MCPcopy
hub / github.com/dgraph-io/dgraph / SanitizedDefaultServeMux

Function SanitizedDefaultServeMux

x/server.go:123–135  ·  view source on GitHub ↗

SanitizedDefaultServeMux returns an http.Handler that wraps http.DefaultServeMux but blocks endpoints that expose the full process command line (which may include the admin token from --security "token=..."): - /debug/pprof/cmdline — registered by net/http/pprof - /debug/vars — served with

()

Source from the content-addressed store, hash-verified

121// - /debug/pprof/cmdline — registered by net/http/pprof
122// - /debug/vars — served with a filtered handler that omits "cmdline"
123func SanitizedDefaultServeMux() http.Handler {
124 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
125 if r.URL.Path == "/debug/pprof/cmdline" {
126 http.NotFound(w, r)
127 return
128 }
129 if r.URL.Path == "/debug/vars" {
130 filteredExpvarHandler(w, r)
131 return
132 }
133 http.DefaultServeMux.ServeHTTP(w, r)
134 })
135}

Callers 4

RunBulkLoaderFunction · 0.92
runFunction · 0.92
runFunction · 0.92
setupServerFunction · 0.92

Calls 2

filteredExpvarHandlerFunction · 0.85
ServeHTTPMethod · 0.80

Tested by

no test coverage detected