Pensar - auto fix for Unbounded Tweet Retrieval Resource Exhaustion

[pensarappdev]

• Introduced a class constant MAX_TWEET_LIMIT = 3200 within the Utils class to denote the upper bound for tweet fetching.
• Added strict input validation and clamping logic in both user_lookup_tweepy and user_lookup_sns methods:
  • If quantity is not a positive integer, raise ValueError.
  • If quantity exceeds MAX_TWEET_LIMIT, issue a warning via logger and cap quantity to MAX_TWEET_LIMIT.
• In user_lookup_sns, changed the pagination break condition from if idx > quantity: to if idx >= quantity: to properly fetch up to quantity tweets.
• This ensures no unbounded resource consumption is possible, mitigating the risk of DOS and excessive network/API usage due to malicious or accidental large input.
• No additional changes or dependency updates were required as per provided issues.

More Details

Type	Identifier	Message	Severity	Link
Application	CWE-400	The quantity parameter originates from external input and is passed directly to tweepy.Cursor(...).items(quantity) without any upper bound or sanity check. An attacker can request an extremely large number (e.g., 100 million), forcing the application to iterate over a massive number of API calls and objects, potentially exhausting network bandwidth, CPU, memory, and hitting Twitter rate-limits. This constitutes Uncontrolled Resource Consumption (CWE-400) and can be abused for denial-of-service or unexpected cost spikes.	high	Link