Why is this an issue?
In cmd/clouddns/main.go:85-100, the SSL mode is forcibly set to disable for connections through the Cloud SQL Proxy (127.0.0.1). While the comment claims this is to avoid TLS handshake issues with the local proxy, it means SSL is disabled even when the user explicitly configured sslmode=verify-full.
What is causing it?
q.Set("sslmode", "disable")This unconditionally overwrites any user-specified SSL mode, including verify-full for production connections.
How can it be solved?
Only disable SSL for the specific case of localhost connections through Cloud SQL Proxy, not for all connections. Check if the host is 127.0.0.1 or localhost before forcing sslmode=disable.
Category
Severity
Why is this an issue?
In
cmd/clouddns/main.go:85-100, the SSL mode is forcibly set todisablefor connections through the Cloud SQL Proxy (127.0.0.1). While the comment claims this is to avoid TLS handshake issues with the local proxy, it means SSL is disabled even when the user explicitly configuredsslmode=verify-full.What is causing it?
This unconditionally overwrites any user-specified SSL mode, including
verify-fullfor production connections.How can it be solved?
Only disable SSL for the specific case of localhost connections through Cloud SQL Proxy, not for all connections. Check if the host is
127.0.0.1orlocalhostbefore forcingsslmode=disable.Category
Severity