1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
summary: Verify pprof endpoints are accessible to the tooling
details: |
pprof is go a tool for visualization and analysis of profiling data.
This test checks that the pprof profiles can be accessed through
the http://localhost/v2/debug/pprof/ API
# ubuntu-core: no jq and no go
systems: [-ubuntu-core-*]
execute: |
# endpoints are accessible only for the root user
su -c 'snap debug api /v2/debug/pprof/cmdline' test > unauthorized
MATCH "login-required" <<<"$(gojq '.result.kind' unauthorized)"
# one of pprof endpoints exposes a cmdline of the process
snap debug api /v2/debug/pprof/cmdline > reported-cmdline
# should be the same as in /proc/<pid>/cmdline
mainpid=$(systemctl show -p MainPID snapd.service | cut -f2 -d=)
tr -d '\0' < "/proc/$mainpid/cmdline" > real-cmdline
diff -up <(od -c real-cmdline) <(od -c reported-cmdline)
# try to fetch a heap profile
snap debug api /v2/debug/pprof/heap > heap
# go tool pprof fails if profile is corrupted
go tool pprof -raw ./heap
|
