Limit readline()

[pixeebot]

This codemod hardens all readline() calls from file objects returned from an open() call, StringIO and BytesIO against denial of service attacks. A stream influenced by an attacker could keep providing bytes until the system runs out of memory, causing a crash.

Fixing it is straightforward by providing adding a size argument to any readline() calls.
The changes from this codemod look like this:

  file = open('some_file.txt')
- file.readline()
+ file.readline(5_000_000)

More reading

• https://cwe.mitre.org/data/definitions/400

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: pixee:python/limit-readline

[pixeebot]

I'm confident in this change, and the CI checks pass, too!

If you see any reason not to merge this, or you have suggestions for improvements, please let me know!

[pixeebot]

Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!

[pixeebot]

This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!

You can also customize me to make sure I'm working with you in the way you want.