Prevent decompression bomb
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
ID: go-security/decompression-bomb
Language: Go
Severity: Warning
Category: Security
CWE: 409
Description
Reading continuously from a compressed file without any limit of bytes may read too much data and lead to a denial of service (DoS). Prefer reading data by chunks of bytes.
Learn More
Non-Compliant Code Examples
package main
import (
"bytes"
"compress/bzip2"
"io"
"os"
)
func main() {
buff := []byte{42, 51}
b := bytes.NewReader(buff)
r, err := zlib.NewReader(b)
if err != nil {
panic(err)
}
_, err = io.CopyBuffer(os.Stdout, r)
if err != nil {
panic(err)
}
r.Close()
}
package main
import (
"bytes"
"compress/zlib"
"io"
"os"
)
func main() {
buff := []byte{42, 51}
b := bytes.NewReader(buff)
r, err := zlib.NewReader(b)
if err != nil {
panic(err)
}
_, err = io.Copy(os.Stdout, r)
if err != nil {
panic(err)
}
r.Close()
}
Compliant Code Examples
package main
import (
"bytes"
"compress/bzip2"
"io"
"os"
)
func main() {
buff := []byte{42, 51}
b := bytes.NewReader(buff)
r, err := zlib.NewReader(b)
if err != nil {
panic(err)
}
_, err = io.CopyN(os.Stdout, r, 64)
if err != nil {
panic(err)
}
r.Close()
}
