Go

Go

Made by DeepSource

Profiling endpoint automatically exposed on /debug/pprof GO-S2108

Security
Major
Autofix a05 cwe-200 owasp top 10

Importing net/http/pprof will automatically expose a debug endpoint /debug/pprof that exposes sensitive application information such as the heap profile and CPU profile, also impacting the application performance. It is recommended to remove the net/http/pprof import in production builds.

Bad practice

package main

import (
    _ "net/http/pprof"
)

References