Do not expose pprof endpoints on shared HTTP mux
Importing `net/http/pprof` or registering `/debug/pprof` handlers on the default mux exposes debugging endpoints to remote callers.
#Metadata
#Why it matters
Exposed pprof endpoints leak heap, goroutine, and CPU profiles and can be used for denial-of-service or sensitive data harvesting.
#Remediation
Register pprof handlers on a private mux bound to localhost or a separate listener, and gate them behind authentication.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.pprof-exposed.rule.yaml.