From 62a8fe0b73d16b9f71234f6b4efbba560ba470e2 Mon Sep 17 00:00:00 2001
From: Ainar Garipov <a.garipov@adguard.com>
Date: Thu, 19 Nov 2020 14:59:30 +0300
Subject: [PATCH] Pull request: home: add a patch against the global pprof
 handlers

Merge in DNS/adguard-home from 2336-pprof to master

Closes #2336.

Squashed commit of the following:

commit 855e133b17da4274bef7dec5c3b7db73486d97db
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Thu Nov 19 14:49:22 2020 +0300

    home: add a patch against the global pprof handlers
---
 CHANGELOG.md         | 36 +++++++++++++++++++++++++++++-------
 internal/home/web.go | 18 ++++++++++++++++++
 2 files changed, 47 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7856c663..eb01e003 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,24 +9,46 @@ and this project adheres to
 
 ## [Unreleased]
 
+
+
+## [v0.104.3] - 2020-11-19
+
+### Fixed
+
+- The accidentally exposed profiler HTTP API ([#2336]).
+
+[#2336]: https://github.com/AdguardTeam/AdGuardHome/issues/2336
+
+
+
 ## [v0.104.2] - 2020-11-19
 
 ### Added
 
-- This changelog :-) (#2294).
+- This changelog :-) ([#2294]).
 - `HACKING.md`, a guide for developers.
 
 ### Changed
 
-- Improved tests output (#2273).
+- Improved tests output ([#2273]).
 
 ### Fixed
 
-- Query logs from file not loading after the ones buffered in memory (#2325).
-- Unnecessary errors in query logs when switching between log files (#2324).
+- Query logs from file not loading after the ones buffered in memory ([#2325]).
+- Unnecessary errors in query logs when switching between log files ([#2324]).
 - `404 Not Found` errors on the DHCP settings page on *Windows*.  The page now
-  correctly shows that DHCP is not currently available on that OS (#2295).
-- Infinite loop in `/dhcp/find_active_dhcp` (#2301).
+  correctly shows that DHCP is not currently available on that OS ([#2295]).
+- Infinite loop in `/dhcp/find_active_dhcp` ([#2301]).
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.104.2...HEAD
+[#2273]: https://github.com/AdguardTeam/AdGuardHome/issues/2273
+[#2294]: https://github.com/AdguardTeam/AdGuardHome/issues/2294
+[#2295]: https://github.com/AdguardTeam/AdGuardHome/issues/2295
+[#2301]: https://github.com/AdguardTeam/AdGuardHome/issues/2301
+[#2324]: https://github.com/AdguardTeam/AdGuardHome/issues/2324
+[#2325]: https://github.com/AdguardTeam/AdGuardHome/issues/2325
+
+
+
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.104.3...HEAD
+[v0.104.3]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.104.2...v0.104.3
 [v0.104.2]:   https://github.com/AdguardTeam/AdGuardHome/compare/v0.104.1...v0.104.2
diff --git a/internal/home/web.go b/internal/home/web.go
index 976ea3ab..f8ceb296 100644
--- a/internal/home/web.go
+++ b/internal/home/web.go
@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/http"
 	"strconv"
+	"strings"
 	"sync"
 
 	"github.com/AdguardTeam/AdGuardHome/internal/util"
@@ -141,6 +142,7 @@ func (web *Web) Start() {
 		web.httpServer = &http.Server{
 			ErrorLog: web.errLogger,
 			Addr:     address,
+			Handler:  filterPPROF(http.DefaultServeMux),
 		}
 		err := web.httpServer.ListenAndServe()
 		if err != http.ErrServerClosed {
@@ -151,6 +153,22 @@ func (web *Web) Start() {
 	}
 }
 
+// TODO(a.garipov): We currently have to use this, because everything registers
+// its HTTP handlers in http.DefaultServeMux.  In the future, refactor our HTTP
+// API initialization process and stop using the gosh darn http.DefaultServeMux
+// for anything at all.  Gosh darn global variables.
+func filterPPROF(h http.Handler) (filtered http.Handler) {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if strings.HasPrefix(r.URL.Path, "/debug/pprof") {
+			http.NotFound(w, r)
+
+			return
+		}
+
+		h.ServeHTTP(w, r)
+	})
+}
+
 // Close - stop HTTP server, possibly waiting for all active connections to be closed
 func (web *Web) Close() {
 	log.Info("Stopping HTTP server...")