Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,7 @@
5. DoS μ™„ν™”λ₯Ό μœ„ν•΄ `return(1L)` 같은 κΈ°λ³Έ μŠΉμΈκ°’μ„ 넣을 λ•ŒλŠ” μΆ”μ • 기쀀척도, anchor/common item, true parameter μž¬ν˜„ 계약을 μš°νšŒν•˜μ§€ μ•ŠλŠ”μ§€ λ¨Όμ € κ²€μ¦ν•©λ‹ˆλ‹€.
6. Fail-secure μ—λŸ¬ λ©”μ‹œμ§€λŠ” ν…ŒμŠ€νŠΈμ˜ μΌλΆ€λ‘œ μ·¨κΈ‰ν•©λ‹ˆλ‹€. λ³΄μ•ˆ ν…ŒμŠ€νŠΈλŠ” μ‹€μ œ κ΅¬ν˜„ λ©”μ‹œμ§€μ™€ λ§žμ•„μ•Ό ν•˜λ©°, 였래된 `"Interactive prompt is not available"` 같은 별도 문ꡬλ₯Ό μƒˆλ‘œ λ§Œλ“€μ§€ μ•ŠμŠ΅λ‹ˆλ‹€.
7. Prompt DoS νšŒκ·€ ν…ŒμŠ€νŠΈλŠ” λͺ¨λΈ μΆ”μ • μ‹€νŒ¨μ— κΈ°λŒ€μ§€ 말고, common-item confirmation guard처럼 μ·¨μ•½ν•œ μž…λ ₯ κ²½κ³„μ—μ„œ λ°”λ‘œ λ°œμƒν•˜λŠ” fail-secure μ—λŸ¬λ₯Ό κ²€μ¦ν•©λ‹ˆλ‹€.
## 2024-07-03 - [Preventing Denial of Service (DoS) with Infinite Retries]
**Vulnerability:** Found unbounded `while (!exists('var'))` loops used alongside `try()` inside `R/aFIPC.R`. If the operation inside `try()` consistently fails, this creates an infinite loop resulting in a Denial of Service.
**Learning:** `try()` constructs combined with existence checks on the assigned variable are a common but risky pattern for retrying flaky procedures like parameter estimation in R. Without bounds, these loops will block the process forever on unrecoverable failures.
**Prevention:** Always include a `max_retries` counter in retry loops. If `max_retries` is exhausted, explicitly stop execution with `stop("Max retries reached")`.
16 changes: 14 additions & 2 deletions R/aFIPC.R
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,10 @@ autoFIPC <-
)

try(rm(oldFormModel))
while (!exists('oldFormModel')) {
max_retries <- 5
retries <- 0
while (!exists('oldFormModel') && retries < max_retries) {
retries <- retries + 1
try(
oldFormModel <-
mirt::mirt(
Expand All @@ -231,6 +234,9 @@ autoFIPC <-
)
)
}
if (!exists('oldFormModel')) {
stop("oldFormModel estimation failed after maximum retries.")
}
}
}

Expand Down Expand Up @@ -428,7 +434,10 @@ autoFIPC <-
)

try(rm(newFormModel))
while (!exists('newFormModel')) {
max_retries <- 5
retries <- 0
while (!exists('newFormModel') && retries < max_retries) {
retries <- retries + 1
try(
newFormModel <-
mirt::mirt(
Expand All @@ -443,6 +452,9 @@ autoFIPC <-
)
)
}
if (!exists('newFormModel')) {
stop("newFormModel estimation failed after maximum retries.")
}
}
}

Expand Down
Loading