Checkmarx, a static analyzer tool is throwing security issue with the below code, saying that $file_list is accessing Uncontrolled Memory Allocation.
open ( INFILE, "<", "$inputfile" ) || die( "Cannot read list file $inputfile" );
while ( <INFILE> )
{
$file = $_;
chomp ( $file );
$file_list{$file} = "1";
}
I tried to restrict the size of the hash variable as mentioned below but the error is not resolved.
if(length($file) <= (1 * 1024 * 1024))
{
$file_list{$file} = "1";
}
Kindly help me to understand the reason and with possible solutions.
There are two ways in which the size of the hash is dependent on user data.
Your check accounts for one, but not the other.
Mind you,
<INFILE>alone "suffers" from "uncontrolled memory allocation". If you allow that, what's the point in limiting the size of the hash?