# Denial of Service via Resource Exhaustion

- ID: go-resource-exhaustion
- Severity: MEDIUM
- CWE: Resource Exhaustion (CWE-400)
- Languages: Go

## Description

Unbounded goroutines, missing timeouts, or unchecked allocations from user input.

## Detection Message

Unbounded resource usage can lead to DoS

## Remediation

Use a worker pool with semaphore to limit concurrent goroutines.

```go
sem := make(chan struct{}, 100) // limit to 100 concurrent
for _, item := range items {
    sem <- struct{}{}
    go func(i Item) {
        defer func() { <-sem }()
        process(i)
    }(item)
}
```

Learn more: https://shoulder.dev/learn/go/cwe-400/resource-exhaustion

## Documentation

[object Object]

## Related Rules

- **LLM Denial of Service** [MEDIUM]: 
- **Missing Request Size Limits** [MEDIUM]: 
- **LLM Denial of Service** [MEDIUM]: 
- **Denial of Service via Unbounded Child Processes** [MEDIUM]: 
- **Missing Resource Limits** [MEDIUM]: