Golang runtime profiling data
Description
The Go programming language includes a built-in pprof package that exposes runtime profiling and diagnostic data through HTTP endpoints. When imported into a Go application, this package automatically registers handlers at /debug/pprof/ that serve detailed runtime information including memory profiles, CPU profiles, goroutine traces, and application internals. This application has the pprof package enabled and these diagnostic endpoints are accessible without authentication, exposing sensitive runtime data to unauthorized users.
Remediation
Restrict access to pprof endpoints by implementing one or more of the following controls:
1. Remove pprof from production builds:
Only import the pprof package in development and testing environments. Use build tags to conditionally include profiling capabilities:
// +build debug package main import _ "net/http/pprof"Then build production binaries without the debug tag.
2. Implement authentication and authorization:
Wrap pprof handlers with authentication middleware to restrict access to authorized users only:
import (
"net/http"
"net/http/pprof"
)
func pprofAuth(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// Implement your authentication logic
if !isAuthorized(r) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
next(w, r)
}
}
// Register with authentication
http.HandleFunc("/debug/pprof/", pprofAuth(pprof.Index))3. Network-level restrictions:
Configure firewall rules or network policies to restrict access to pprof endpoints to trusted IP addresses or internal networks only. Ensure these endpoints are not exposed to the public internet.
4. Use a separate admin server:
Run pprof on a separate HTTP server bound to localhost or an internal interface, isolated from the main application server that handles public traffic.