Merge pull request from GHSA-cjr9-mr35-7xh6

jzelinskie · web-flow · commit 9bbd7d76b6ea · 2023-04-13T11:51:01.000-04:00
pkg/cmd: disable cmdline profile
diff --git a/pkg/cmd/server/defaults.go b/pkg/cmd/server/defaults.go
@@ -73,15 +73,21 @@ func DefaultPreRunE(programName string) cobrautil.CobraRunFunc {
 // metrics and pprof endpoints.
 func MetricsHandler(telemetryRegistry *prometheus.Registry) http.Handler {
 	mux := http.NewServeMux()
+
 	mux.Handle("/metrics", promhttp.Handler())
+	if telemetryRegistry != nil {
+		mux.Handle("/telemetry", promhttp.HandlerFor(telemetryRegistry, promhttp.HandlerOpts{}))
+	}
+
 	mux.HandleFunc("/debug/pprof/", pprof.Index)
-	mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline)
 	mux.HandleFunc("/debug/pprof/profile", pprof.Profile)
 	mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol)
 	mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
-	if telemetryRegistry != nil {
-		mux.Handle("/telemetry", promhttp.HandlerFor(telemetryRegistry, promhttp.HandlerOpts{}))
-	}
+	mux.HandleFunc("/debug/pprof/cmdline", func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusNotFound)
+		fmt.Fprintf(w, "This profile type has been disabled to avoid leaking private command-line arguments")
+	})
+
 	return mux
 }
 
