Closed babolivier closed 4 years ago
maquis196
commented
4 years ago So ive started the work on this so we can try and get the tls1.3 changes merged, but its hitting an issue that i dont know if is real or something with golang-ci;
main.go:13:2: G108: Profiling endpoint is automatically exposed on /debug/pprof (gosec) _ "net/http/pprof"
ilmari
commented
4 years ago So ive started the work on this so we can try and get the tls1.3 changes merged, but its hitting an issue that i dont know if is real or something with golang-ci;
main.go:13:2: G108: Profiling endpoint is automatically exposed on /debug/pprof (gosec) _ "net/http/pprof"
This is a gosec rule specifically against net/http/pprof. The fix is to either remove that import (and thus disable the /debug/ppprof endpoint), or to decide that that's okay (because that path is not typically exposed by the reverse proxy in a real setup), and annotate it with // nolint:gosec,G108.
maquis196
commented
4 years ago thanks for the tip, ive added that annotation, fixed misspell and its all gone green. Awesome.
According to https://github.com/alecthomas/gometalinter/issues/590, gometalinter is being deprecated and needs to be replaced with golangci-lint.