Add a rule which detects when pprof endpoint is automatically exposed

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2025-07-09 00:45:40 +02:00 · 2019-09-20 10:46:06 +02:00
parent 73fbc9ba49
commit 9cee24cccd
4 changed files with 64 additions and 0 deletions
--- a/testutils/source.go
+++ b/testutils/source.go
@ -404,6 +404,23 @@ func main() {
    	}
      	fmt.Println(resp.Status)
 }`}, 0, gosec.NewConfig()}}
+	// SampleCodeG108 - pprof endpoint automatically exposed
+	SampleCodeG108 = []CodeSample{{[]string{`
+package main
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	_ "net/http/pprof"
+)
+
+func main() {
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "Hello World!")
+	})
+	log.Fatal(http.ListenAndServe(":8080", nil))
+}`}, 1, gosec.NewConfig()}}
 	// SampleCodeG201 - SQL injection via format string
 	SampleCodeG201 = []CodeSample{
 		{[]string{`