ncabatoff / process-exporter

Prometheus exporter that mines /proc to report on selected processes
MIT License
1.7k stars 269 forks source link

/net/http/pprof were detected as information disclosure vulnerability #290

Open pkourampas opened 8 months ago

pkourampas commented 8 months ago

pprof endpoints are exposed by default automatically by net/http/pprof import, which is reported as High security vulnerability by several different vulnerability scanners.

Although we do understand the importance of having pprof endpoints available for debugging/tuning of the exporter, it would be nice to have ability of turning it off completely in production environments (or opt-in to enable it just for debugging).