gitlab.gosec.G110-1

rules:
  - id: gosec.G110-1
    mode: taint
    pattern-sinks:
      - pattern: io.Copy(...)
      - pattern: io.CopyBuffer(...)
    pattern-sources:
      - pattern: gzip.NewReader(...)
      - pattern: zlib.NewReader(...)
      - pattern: bzip2.NewReader(...)
      - pattern: flate.NewReader(...)
      - pattern: lzw.NewReader(...)
      - pattern: tar.NewReader(...)
      - pattern: zip.NewReader(...)
      - pattern: zlib.NewReaderDict(...)
      - pattern: flate.NewReaderDict(...)
      - pattern: zip.OpenReader(...)
    message: |
      Potential DoS vulnerability via decompression bomb
    metadata:
      cwe: "CWE-409: Improper Handling of Highly Compressed Data"
      primary_identifier: gosec.G110-1
      secondary_identifiers:
        - name: Gosec Rule ID G110
          type: gosec_rule_id
          value: G110
      license: MIT
    severity: WARNING
    languages:
      - go