Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

restrict pprof-addr to localhost #893

Merged
merged 2 commits into from
Oct 6, 2023
Merged

restrict pprof-addr to localhost #893

merged 2 commits into from
Oct 6, 2023

Conversation

adam-mateen
Copy link
Contributor

@adam-mateen adam-mateen commented Oct 6, 2023

Description of the issue

Avoid potential misconfiguration exposing agent debug info externally.

Description of changes

Improved the --help text for the --prof-addr option.
Added a check to ensure that the address is localhost:nnnn

License

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Tests

  • Manual testing:
amazon-cloudwatch-agent --pprof-addr 123
2023-10-06T14:46:12Z W! Not starting pprof, it is restricted to localhost:nnnn
2023-10-06T14:46:12Z E! [telegraf] Error running agent: no config file specified

amazon-cloudwatch-agent --pprof-addr localhost
2023-10-06T14:46:18Z I! Starting pprof HTTP server at: http://localhost/debug/pprof
2023-10-06T14:46:18Z E! [telegraf] Error running agent: no config file specified
2023-10-06T14:46:18Z E! listen tcp: address localhost: missing port in address

amazon-cloudwatch-agent --pprof-addr localhost:123
2023-10-06T14:46:26Z I! Starting pprof HTTP server at: http://localhost:123/debug/pprof
2023-10-06T14:46:26Z E! [telegraf] Error running agent: no config file specified

amazon-cloudwatch-agent --pprof-addr :123         
2023-10-06T14:46:39Z I! Starting pprof HTTP server at: http://localhost:123/debug/pprof
2023-10-06T14:46:39Z E! [telegraf] Error running agent: no config file specified

amazon-cloudwatch-agent --pprof-addr lokalhost:8090
2023-10-06T14:47:04Z W! Not starting pprof, it is restricted to localhost:nnnn
2023-10-06T14:47:04Z E! [telegraf] Error running agent: no config file specified

--help output looks like this:

  -otelconfig string
    	YAML configuration file to run OTel pipeline
  -output-filter string
    	filter the outputs to enable, separator is :
  -output-list
    	print available output plugins.
  -pidfile string
    	file to write our pid to
  -pprof-addr string
    	pprof address to listen on, disabled by default, examples: 'localhost:1234', ':4567' (restricted to localhost)

Requirements

Before commit the code, please do the following steps.

  1. Run make fmt and make fmt-sh
  2. Run make lint

@adam-mateen adam-mateen requested a review from a team as a code owner October 6, 2023 14:12
@codecov-commenter
Copy link

codecov-commenter commented Oct 6, 2023

Codecov Report

Attention: 37 lines in your changes are missing coverage. Please review.

Comparison is base (96d4763) 57.58% compared to head (15e57df) 62.66%.
Report is 418 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #893      +/-   ##
==========================================
+ Coverage   57.58%   62.66%   +5.08%     
==========================================
  Files         370      338      -32     
  Lines       17548    17009     -539     
==========================================
+ Hits        10105    10659     +554     
+ Misses       6848     5796    -1052     
+ Partials      595      554      -41     
Files Coverage Δ
cfg/commonconfig/commonconfig.go 8.00% <ø> (ø)
...md/amazon-cloudwatch-agent-config-wizard/wizard.go 59.55% <ø> (-8.51%) ⬇️
...amazon-cloudwatch-agent/amazon-cloudwatch-agent.go 2.66% <ø> (ø)
...oudwatch-agent/register_event_logger_notwindows.go 0.00% <ø> (ø)
...-cloudwatch-agent/register_event_logger_windows.go 0.00% <ø> (ø)
cmd/config-translator/translator.go 0.00% <ø> (ø)
cmd/xray-migration/commands_unix.go 42.50% <ø> (ø)
cmd/xray-migration/commands_windows.go 42.50% <ø> (ø)
cmd/xray-migration/xray-migration.go 30.28% <ø> (ø)
handlers/agentinfo/info.go 84.94% <ø> (ø)
... and 22 more

... and 207 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@adam-mateen adam-mateen merged commit 62d92bc into main Oct 6, 2023
6 checks passed
@adam-mateen adam-mateen deleted the restrict-pprof branch October 6, 2023 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants