# Uncontrolled Resource Consumption (CWE-400)

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

**Stack:** Kubernetes

- Prevalence: 高 頻繁に悪用される
- Impact: ミディアム レビュー推奨
- Prevention: 文書化済み 8 件の修正例

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

Limited resources include memory, file system storage, database connection pool entries, and CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service.

## Prevention

1 件の Shoulder 検出ルールに基づく Resource Exhaustion の予防策。

### Kubernetes

Define CPU and memory resource limits to prevent resource exhaustion and denial of service

## Warning Signs

- [MEDIUM] Container is missing resource limits.
- [MEDIUM] containers missing resource limits

## Consequences

- DoS: リソース消費
- DoS: クラッシュ/終了/再起動

## Mitigations

- レート制限を実装する
- リソースクォータを使用する
- 各種操作にタイムアウトを設定する

## Detection

- Total rules: 8
- Languages: go, javascript, typescript, yaml, python

## Rules by Language

### Yaml (1 rules)

- **Missing Resource Limits** [MEDIUM]: Detects containers missing resource limits.
  - Remediation: Define resource limits for containers.

```yaml
resources:
  limits:
    memory: "256Mi"
    cpu: "500m"
```

Learn more: https://shoulder.dev/learn/kubernetes/cwe-400/missing-resource-limits