Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Python static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PYTHON code

Filtered: 21 rules found

injection

Impact

Clean code attribute

Loop boundaries should not be vulnerable to injection attacks

intentionality - complete

security

Vulnerability

MajorSonarSource default severity
click to learn more

This vulnerability exposes the system to various operational overloads that can lead to either a technical denial of service and/or business disruptions.

Why is this an issue?

How can I fix it?

More Info

Loop boundary injections occur in an application when the application retrieves data from a user or a third-party service and inserts it into a loop or a function acting as a loop, without sanitizing it first.

If an application contains a loop that is vulnerable to injections, it is exposed to attacks that target its availability where that loop is used.

A user with malicious intent carefully performs actions whose goal is to cause the loop to run for more iterations than the developer intended, resulting in unexpected behavior or even a crash of the program.

After creating the malicious request, the attacker can attack the servers affected by this vulnerability without relying on any prerequisites.

What is the potential impact?

After discovering the injection point, attackers insert data into the vulnerable field to either make the affected component inaccessible, attempt a malfunction, or read from an artifact that exceeds the developer’s intended boundaries.

In languages that don’t enforce memory access checks, this can also lead to a buffer overflow or underflow which may result in sensitive information disclosure or remote code execution.

Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the vulnerability.

Self Denial of service

If the component affected by this vulnerability is not a bottleneck that acts as a single point of failure (SPOF) within the application, the denial of service might only affect the attacker who initiated it.

Even if the denial of service has little direct impact, it can cause secondary effects in architectures that use containers and container orchestrators. It could cause unexpected container failures or resource overconsumption, for example.

Infrastructure SPOFs

A denial of service attack can be critical to the enterprise if it targets a SPOF component. Sometimes the SPOF is a software architecture vulnerability (such as a single component on which multiple critical components depend) or an operational vulnerability (for example, insufficient container creation capabilities or failures from containers to terminate).

In either case, attackers aim to exploit the infrastructure weakness by sending as many malicious payloads as possible, using potentially huge offensive infrastructures.

These threats are particularly insidious if the attacked organization does not maintain a disaster recovery plan (DRP).

Available In:

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Developer
Edition

In-IDE

SaaS

Self-Hosted