rspec/rules/S6680/rationale.adoc

Loop boundary injections occur in an application when the application retrieves
data from a user or a third-party service and inserts it into a loop or a
function acting as a loop, without sanitizing it first.

If an application contains a loop that is vulnerable to injections, 
it is exposed to attacks that target its availability where that loop is used.

A user with malicious intent carefully performs actions whose goal is to cause
the loop to run for more iterations than the developer intended, resulting in
unexpected behavior or even a crash of the program.

After creating the malicious request, the attacker can attack the servers
affected by this vulnerability without relying on any prerequisites.
Create rule S6680: Loop boundaries should not be vulnerable to injection attacks (#3140) 2023-09-28 09:10:12 +02:00			`Loop boundary injections occur in an application when the application retrieves`
			`data from a user or a third-party service and inserts it into a loop or a`
			`function acting as a loop, without sanitizing it first.`

			`If an application contains a loop that is vulnerable to injections,`
			`it is exposed to attacks that target its availability where that loop is used.`

			`A user with malicious intent carefully performs actions whose goal is to cause`
			`the loop to run for more iterations than the developer intended, resulting in`
			`unexpected behavior or even a crash of the program.`

			`After creating the malicious request, the attacker can attack the servers`
			`affected by this vulnerability without relying on any prerequisites.`