cmd/coordinator,maintner/maintnerd: don't expose pprof endpoints
These are public servers with TLS private keys, they should not make
goroutine stack profiles publicly available.
Change-Id: I6d1c6a503069d5091c7840ec88808e7e02b67308
Reviewed-on: https://go-review.googlesource.com/c/build/+/321809
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
diff --git a/cmd/buildlet/buildlet.go b/cmd/buildlet/buildlet.go
index 02a54a5..6dabce5 100644
--- a/cmd/buildlet/buildlet.go
+++ b/cmd/buildlet/buildlet.go
@@ -223,7 +223,6 @@
initGorootBootstrap()
http.HandleFunc("/", handleRoot)
- http.HandleFunc("/debug/goroutines", handleGoroutines)
http.HandleFunc("/debug/x", handleX)
var password string
@@ -233,6 +232,7 @@
requireAuth := func(handler func(w http.ResponseWriter, r *http.Request)) http.Handler {
return requirePasswordHandler{http.HandlerFunc(handler), password}
}
+ http.Handle("/debug/goroutines", requireAuth(handleGoroutines))
http.Handle("/writetgz", requireAuth(handleWriteTGZ))
http.Handle("/write", requireAuth(handleWrite))
http.Handle("/exec", requireAuth(handleExec))
@@ -496,7 +496,6 @@
fmt.Fprintf(w, "buildlet running on %s-%s\n", runtime.GOOS, runtime.GOARCH)
}
-// unauthenticated /debug/goroutines handler
func handleGoroutines(w http.ResponseWriter, r *http.Request) {
log.Printf("Dumping goroutines.")
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
diff --git a/cmd/coordinator/coordinator.go b/cmd/coordinator/coordinator.go
index fd250ec..100453f 100644
--- a/cmd/coordinator/coordinator.go
+++ b/cmd/coordinator/coordinator.go
@@ -32,11 +32,9 @@
"log"
"net"
"net/http"
- _ "net/http/pprof"
"net/url"
"os"
"path"
- "runtime"
"sort"
"strings"
"sync"
@@ -343,7 +341,6 @@
gs := &gRPCServer{dashboardURL: "https://build.golang.org"}
protos.RegisterCoordinatorServer(grpcServer, gs)
http.HandleFunc("/", handleStatus)
- http.HandleFunc("/debug/goroutines", handleDebugGoroutines)
http.HandleFunc("/builders", handleBuilders)
http.HandleFunc("/temporarylogs", handleLogs)
http.HandleFunc("/reverse", pool.HandleReverse)
@@ -839,13 +836,6 @@
}
}
-func handleDebugGoroutines(w http.ResponseWriter, r *http.Request) {
- w.Header().Set("Content-Type", "text/plain; charset=utf-8")
- buf := make([]byte, 1<<20)
- buf = buf[:runtime.Stack(buf, true)]
- w.Write(buf)
-}
-
func writeStatusHeader(w http.ResponseWriter, st *buildStatus) {
st.mu.Lock()
defer st.mu.Unlock()
diff --git a/cmd/coordinator/status.go b/cmd/coordinator/status.go
index 9ae2158..acbf400 100644
--- a/cmd/coordinator/status.go
+++ b/cmd/coordinator/status.go
@@ -947,9 +947,6 @@
<h2 id=fd>File Descriptors <a href='#fd'>¶</a></h2>
<p>{{.NumFD}}</p>
-<h2 id=goroutines>Goroutines <a href='#goroutines'>¶</a></h2>
-<p>{{.NumGoroutine}} <a href='/debug/goroutines'>goroutines</a></p>
-
</body>
</html>
`))
diff --git a/maintner/maintnerd/maintnerd.go b/maintner/maintnerd/maintnerd.go
index eea394e..31be037 100644
--- a/maintner/maintnerd/maintnerd.go
+++ b/maintner/maintnerd/maintnerd.go
@@ -17,7 +17,6 @@
"net"
"net/http"
"net/http/httptest"
- _ "net/http/pprof"
"os"
"path/filepath"
"runtime"
@@ -259,9 +258,6 @@
grpcServer := grpc.NewServer()
apipb.RegisterMaintnerServiceServer(grpcServer, maintapi.NewAPIService(corpus))
http.Handle("/apipb.MaintnerService/", grpcServer)
- http.HandleFunc("/debug/goroutines", func(w http.ResponseWriter, r *http.Request) {
- http.Redirect(w, r, "/debug/pprof/goroutine?debug=1", http.StatusFound)
- })
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.Header.Get("Content-Type"), "application/grpc") {