Skip to content

Add io.LimitReader as a sanitizer for decompression bombs

Michael Henriksen requested to merge feat/issue-409443/decompression-bomb into main

Adds io.LimitReader as a sanitizer as wrapping an archive reader in one prevents decompression bombs. Also added test annotations to the related test file.

Part of Enhance Go semgrep rules (gitlab-org/gitlab#409443 - closed)

Merge request reports