fix: the all_permutations in all_permutations.py#14595
fix: the all_permutations in all_permutations.py#14595orbisai0security wants to merge 1 commit intoTheAlgorithms:masterfrom
Conversation
Automated security fix generated by Orbis Security AI
algorithms-keeper
Bot
added
enhancement
|
|
||
| print("Enter the elements") | ||
| sequence = list(map(int, input().split())) | ||
| MAX_SEQUENCE_LENGTH = 8 |
There was a problem hiding this comment.
Consider moving MAX_SEQUENCE_LENGTH to the module level instead of defining it inside this input block. That makes the limit easier to find, reuse, and update later.
There was a problem hiding this comment.
@orbisai0security can you address code review comments?
| print("Enter the elements") | ||
| sequence = list(map(int, input().split())) | ||
| MAX_SEQUENCE_LENGTH = 8 | ||
| user_input = list(map(int, input().split())) |
There was a problem hiding this comment.
This still only supports integer input from the user, while the function type hints allow both int and str. Consider documenting that interactive input only accepts integers, or update the parsing logic to support strings too.
| sequence = list(map(int, input().split())) | ||
| MAX_SEQUENCE_LENGTH = 8 | ||
| user_input = list(map(int, input().split())) | ||
| if len(user_input) > MAX_SEQUENCE_LENGTH: |
There was a problem hiding this comment.
The length check happens after converting all input values into a list. For very large input, this still loads everything into memory first. Consider checking the split input length before mapping to integers.
| MAX_SEQUENCE_LENGTH = 8 | ||
| user_input = list(map(int, input().split())) | ||
| if len(user_input) > MAX_SEQUENCE_LENGTH: | ||
| raise ValueError(f"Input sequence too long (max {MAX_SEQUENCE_LENGTH} elements).") |
There was a problem hiding this comment.
Consider adding a test or doctest for the new length limit so this behavior is verified automatically and does not regress later.
4 participants
Summary
Fix high severity security issue in
backtracking/all_permutations.py.Vulnerability
V-002backtracking/all_permutations.py:81Description: The all_permutations.py script reads an unbounded sequence of integers from CLI input at line 81 and generates all permutations with no upper bound on sequence length. Permutation generation has O(n!) time and memory complexity. With n=20, this produces approximately 2.4 quintillion permutations, exhausting CPU and RAM and rendering the host system unresponsive or triggering an out-of-memory kill of the process.
Changes
backtracking/all_permutations.pyVerification
Automated security fix by OrbisAI Security