From 3e67164da2604e47e3e73ea496a5bbf7010393fa Mon Sep 17 00:00:00 2001
From: Celeste Hickenlooper <celeste@router.sex>
Date: Sat, 3 Jan 2026 02:58:22 -0800
Subject: [PATCH] fix: add io.LimitReader and proper error handling to
 shodan.go

Add io.LimitReader with 5MB limit to prevent memory exhaustion and
fix ignored error in queryShodanHost. The error from io.ReadAll was
previously being discarded with _, which could mask read failures.
---
 pkg/scan/shodan.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/scan/shodan.go b/pkg/scan/shodan.go
index 9395b0e..fcec54b 100644
--- a/pkg/scan/shodan.go
+++ b/pkg/scan/shodan.go
@@ -189,11 +189,14 @@ func queryShodanHost(ip string, apiKey string, timeout time.Duration) (*ShodanRe
 	}
 
 	if resp.StatusCode != http.StatusOK {
-		body, _ := io.ReadAll(resp.Body)
+		body, err := io.ReadAll(io.LimitReader(resp.Body, 5*1024*1024))
+		if err != nil {
+			return nil, fmt.Errorf("read shodan response: %w", err)
+		}
 		return nil, fmt.Errorf("Shodan API error (status %d): %s", resp.StatusCode, string(body))
 	}
 
-	body, err := io.ReadAll(resp.Body)
+	body, err := io.ReadAll(io.LimitReader(resp.Body, 5*1024*1024))
 	if err != nil {
 		return nil, fmt.Errorf("failed to read response: %w", err)
 	}