Skip to main content

MAX_FILE_SIZE

Constant MAX_FILE_SIZE 

Source
pub const MAX_FILE_SIZE: u64 = _; // 10_485_760u64
Expand description

Maximum size, in bytes, of a single file the scanner will read into memory.

cc-audit inspects untrusted third-party artifacts, so an attacker fully controls file sizes. Reading an arbitrarily large file unconditionally lets a single multi-GB file exhaust memory and OOM-kill the scan (a DoS that can fail the security gate open). Files above this cap are refused before any allocation. 10 MiB is far above any legitimate Claude Code artifact (skills, hooks, MCP configs, lockfiles) while bounding worst-case memory.

See issue #143 (CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits).