I know this is a ‘joke’, but it sparked in me actual questions that I am sure some folks here will know the answers to:
What are the security guarantees with writing in COBOL? Like, does COBOL allow out-of-bounds memory access? How does it compare to C or Rust as far as allowing ‘accidental’ security lapses?
> Like, does COBOL allow out-of-bounds memory access?
Modern COBOL compilers will catch this with an error; if you do manage to compile and run, you'll get a runtime error or immediate crash.
> How does it compare to C or Rust as far as allowing ‘accidental’ security lapses?
COBOL has reference modification that can easily be purposefully used to reference memory outside the bound of the original data you target. It isn't memory safe, it's just very restrictive so many errors/misuses get weeded out during compiling.
I wondered about that as well while looking into the http handler. I think a missing space between method and path overruns the buffer (haven't tried running it though).