Skip to content

Added pprof profiling to monitor heap memory#318

Open
rutul25 wants to merge 16 commits intomasterfrom
pprof-testing
Open

Added pprof profiling to monitor heap memory#318
rutul25 wants to merge 16 commits intomasterfrom
pprof-testing

Conversation

@rutul25
Copy link
Contributor

@rutul25 rutul25 commented Mar 9, 2022

No description provided.

@rutul25 rutul25 requested a review from vnktram March 9, 2022 10:17
semgrep-app[bot]
semgrep-app bot reviewed Mar 9, 2022
View reviewed changes
cmd/service/metro/metro.go Outdated
logger.Ctx(ctx).Infow("initialising pprof profiles")
go func() {
if componentName == Web {
http.ListenAndServe("metro-web-pprof.concierge.stage.razorpay.in:8080", nil)
Copy link

@semgrep-app semgrep-app bot Mar 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found an HTTP server without TLS. Use 'http.ListenAndServeTLS' instead. See https://golang.org/pkg/net/http/#ListenAndServeTLS for more information.

🔴 Fix or ignore this finding to merge your pull request.
🙈 From go.lang.security.audit.net.use-tls.use-tls.

semgrep-app[bot]
semgrep-app bot reviewed Mar 9, 2022
View reviewed changes
cmd/service/metro/metro.go Outdated
if componentName == Web {
http.ListenAndServe("metro-web-pprof.concierge.stage.razorpay.in:8080", nil)
} else if componentName == Worker {
http.ListenAndServe("metro-worker-pprof.concierge.stage.razorpay.in:8080", nil)
Copy link

@semgrep-app semgrep-app bot Mar 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The profiling 'pprof' endpoint is automatically exposed on /debug/pprof. This could leak information about the server. Instead, use import "net/http/pprof". See https://www.farsightsecurity.com/blog/txt-record/go-remote-profiling-20161028/ for more information and mitigation.

🔴 Fix or ignore this finding to merge your pull request.
🙈 From go.lang.security.audit.net.pprof.pprof-debug-exposure.

semgrep-app[bot]
semgrep-app bot reviewed Mar 9, 2022
View reviewed changes
cmd/service/metro/metro.go Outdated
if componentName == Web {
http.ListenAndServe("metro-web-pprof.concierge.stage.razorpay.in:8080", nil)
} else if componentName == Worker {
http.ListenAndServe("metro-worker-pprof.concierge.stage.razorpay.in:8080", nil)
Copy link

@semgrep-app semgrep-app bot Mar 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found an HTTP server without TLS. Use 'http.ListenAndServeTLS' instead. See https://golang.org/pkg/net/http/#ListenAndServeTLS for more information.

🔴 Fix or ignore this finding to merge your pull request.
🙈 From go.lang.security.audit.net.use-tls.use-tls.

semgrep-app[bot]
semgrep-app bot reviewed Mar 9, 2022
View reviewed changes
cmd/service/metro/metro.go Outdated
logger.Ctx(ctx).Infow("initialising pprof profiles")
go func() {
if componentName == Web {
http.ListenAndServe("metro-web-pprof.concierge.stage.razorpay.in:8080", nil)
Copy link

@semgrep-app semgrep-app bot Mar 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The profiling 'pprof' endpoint is automatically exposed on /debug/pprof. This could leak information about the server. Instead, use import "net/http/pprof". See https://www.farsightsecurity.com/blog/txt-record/go-remote-profiling-20161028/ for more information and mitigation.

🔴 Fix or ignore this finding to merge your pull request.
🙈 From go.lang.security.audit.net.pprof.pprof-debug-exposure.

semgrep-app[bot]
semgrep-app bot reviewed Mar 9, 2022
View reviewed changes
cmd/service/metro/metro.go
logger.Ctx(ctx).Infow("initialising pprof profiles")
go func() {
myMux := http.DefaultServeMux
if err := http.ListenAndServe("localhost:8080", myMux); err != nil {
Copy link

@semgrep-app semgrep-app bot Mar 9, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found an HTTP server without TLS. Use 'http.ListenAndServeTLS' instead. See https://golang.org/pkg/net/http/#ListenAndServeTLS for more information.

🔴 Fix or ignore this finding to merge your pull request.
🙈 From go.lang.security.audit.net.use-tls.use-tls.

@codecov-commenter
Copy link

codecov-commenter commented Mar 9, 2022
edited by codecov bot
Loading

Codecov Report

Merging #318 (59a641b) into master (697f4f9) will decrease coverage by 0.02%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #318      +/-   ##
==========================================
- Coverage   59.28%   59.26%   -0.03%     
==========================================
  Files         124      124              
  Lines        9506     9506              
==========================================
- Hits         5636     5634       -2     
- Misses       3515     3516       +1     
- Partials      355      356       +1
Flag Coverage Δ
integration 45.32% <ø> (ø)
unittests 56.82% <ø> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
internal/subscriber/subscriberimpl.go 77.53% <0.00%> (-0.62%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 697f4f9...59a641b. Read the comment docs.

@vnktram vnktram added wontfix This will not be worked on do-not-merge labels Jun 13, 2022
@vnktram vnktram removed their request for review June 15, 2022 11:02
github-actions[bot]
github-actions bot reviewed Jul 4, 2022
View reviewed changes
cmd/service/metro/metro.go
"net/http"

// blank import added for testing.
_ "net/http/pprof"
Copy link

@github-actions github-actions bot Jul 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [golangci] reported by reviewdog 🐶
G108: Profiling endpoint is automatically exposed on /debug/pprof (gosec)

cmd/service/metro/metro.go
logger.Ctx(ctx).Infow("stopped metro")
}

// sets up pprof profile for perfomance monitoring
Copy link

@github-actions github-actions bot Jul 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [golangci] reported by reviewdog 🐶
perfomance is a misspelling of performance (misspell)

cmd/service/metro/metro.go

// sets up pprof profile for perfomance monitoring
func setPprofProfiles(ctx context.Context, componentName string) {
logger.Ctx(ctx).Infow("initialising pprof profiles")
Copy link

@github-actions github-actions bot Jul 4, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [golangci] reported by reviewdog 🐶
initialising is a misspelling of initializing (misspell)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

+1 more reviewer

@semgrep-app semgrep-app[bot] semgrep-app[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

do-not-merge wontfix This will not be worked on

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rutul25 @codecov-commenter @vnktram @akashgoyal96