Add files via upload#26
Conversation
![prisma-cloud-devsecops[bot]](https://avatars.githubusercontent.com/in/135857?s=60&v=4){kind=small}
| protected void engineReset() { | ||
| // Implementation details | ||
| } | ||
| } |
There was a problem hiding this comment.
Unsafe custom MessageDigest is implemented
File: slavikTestSastCWE327.java | Checkov ID: CKV3_SAST_13
Description
CWE: CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP: A02:2021-Cryptographic Failures
Flag any custom classes that extend the java.security.MessageDigest class. MessageDigest is a Java class used for calculating message digests, also known as checksums or cryptographic hash functions. By extending MessageDigest, a developer could be creating a custom cryptographic hash function, which is generally considered error-prone and a bad practice.
Cryptography is a complex field and implementing a secure and reliable cryptographic hash function requires specific expertise. Improperly implemented hash functions can have vulnerabilities that can be exploited, leading to significant security risks.
Example of violating code:
import java.security.MessageDigest;
public class CustomDigest extends MessageDigest {
public CustomDigest() {
super("CustomDigest");
}
// ... custom implementation ...
}In the example above, a custom MessageDigest is being created, which would be flagged.
| @@ -0,0 +1,19 @@ | |||
| assert() | |||
There was a problem hiding this comment.
Improper handling of checking for unusual or exceptional conditions
File: slavik.py | Checkov ID: CKV3_SAST_4
Description
CWE: CWE-754: Improper Check for Unusual or Exceptional Conditions
The assert statement in Python is used for debugging purposes. It lets you test if a certain condition is met, and if not, the program will raise an AssertionError exception.
The main problem with assert is that it can be globally disabled with the -O (optimize) option in Python, or by setting the environment variable PYTHONOPTIMIZE to a non-empty string. This means that when Python code is run in optimized mode, all assert statements are ignored.
Therefore, if you're using assert to check for conditions that should prevent the program from continuing (for example, validating user input or checking configuration files), those checks will be skipped in optimized mode, which could lead to incorrect program behavior or even security vulnerabilities.
Here is an example of problematic code:
def process_data(data):
assert data is not None, "Data must not be None"
# Continue with processing...In this code, if Python is run with optimization enabled, the assert statement will be ignored, and the process_data function will proceed even if data is None, which could cause errors later on.
1 participant
No description provided.