restrict pprof-addr to localhost

cmd/amazon-cloudwatch-agent/amazon-cloudwatch-agent.go

@@ -51,7 +51,7 @@ const (
 var fDebug = flag.Bool("debug", false,
 	"turn on debug logging")
 var pprofAddr = flag.String("pprof-addr", "",
-	"pprof address to listen on, not activate pprof if empty")
+	"pprof address to listen on, disabled by default, examples: 'localhost:1234', ':4567' (restricted to localhost)")
 var fQuiet = flag.Bool("quiet", false,
 	"run in quiet mode")
 var fTest = flag.Bool("test", false, "enable test mode: gather metrics, print them out, and exit")
@@ -80,8 +80,6 @@ var fAggregatorFilters = flag.String("aggregator-filter", "",
 	"filter the aggregators to enable, separator is :")
 var fProcessorFilters = flag.String("processor-filter", "",
 	"filter the processors to enable, separator is :")
-var fUsage = flag.String("usage", "",
-	"print usage for a plugin, ie, 'telegraf --usage mysql'")
 var fService = flag.String("service", "",
 	"operate on the service (windows only)")
 var fServiceName = flag.String("service-name", "telegraf", "service name (windows only)")
@@ -181,17 +179,17 @@ func reloadLoop(
 // The "config-translator" program populates that file.
 func loadEnvironmentVariables(path string) error {
 	if path == "" {
-		return fmt.Errorf("No env config file specified")
+		return fmt.Errorf("no env config file specified")
 	}
 
 	bytes, err := os.ReadFile(path)
 	if err != nil {
-		return fmt.Errorf("Can't read env config file %s due to: %s", path, err.Error())
+		return fmt.Errorf("cannot read env config file %s due to: %s", path, err.Error())
 	}
 	envVars := map[string]string{}
 	err = json.Unmarshal(bytes, &envVars)
 	if err != nil {
-		return fmt.Errorf("Can't create env config due to: %s", err.Error())
+		return fmt.Errorf("cannot create env config due to: %s", err.Error())
 	}
 
 	for key, val := range envVars {
@@ -203,7 +201,7 @@ func loadEnvironmentVariables(path string) error {
 
 func getEnvConfigPath(configPath, envConfigPath string) (string, error) {
 	if configPath == "" {
-		return "", fmt.Errorf("No config file specified")
+		return "", fmt.Errorf("no config file specified")
 	}
 	//load the environment variables that's saved in json env config file
 	if envConfigPath == "" {
@@ -438,6 +436,10 @@ func main() {
 			if len(parts) == 2 && parts[0] == "" {
 				pprofHostPort = fmt.Sprintf("localhost:%s", parts[1])
 			}
+			if !strings.Contains(pprofHostPort, "localhost") {
+				log.Printf("W! Not starting pprof, it is restricted to localhost:nnnn")
+				return
+			}
 			pprofHostPort = "http://" + pprofHostPort + "/debug/pprof"
 
 			log.Printf("I! Starting pprof HTTP server at: %s\n", pprofHostPort)
@@ -515,7 +517,7 @@ func main() {
 					log.Fatalf("E! Failed to unmarshal env config: %v", err)
 				}
 				envVars[parts[0]] = parts[1]
-				bytes, err = json.MarshalIndent(envVars, "", "\t")
+				bytes, _ = json.MarshalIndent(envVars, "", "\t")
 				if err = os.WriteFile(*fEnvConfig, bytes, 0644); err != nil {
 					log.Fatalf("E! Failed to update env config: %v", err)
 				}