certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

supress gosec issue (#1216) 

supress gosec issue
This commit is contained in:
tbjump 2022-05-23 02:25:24 -07:00 committed by GitHub
parent d87ae5a272
commit 1c2a70554b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
node/cmd/guardiand/node.go
View File

@ -5,18 +5,19 @@ import (
"encoding/base64"
"encoding/hex"
"fmt"
"log"
"net/http"
_ "net/http/pprof" // #nosec G108 we are using a custom router (`router := mux.NewRouter()`) and thus not automatically expose pprof.
"os"
"path"
"strings"
"github.com/certusone/wormhole/node/pkg/db"
"github.com/certusone/wormhole/node/pkg/notify/discord"
"github.com/certusone/wormhole/node/pkg/telemetry"
"github.com/certusone/wormhole/node/pkg/version"
"github.com/gagliardetto/solana-go/rpc"
"go.uber.org/zap/zapcore"
"log"
"net/http"
_ "net/http/pprof"
"os"
"path"
"strings"
solana_types "github.com/gagliardetto/solana-go"
"github.com/gorilla/mux"
@ -358,6 +359,7 @@ func runNode(cmd *cobra.Command, args []string) {
go func() {
logger.Info("status server listening on [::]:6060")
// SECURITY: If making changes, ensure that we always do `router := mux.NewRouter()` before this to avoid accidentally exposing pprof
logger.Error("status server crashed", zap.Error(http.ListenAndServe(*statusAddr, router)))
}()
}