 2025
Merged

[security-fix] Fix unhandled error in mcp_inspect.go waitForServerReady function #7823

pelikhan merged 1 commit into from
Dec 26, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 26, 2025

Security Fix: Unhandled Error in Response Body Close

Alert Number: #409
Severity: LOW
Rule: G104 - Errors unhandled
File: pkg/cli/mcp_inspect.go:462

Vulnerability Description

The security scanner detected an unhandled error when calling resp.Body.Close() in the waitForServerReady function at line 462. According to Go best practices and security guidelines, errors from Close() operations should always be checked, as they can indicate resource leaks or I/O failures.

Fix Applied

Added proper error handling for resp.Body.Close():

  • Changed from: resp.Body.Close()
  • Changed to: Checking the error return value and logging a warning if closing the response body fails

This ensures that any failures in closing the response body are properly logged for debugging purposes, while not affecting the main logic flow since this is a non-critical cleanup operation during server readiness polling.

Security Best Practices

  • Always check errors: Even for cleanup operations like Close(), error checking prevents silent failures and potential resource leaks
  • Logging non-critical errors: Since this is a polling loop checking server readiness, logging the close error as a warning is appropriate without disrupting the main flow
  • Resource cleanup: Properly handling close errors ensures better resource management

Testing Considerations

  • The fix maintains the existing behavior: the function still returns true when the server responds successfully
  • If closing the response body fails, a warning is logged but the function continues normally
  • The polling loop continues to work as expected with improved error visibility

AI generated by Security Fix PR

@github-actions @claude
Fix unhandled error in mcp_inspect.go waitForServerReady function
b11fc9c 
Added proper error handling for resp.Body.Close() at line 462 to address
security alert #409 (G104 - Errors unhandled).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@pelikhan pelikhan marked this pull request as ready for review December 26, 2025 21:14
@pelikhan pelikhan merged commit 88042d1 into main Dec 26, 2025
4 checks passed
@pelikhan pelikhan deleted the main-1e8aaa81bbbc2364 branch December 26, 2025 21:16
@github-actions github-actions bot mentioned this pull request Dec 26, 2025
Closed
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pelikhan pelikhan pelikhan approved these changes

Assignees

No one assigned

Labels

automated-fix security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pelikhan