include::../common/description.adoc[]

== Why is this an issue?

include::../common/rationale.adoc[]

=== What is the potential impact?

include::../common/impact.adoc[]

== How to fix it

=== Code examples

==== Noncompliant code example

[source,csharp,diff-id=1,diff-type=noncompliant]
----
def example():
    limit = int(request.args.get('limit'))

    data = '#' * limit  # Noncompliant
----

==== Compliant solution

[source,csharp,diff-id=1,diff-type=compliant]
----
def example():
    limit = int(request.args.get('limit'))
    restricted_limit = min(10, limit)

    data = '#' * restricted_limit
----

=== How does this work?

include::../common/fix/upper-limit.adoc[]

Here, the example compliant code uses the `min` function to enforce a
reasonable upper bound to the allocation size. In that case, no more than 10
bytes can be allocated at a time.

include::../common/fix/environment-hardening.adoc[]

== Resources
=== Documentation

include::../common/resources/documentation.adoc[]

=== Standards

include::../common/resources/standards.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../common/message.adoc[]

'''

endif::env-github,rspecator-view[]