Closed pixeebot[bot] closed 6 days ago
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
100.0% Duplication on New Code
I'm confident in this change, and the CI checks pass, too!
If you see any reason not to merge this, or you have suggestions for improvements, please let me know!
Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!
This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!
You can also customize me to make sure I'm working with you in the way you want.
This codemod hardens all
readline()
calls from file objects returned from anopen()
call,StringIO
andBytesIO
against denial of service attacks. A stream influenced by an attacker could keep providing bytes until the system runs out of memory, causing a crash.Fixing it is straightforward by providing adding a size argument to any
readline()
calls. The changes from this codemod look like this:More reading
* [https://cwe.mitre.org/data/definitions/400.html](https://cwe.mitre.org/data/definitions/400.html)🧚🤖 Powered by Pixeebot
Feedback | Community | Docs | Codemod ID: pixee:python/limit-readline