Closed pixeebot[bot] closed 3 months ago
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
100.0% Duplication on New Code
I'm confident in this change, and the CI checks pass, too!
If you see any reason not to merge this, or you have suggestions for improvements, please let me know!
Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!
This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!
You can also customize me to make sure I'm working with you in the way you want.
This codemod hardens all
readline()
calls from file objects returned from anopen()
call,StringIO
andBytesIO
against denial of service attacks. A stream influenced by an attacker could keep providing bytes until the system runs out of memory, causing a crash.Fixing it is straightforward by providing adding a size argument to any
readline()
calls. The changes from this codemod look like this:More reading
* [https://cwe.mitre.org/data/definitions/400.html](https://cwe.mitre.org/data/definitions/400.html)I have additional improvements ready for this repo! If you want to see them, leave the comment:
... and I will open a new PR right away!
🧚🤖 Powered by Pixeebot
Feedback | Community | Docs | Codemod ID: pixee:python/limit-readline