From 7dd10827b3e71df84d95aa8db93ea29e9208f53f Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 28 Sep 2023 09:09:02 +0200
Subject: [PATCH] Create rule S6639: Memory allocations should not be
 vulnerable to Denial of Service attacks (#3153)

---
 rules/S6639/python/metadata.json |  2 +
 rules/S6639/python/rule.adoc     | 64 ++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 rules/S6639/python/metadata.json
 create mode 100644 rules/S6639/python/rule.adoc

diff --git a/rules/S6639/python/metadata.json b/rules/S6639/python/metadata.json
new file mode 100644
index 00000000000..7a73a41bfdf
--- /dev/null
+++ b/rules/S6639/python/metadata.json
@@ -0,0 +1,2 @@
+{
+}
\ No newline at end of file
diff --git a/rules/S6639/python/rule.adoc b/rules/S6639/python/rule.adoc
new file mode 100644
index 00000000000..b3712fd986f
--- /dev/null
+++ b/rules/S6639/python/rule.adoc
@@ -0,0 +1,64 @@
+include::../common/description.adoc[]
+
+== Why is this an issue?
+
+include::../common/rationale.adoc[]
+
+=== What is the potential impact?
+
+include::../common/impact.adoc[]
+
+== How to fix it
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,csharp,diff-id=1,diff-type=noncompliant]
+----
+def example():
+    limit = int(request.args.get('limit'))
+
+    data = '#' * limit  # Noncompliant
+----
+
+==== Compliant solution
+
+[source,csharp,diff-id=1,diff-type=compliant]
+----
+def example():
+    limit = int(request.args.get('limit'))
+    restricted_limit = min(10, limit)
+
+    data = '#' * restricted_limit
+----
+
+=== How does this work?
+
+include::../common/fix/upper-limit.adoc[]
+
+Here, the example compliant code uses the `min` function to enforce a
+reasonable upper bound to the allocation size. In that case, no more than 10
+bytes can be allocated at a time.
+
+include::../common/fix/environment-hardening.adoc[]
+
+== Resources
+=== Documentation
+
+include::../common/resources/documentation.adoc[]
+
+=== Standards
+
+include::../common/resources/standards.adoc[]
+
+
+ifdef::env-github,rspecator-view[]
+
+'''
+== Implementation Specification
+(visible only on this page)
+
+include::../common/message.adoc[]
+
+'''
\ No newline at end of file