diff --git a/rules/S6639/python/metadata.json b/rules/S6639/python/metadata.json new file mode 100644 index 00000000000..7a73a41bfdf --- /dev/null +++ b/rules/S6639/python/metadata.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file diff --git a/rules/S6639/python/rule.adoc b/rules/S6639/python/rule.adoc new file mode 100644 index 00000000000..b3712fd986f --- /dev/null +++ b/rules/S6639/python/rule.adoc @@ -0,0 +1,64 @@ +include::../common/description.adoc[] + +== Why is this an issue? + +include::../common/rationale.adoc[] + +=== What is the potential impact? + +include::../common/impact.adoc[] + +== How to fix it + +=== Code examples + +==== Noncompliant code example + +[source,csharp,diff-id=1,diff-type=noncompliant] +---- +def example(): + limit = int(request.args.get('limit')) + + data = '#' * limit # Noncompliant +---- + +==== Compliant solution + +[source,csharp,diff-id=1,diff-type=compliant] +---- +def example(): + limit = int(request.args.get('limit')) + restricted_limit = min(10, limit) + + data = '#' * restricted_limit +---- + +=== How does this work? + +include::../common/fix/upper-limit.adoc[] + +Here, the example compliant code uses the `min` function to enforce a +reasonable upper bound to the allocation size. In that case, no more than 10 +bytes can be allocated at a time. + +include::../common/fix/environment-hardening.adoc[] + +== Resources +=== Documentation + +include::../common/resources/documentation.adoc[] + +=== Standards + +include::../common/resources/standards.adoc[] + + +ifdef::env-github,rspecator-view[] + +''' +== Implementation Specification +(visible only on this page) + +include::../common/message.adoc[] + +''' \ No newline at end of file