Skip to content

Go rule to check for usage of net/http/pprof #766

New issue
New issue
Open
Enhancement
Open
Go rule to check for usage of net/http/pprof#766
Enhancement
@ericwb

Description

@ericwb
ericwb
opened on May 16, 2025

Is your feature request related to a problem? Please describe.
Importing the net/http/pprof has an implicit effect of exposing a routing for debugging purposes if used in conjunction with http.ListenAndServe()

Describe the solution you'd like
Need a new rule to check for this import. A sample snippet of code that exhibits this problem:

import (
    "net/http"
    _ "net/http/pprof"
)

func main() {
    go http.ListenAndServe("0.0.0.0:80", nil)
}

CWE-489: Active Debug Code might be appropriate.

Describe alternatives you've considered
n/a

Additional context
https://pkg.go.dev/net/http/pprof

Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions