Insecure use of global timeout
Description
Setting a global timeout can cause an exception to be raised anywhere in the passed block of code, precluding any possible clean up action typically associated with rescuing from exceptions. This can lead to denial-of-service, data integrity failure, and general availability concerns.
Examples
Insecure Code
ruby
Timeout::timeout(5) { # code that may raise an exception }Secure Code
ruby
begin # code that may raise an exception; rescue Exception => e; # clean up action; endRemediation
Prefer to use the library's built-in timeout functionality, if it has any, to ensure processing happens as expected. If it does not have built-in timeout functionality, then consider implementing it.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0003 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-460 |
| Confidence | HIGH |
| Impact | LOW |
| Likelihood | HIGH |
| Exploitability | MODERATE |
| Tags | timeout, exception handling |
| OWASP | N/A |
References
- https://jvns.ca/blog/2015/11/27/why-rubys-timeout-is-dangerous-and-thread-dot-raise-is-terrifying/
- https://ruby-doc.org/3.3.2/stdlibs/timeout/Timeout.html
- http://blog.headius.com/2008/02/rubys-threadraise-threadkill-timeoutrb.html
- https://www.mikeperham.com/2015/05/08/timeout-rubys-most-dangerous-api/