-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathUnclosedStream.qhelp
69 lines (41 loc) · 1.3 KB
/
UnclosedStream.qhelp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
Callback-based input streams generate calls until they are empty or
closed explicitly, and they will take up system resources until
that point in time.
</p>
<p>
Forgetting to close a stream that no longer is useful can cause
unnecessary exhaustion of system resources, which may cause the
application to be unresponsive or even crash.
</p>
</overview>
<recommendation>
<p>
Close input streams explicitly when there is no interest in their
remaining content.
</p>
</recommendation>
<example>
<p>
In the following example, an array stores the content of a stream
until the array becomes too big. When that happens, an error message
is generated, and the stream processing is supposed to end.
</p>
<sample src="examples/UnclosedStream.js"/>
<p>
The stream will however keep invoking the callback until it becomes
empty, regardless of the programmers intention to not process
additional content. This means that the array will grow indefinitely, if a malicious actor keep sending data.
Close the stream to remedy this:
</p>
<sample src="examples/UnclosedStream_fixed.js"/>
</example>
<references>
<li>Node.js: <a href="https://nodejs.org/api/stream.html">Stream</a></li>
</references>
</qhelp>