# Uncontrolled Resource Consumption (CWE-400)

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

**Stack:** Kubernetes

- Prevalence: 높음 자주 악용됨
- Impact: 보통 검토 권장
- Prevention: 문서화됨 8개의 수정 예시

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

Limited resources include memory, file system storage, database connection pool entries, and CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service.

## Prevention

1개의 Shoulder 탐지 규칙을 기반으로 한 Resource Exhaustion 예방 전략.

### Kubernetes

Define CPU and memory resource limits to prevent resource exhaustion and denial of service

## Warning Signs

- [MEDIUM] Container is missing resource limits.
- [MEDIUM] containers missing resource limits

## Consequences

- DoS: 리소스 소비
- DoS: 충돌/종료/재시작

## Mitigations

- 속도 제한(rate limiting)을 구현하세요
- 리소스 쿼터를 사용하세요
- 작업에 타임아웃을 설정하세요

## Detection

- Total rules: 8
- Languages: go, javascript, typescript, yaml, python

## Rules by Language

### Yaml (1 rules)

- **Missing Resource Limits** [MEDIUM]: Detects containers missing resource limits.
  - Remediation: Define resource limits for containers.

```yaml
resources:
  limits:
    memory: "256Mi"
    cpu: "500m"
```

Learn more: https://shoulder.dev/learn/kubernetes/cwe-400/missing-resource-limits