Skip to content

πŸ›‘οΈ Sentinel: [MEDIUM] DoS λ°©μ§€ - subprocess timeout μΆ”κ°€#136

Open
seonghobae wants to merge 4 commits into
mainfrom
sentinel-add-subprocess-timeouts-7531095710431806783
Open

πŸ›‘οΈ Sentinel: [MEDIUM] DoS λ°©μ§€ - subprocess timeout μΆ”κ°€#136
seonghobae wants to merge 4 commits into
mainfrom
sentinel-add-subprocess-timeouts-7531095710431806783

Conversation

@seonghobae

Copy link
Copy Markdown
Contributor

πŸ›‘οΈ Sentinel: [MEDIUM] DoS λ°©μ§€ - subprocess timeout μΆ”κ°€

  • 🚨 Severity: MEDIUM
  • πŸ’‘ Vulnerability: subprocess.run 호좜 μ‹œ λͺ…μ‹œμ μΈ νƒ€μž„μ•„μ›ƒμ„ μ§€μ •ν•˜μ§€ μ•Šμ•„ λ°œμƒν•˜λŠ” Uncontrolled Resource Consumption (CWE-400, DoS) 취약점.
  • 🎯 Impact: μ™ΈλΆ€ λ°”μ΄λ„ˆλ¦¬(ffprobe, ffmpeg λ“±)κ°€ ꡐ착 μƒνƒœ(Deadlock)에 λΉ μ§€κ±°λ‚˜ μ•…μ˜μ μΈ λ―Έλ””μ–΄ 파일둜 인해 λ¬΄ν•œ λŒ€κΈ° μƒνƒœμ— 빠질 경우, 이λ₯Ό ν˜ΈμΆœν•œ μ• ν”Œλ¦¬μΌ€μ΄μ…˜ μŠ€λ ˆλ“œλ„ ν•¨κ»˜ λ¬΄ν•œμ • λŒ€κΈ°ν•˜κ²Œ λ˜μ–΄ κ²°κ΅­ μ„œλ²„μ˜ κ°€μš©μ„±μ΄ μ €ν•˜(DoS)될 수 μžˆμŠ΅λ‹ˆλ‹€.
  • πŸ”§ Fix: λͺ¨λ“  μ™ΈλΆ€ λͺ…λ Ήμ–΄ 호좜(ffprobe, silencedetect, brctl, ffmpeg, SetFile)에 μž‘μ—… 성격에 λ§žλŠ” λͺ…μ‹œμ μΈ timeout κ°’(예: 메타데이터 μΆ”μΆœ 60초, λ³€ν™˜ μž‘μ—… 4μ‹œκ°„ λ“±)을 λΆ€μ—¬ν•˜κ³ , subprocess.TimeoutExpired μ˜ˆμ™Έλ₯Ό μ•ˆμ „ν•˜κ²Œ μ²˜λ¦¬ν•˜λ„λ‘ μˆ˜μ •ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
  • βœ… Verification: python3 -m unittest discover -s tests ν…ŒμŠ€νŠΈ μŠ€μœ„νŠΈκ°€ μ •μƒμ μœΌλ‘œ 톡과됨을 ν™•μΈν•˜μ˜€μŠ΅λ‹ˆλ‹€.

PR created automatically by Jules for task 7531095710431806783 started by @seonghobae

- μ™ΈλΆ€ ν”„λ‘œμ„ΈμŠ€(ffprobe, ffmpeg, brctl, SetFile λ“±)λ₯Ό μ‹€ν–‰ν•˜λŠ” `subprocess.run` ν˜ΈμΆœμ— λͺ…μ‹œμ μΈ `timeout`을 μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
- νƒ€μž„μ•„μ›ƒ λ°œμƒ μ‹œ λ¬΄ν•œμ • λŒ€κΈ°(Hang)둜 μΈν•œ λ¦¬μ†ŒμŠ€ 고갈(CWE-400, DoS) 취약점을 λ°©μ§€ν•˜λ„λ‘ `subprocess.TimeoutExpired` μ˜ˆμ™Έ 처리λ₯Ό μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
@google-labs-jules

Copy link
Copy Markdown

πŸ‘‹ Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a πŸ‘€ emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@opencode-agent

opencode-agent Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

OpenCode Review Overview

  • Head SHA: a9f2ed6016e6f81bc9f6d59c0f4825b770b31c49
  • Workflow run: 28467524282
  • Workflow attempt: 1
  • Gate result: CHECK_FAILED (approval step)

Pull request overview

OpenCode cannot approve yet because required coverage evidence did not pass.

Check outcome

1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove required test/docstring evidence

  • Problem: The OpenCode approval path reached an APPROVE control result while the separate coverage-evidence job result was failure.

  • Root cause: Automated approval is only valid when the same-head coverage-evidence job proves supported repository test suites passed and configured docstring gates passed or were advisory, or reports not applicable because no supported source files or package manifests exist. Missing, failed, skipped, unavailable, or unsupported-tooling test evidence is a blocker.

  • Fix: Install or configure the repository test/docstring evidence tooling when source files or package manifests exist, rerun the current-head coverage-evidence job, and approve only after it reports success with required evidence or explicit no-source not-applicable evidence.

  • Regression test: Keep the approval branch checking needs.coverage-evidence.result == success before posting APPROVE, but leave the PR review unchanged for coverage-evidence blocker states such as cancelled, skipped, failed, unsupported-tooling, or below-100 evidence.

  • Result: CHECK_FAILED

  • Reason: coverage-evidence result was failure, so required test/docstring evidence was not proven for current head a9f2ed6016e6f81bc9f6d59c0f4825b770b31c49.

  • Head SHA: a9f2ed6016e6f81bc9f6d59c0f4825b770b31c49

  • Workflow run: 28467524282

  • Workflow attempt: 1

Coverage evidence

Coverage Evidence

  • Head SHA: a9f2ed6016e6f81bc9f6d59c0f4825b770b31c49
  • Required test evidence: supported repository test suites must pass.
  • Required docstring evidence: repository-owned docstring gates must pass when configured; otherwise docstring coverage is advisory.

Python project dependencies (requirements.txt)

Defaulting to user installation because normal site-packages is not writeable
Collecting fastapi (from -r requirements.txt (line 1))
  Downloading fastapi-0.138.2-py3-none-any.whl.metadata (26 kB)
Collecting uvicorn (from -r requirements.txt (line 2))
  Downloading uvicorn-0.49.0-py3-none-any.whl.metadata (6.7 kB)
Collecting python-multipart (from -r requirements.txt (line 3))
  Downloading python_multipart-0.0.32-py3-none-any.whl.metadata (2.1 kB)
Collecting mcp (from -r requirements.txt (line 4))
  Downloading mcp-1.28.1-py3-none-any.whl.metadata (9.4 kB)
Collecting aiofiles (from -r requirements.txt (line 5))
  Downloading aiofiles-25.1.0-py3-none-any.whl.metadata (6.3 kB)
Collecting httpx (from -r requirements.txt (line 6))
  Downloading httpx-0.28.1-py3-none-any.whl.metadata (7.1 kB)
Collecting starlette>=0.46.0 (from fastapi->-r requirements.txt (line 1))
  Downloading starlette-1.3.1-py3-none-any.whl.metadata (6.4 kB)
Collecting pydantic>=2.9.0 (from fastapi->-r requirements.txt (line 1))
  Downloading pydantic-2.13.4-py3-none-any.whl.metadata (109 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 109.4/109.4 kB 8.4 MB/s eta 0:00:00
Requirement already satisfied: typing-extensions>=4.8.0 in /usr/lib/python3/dist-packages (from fastapi->-r requirements.txt (line 1)) (4.10.0)
Collecting typing-inspection>=0.4.2 (from fastapi->-r requirements.txt (line 1))
  Downloading typing_inspection-0.4.2-py3-none-any.whl.metadata (2.6 kB)
Collecting annotated-doc>=0.0.2 (from fastapi->-r requirements.txt (line 1))
  Downloading annotated_doc-0.0.4-py3-none-any.whl.metadata (6.6 kB)
Requirement already satisfied: click>=7.0 in /usr/lib/python3/dist-packages (from uvicorn->-r requirements.txt (line 2)) (8.1.6)
Collecting h11>=0.8 (from uvicorn->-r requirements.txt (line 2))
  Downloading h11-0.16.0-py3-none-any.whl.metadata (8.3 kB)
Collecting anyio>=4.5 (from mcp->-r requirements.txt (line 4))
  Downloading anyio-4.14.1-py3-none-any.whl.metadata (4.6 kB)
Collecting httpx-sse>=0.4 (from mcp->-r requirements.txt (line 4))
  Downloading httpx_sse-0.4.3-py3-none-any.whl.metadata (9.7 kB)
Collecting jsonschema>=4.20.0 (from mcp->-r requirements.txt (line 4))
  Downloading jsonschema-4.26.0-py3-none-any.whl.metadata (7.6 kB)
Collecting pydantic-settings>=2.5.2 (from mcp->-r requirements.txt (line 4))
  Downloading pydantic_settings-2.14.2-py3-none-any.whl.metadata (3.4 kB)
Collecting pyjwt>=2.10.1 (from pyjwt[crypto]>=2.10.1->mcp->-r requirements.txt (line 4))
  Downloading pyjwt-2.13.0-py3-none-any.whl.metadata (3.4 kB)
Collecting sse-starlette>=1.6.1 (from mcp->-r requirements.txt (line 4))
  Downloading sse_starlette-3.4.5-py3-none-any.whl.metadata (15 kB)
Requirement already satisfied: certifi in /usr/lib/python3/dist-packages (from httpx->-r requirements.txt (line 6)) (2023.11.17)
Collecting httpcore==1.* (from httpx->-r requirements.txt (line 6))
  Downloading httpcore-1.0.9-py3-none-any.whl.metadata (21 kB)
Requirement already satisfied: idna in /usr/lib/python3/dist-packages (from httpx->-r requirements.txt (line 6)) (3.6)
Requirement already satisfied: attrs>=22.2.0 in /usr/lib/python3/dist-packages (from jsonschema>=4.20.0->mcp->-r requirements.txt (line 4)) (23.2.0)
Collecting jsonschema-specifications>=2023.03.6 (from jsonschema>=4.20.0->mcp->-r requirements.txt (line 4))
  Downloading jsonschema_specifications-2025.9.1-py3-none-any.whl.metadata (2.9 kB)
Collecting referencing>=0.28.4 (from jsonschema>=4.20.0->mcp->-r requirements.txt (line 4))
  Downloading referencing-0.37.0-py3-none-any.whl.metadata (2.8 kB)
Collecting rpds-py>=0.25.0 (from jsonschema>=4.20.0->mcp->-r requirements.txt (line 4))
  Downloading rpds_py-2026.6.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (4.1 kB)
Collecting annotated-types>=0.6.0 (from pydantic>=2.9.0->fastapi->-r requirements.txt (line 1))
  Downloading annotated_types-0.7.0-py3-none-any.whl.metadata (15 kB)
Collecting pydantic-core==2.46.4 (from pydantic>=2.9.0->fastapi->-r requirements.txt (line 1))
  Downloading pydantic_core-2.46.4-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.metadata (6.6 kB)
Collecting typing-extensions>=4.8.0 (from fastapi->-r requirements.txt (line 1))
  Downloading typing_extensions-4.15.0-py3-none-any.whl.metadata (3.3 kB)
Collecting python-dotenv>=0.21.0 (from pydantic-settings>=2.5.2->mcp->-r requirements.txt (line 4))
  Downloading python_dotenv-1.2.2-py3-none-any.whl.metadata (27 kB)
Requirement already satisfied: cryptography>=3.4.0 in /usr/lib/python3/dist-packages (from pyjwt[crypto]>=2.10.1->mcp->-r requirements.txt (line 4)) (41.0.7)
Downloading fastapi-0.138.2-py3-none-any.whl (129 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 129.3/129.3 kB 11.6 MB/s eta 0:00:00
Downloading uvicorn-0.49.0-py3-none-any.whl (71 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 71.4/71.4 kB 28.1 MB/s eta 0:00:00
Downloading python_multipart-0.0.32-py3-none-any.whl (30 kB)
Downloading mcp-1.28.1-py3-none-any.whl (222 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 222.6/222.6 kB 50.0 MB/s eta 0:00:00
Downloading aiofiles-25.1.0-py3-none-any.whl (14 kB)
Downloading httpx-0.28.1-py3-none-any.whl (73 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 73.5/73.5 kB 29.9 MB/s eta 0:00:00
Downloading httpcore-1.0.9-py3-none-any.whl (78 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 78.8/78.8 kB 31.2 MB/s eta 0:00:00
Downloading annotated_doc-0.0.4-py3-none-any.whl (5.3 kB)
Downloading anyio-4.14.1-py3-none-any.whl (124 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 124.9/124.9 kB 44.4 MB/s eta 0:00:00
Downloading h11-0.16.0-py3-none-any.whl (37 kB)
Downloading httpx_sse-0.4.3-py3-none-any.whl (9.0 kB)
Downloading jsonschema-4.26.0-py3-none-any.whl (90 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 90.6/90.6 kB 34.0 MB/s eta 0:00:00
Downloading pydantic-2.13.4-py3-none-any.whl (472 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 472.3/472.3 kB 41.5 MB/s eta 0:00:00
Downloading pydantic_core-2.46.4-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 2.1/2.1 MB 75.2 MB/s eta 0:00:00
Downloading pydantic_settings-2.14.2-py3-none-any.whl (61 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.7/61.7 kB 22.6 MB/s eta 0:00:00
Downloading pyjwt-2.13.0-py3-none-any.whl (31 kB)
Downloading sse_starlette-3.4.5-py3-none-any.whl (16 kB)
Downloading starlette-1.3.1-py3-none-any.whl (73 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 73.6/73.6 kB 28.8 MB/s eta 0:00:00
Downloading typing_extensions-4.15.0-py3-none-any.whl (44 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 44.6/44.6 kB 14.3 MB/s eta 0:00:00
Downloading typing_inspection-0.4.2-py3-none-any.whl (14 kB)
Downloading annotated_types-0.7.0-py3-none-any.whl (13 kB)
Downloading jsonschema_specifications-2025.9.1-py3-none-any.whl (18 kB)
Downloading python_dotenv-1.2.2-py3-none-any.whl (22 kB)
Downloading referencing-0.37.0-py3-none-any.whl (26 kB)
Downloading rpds_py-2026.6.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (366 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 366.2/366.2 kB 100.6 MB/s eta 0:00:00
Installing collected packages: typing-extensions, rpds-py, python-multipart, python-dotenv, pyjwt, httpx-sse, h11, annotated-types, annotated-doc, aiofiles, uvicorn, typing-inspection, referencing, pydantic-core, httpcore, anyio, starlette, pydantic, jsonschema-specifications, httpx, sse-starlette, pydantic-settings, jsonschema, fastapi, mcp
Successfully installed aiofiles-25.1.0 annotated-doc-0.0.4 annotated-types-0.7.0 anyio-4.14.1 fastapi-0.138.2 h11-0.16.0 httpcore-1.0.9 httpx-0.28.1 httpx-sse-0.4.3 jsonschema-4.26.0 jsonschema-specifications-2025.9.1 mcp-1.28.1 pydantic-2.13.4 pydantic-core-2.46.4 pydantic-settings-2.14.2 pyjwt-2.13.0 python-dotenv-1.2.2 python-multipart-0.0.32 referencing-0.37.0 rpds-py-2026.6.3 sse-starlette-3.4.5 starlette-1.3.1 typing-extensions-4.15.0 typing-inspection-0.4.2 uvicorn-0.49.0
  • Result: PASS

Python project dependencies (.)

Using CPython 3.12.3 interpreter at: /usr/bin/python
Creating virtual environment at: .venv
warning: No `requires-python` value found in the workspace. Defaulting to `>=3.12`.
Resolved in 1ms
Checked in 0.00ms
  • Result: PASS

Python project dependencies (./requirements.txt in uv env)

Resolved 32 packages in 479ms
Downloading cryptography (4.5MiB)
Downloading pydantic-core (2.0MiB)
 Downloaded pydantic-core
 Downloaded cryptography
Prepared 32 packages in 199ms
Installed 32 packages in 12ms
 + aiofiles==25.1.0
 + annotated-doc==0.0.4
 + annotated-types==0.7.0
 + anyio==4.14.1
 + attrs==26.1.0
 + certifi==2026.6.17
 + cffi==2.0.0
 + click==8.4.2
 + cryptography==49.0.0
 + fastapi==0.138.2
 + h11==0.16.0
 + httpcore==1.0.9
 + httpx==0.28.1
 + httpx-sse==0.4.3
 + idna==3.18
 + jsonschema==4.26.0
 + jsonschema-specifications==2025.9.1
 + mcp==1.28.1
 + pycparser==3.0
 + pydantic==2.13.4
 + pydantic-core==2.46.4
 + pydantic-settings==2.14.2
 + pyjwt==2.13.0
 + python-dotenv==1.2.2
 + python-multipart==0.0.32
 + referencing==0.37.0
 + rpds-py==2026.6.3
 + sse-starlette==3.4.5
 + starlette==1.3.1
 + typing-extensions==4.15.0
 + typing-inspection==0.4.2
 + uvicorn==0.49.0
  • Result: PASS

Python coverage with missing-line report (.)

warning: No `requires-python` value found in the workspace. Defaulting to `>=3.12`.
Downloading pygments (1.2MiB)
 Downloaded pygments
Installed 6 packages in 9ms
============================= test session starts ==============================
platform linux -- Python 3.12.3, pytest-9.1.1, pluggy-1.6.0
rootdir: /home/runner/work/codec-carver/codec-carver
configfile: pyproject.toml
plugins: anyio-4.14.1
collected 104 items

tests/test_mcp_driver.py ....                                            [  3%]
tests/test_media_shrinker.py ........................................... [ 45%]
...................................                                      [ 78%]
tests/test_saas_web.py ....................                              [ 98%]
tests/test_security.py ..                                                [100%]

=============================== warnings summary ===============================
.venv/lib/python3.12/site-packages/fastapi/testclient.py:1
  /home/runner/work/codec-carver/codec-carver/pr-head/.venv/lib/python3.12/site-packages/fastapi/testclient.py:1: StarletteDeprecationWarning: Using `httpx` with `starlette.testclient` is deprecated; install `httpx2` instead.
    from starlette.testclient import TestClient as TestClient  # noqa

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
======================== 104 passed, 1 warning in 2.85s ========================
warning: No `requires-python` value found in the workspace. Defaulting to `>=3.12`.
Installed 1 package in 3ms
Name                Stmts   Miss  Cover   Missing
-------------------------------------------------
mcp_driver.py          29      0   100%
media_shrinker.py     603      3    99%   714-715, 1645
saas_web.py           101      0   100%
-------------------------------------------------
TOTAL                 733      3    99%
Coverage failure: total of 99 is less than fail-under=100
  • Result: FAIL (exit 2)

Python docstring coverage advisory

RESULT: PASSED (minimum: 100.0%, actual: 100.0%)
  • Result: PASS

Coverage Decision

  • Result: FAIL
  • Test evidence: not proven passing
  • Docstring evidence: not proven passing when configured
  • Failure count: 1

Changed-File Evidence Map

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Changed file (2 files)"]
  S1 --> I1["repository behavior"]
  I1 --> R1["Review risk: Changed file (2 files)"]
  R1 --> V1["required checks"]
  Evidence --> S2["Test: test_media_shrinker.py"]
  S2 --> I2["regression suite"]
  I2 --> R2["Review risk: Test: test_media_shrinker.py"]
  R2 --> V2["targeted test run"]
Loading

- μ™ΈλΆ€ ν”„λ‘œμ„ΈμŠ€(ffprobe, ffmpeg, brctl, SetFile λ“±)λ₯Ό μ‹€ν–‰ν•˜λŠ” `subprocess.run` ν˜ΈμΆœμ— λͺ…μ‹œμ μΈ `timeout`을 μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
- νƒ€μž„μ•„μ›ƒ λ°œμƒ μ‹œ λ¬΄ν•œμ • λŒ€κΈ°(Hang)둜 μΈν•œ λ¦¬μ†ŒμŠ€ 고갈(CWE-400, DoS) 취약점을 λ°©μ§€ν•˜λ„λ‘ `subprocess.TimeoutExpired` μ˜ˆμ™Έ 처리λ₯Ό μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
- μ™ΈλΆ€ ν”„λ‘œμ„ΈμŠ€(ffprobe, ffmpeg, brctl, SetFile λ“±)λ₯Ό μ‹€ν–‰ν•˜λŠ” `subprocess.run` ν˜ΈμΆœμ— λͺ…μ‹œμ μΈ `timeout`을 μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
- νƒ€μž„μ•„μ›ƒ λ°œμƒ μ‹œ λ¬΄ν•œμ • λŒ€κΈ°(Hang)둜 μΈν•œ λ¦¬μ†ŒμŠ€ 고갈(CWE-400, DoS) 취약점을 λ°©μ§€ν•˜λ„λ‘ `subprocess.TimeoutExpired` μ˜ˆμ™Έ 처리λ₯Ό μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
- μ™ΈλΆ€ ν”„λ‘œμ„ΈμŠ€(ffprobe, ffmpeg, brctl, SetFile λ“±)λ₯Ό μ‹€ν–‰ν•˜λŠ” `subprocess.run` ν˜ΈμΆœμ— λͺ…μ‹œμ μΈ `timeout`을 μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
- νƒ€μž„μ•„μ›ƒ λ°œμƒ μ‹œ λ¬΄ν•œμ • λŒ€κΈ°(Hang)둜 μΈν•œ λ¦¬μ†ŒμŠ€ 고갈(CWE-400, DoS) 취약점을 λ°©μ§€ν•˜λ„λ‘ `subprocess.TimeoutExpired` μ˜ˆμ™Έ 처리λ₯Ό μΆ”κ°€ν•˜μ˜€μŠ΅λ‹ˆλ‹€.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant