Resource Exhaustion Pattern Detection
Detects patterns that lead to resource exhaustion vulnerabilities: timeout removal, iteration limit removal, resource limit increases, cleanup removal, and unbounded async operations.
Why this rule exists
Resource exhaustion attacks rely on removing the safeguards that bound resource use. Timeouts, iteration limits, and cleanup code are the first things an attacker removes. Catching their removal stops denial-of-service attacks before deployment.
Code example
try { await ProcessAsync(order); }
- catch (TimeoutException) { }
// OR
- using var conn = new SqlConnection(cs); try { await ProcessAsync(order, TimeSpan.FromSeconds(30)); }
+ catch (TimeoutException ex) { _logger.LogError(ex); throw; }Configuration
Disable or adjust the severity of this rule in .gauntletci.json:
{
"rules": {
"GCI0020": { "enabled": true, "severity": "Block" }
}
}See Configuration for the full schema.
Related rules
Resource Lifecycle
Detects disposable resources allocated without a using statement or try/finally disposal, leading to connection and handle leaks.
Error Handling Integrity
Detects swallowed exceptions (empty catch blocks) and exception handling patterns that hide failures from callers and operators.
Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0020_*.cs.
Eric Cogen -- Founder, GauntletCI
Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.