|Requires Scanning Tool
|Merge After Cursory Review
This codemod hardens all
readline() calls from file objects returned from an
BytesIO against denial of service attacks. A stream influenced by an attacker could keep providing bytes until the system runs out of memory, causing a crash.
Fixing it is straightforward by providing adding a size argument to any
The changes from this codemod look like this:
file = open('some_file.txt')
If you have feedback on this codemod, please let us know!
Why is this codemod marked as Merge After Cursory Review?
This codemod sets a maximum of 5MB allowed per line read by default. It is unlikely but possible that your code may receive lines that are greater than 5MB and you'd still be interested in reading them, so there is some nominal risk of exceptional cases.