HomeCloud ComputingNew for Amazon CodeGuru Reviewer – Detector Library and Safety Detectors for...

New for Amazon CodeGuru Reviewer – Detector Library and Safety Detectors for Log-Injection Flaws


Amazon CodeGuru Reviewer is a developer software that detects safety vulnerabilities in your code and gives clever suggestions to enhance code high quality. For instance, CodeGuru Reviewer launched Safety Detectors for Java and Python code to establish safety dangers from the prime ten Open Net Utility Safety Undertaking (OWASP) classes and comply with safety finest practices for AWS APIs and customary crypto libraries. At re:Invent, CodeGuru Reviewer launched a secrets and techniques detector to establish hardcoded secrets and techniques and counsel remediation steps to safe your secrets and techniques with AWS Secrets and techniques Supervisor. These capabilities enable you discover and remediate safety points earlier than you deploy.

Immediately, I’m pleased to share two new options of CodeGuru Reviewer:

  • A brand new Detector Library describes intimately the detectors that CodeGuru Reviewer makes use of when on the lookout for doable defects and contains code samples for each Java and Python.
  • New safety detectors have been launched for detecting log-injection flaws in Java and Python code, much like what occurred with the latest Apache Log4j vulnerability we described on this weblog put up.

Let’s see these new options in additional element.

Utilizing the Detector Library
That can assist you perceive extra clearly which detectors CodeGuru Reviewer makes use of to evaluate your code, we are actually sharing a Detector Library the place you will discover detailed info and code samples.

These detectors enable you construct safe and environment friendly purposes on AWS. Within the Detector Library, you will discover detailed details about CodeGuru Reviewer’s safety and code high quality detectors, together with descriptions, their severity and potential affect in your utility, and extra info that helps you mitigate dangers.

Observe that every detector seems to be for a variety of code defects. We embody one noncompliant and compliant code instance for every detector. Nonetheless, CodeGuru makes use of machine studying and automatic reasoning to establish doable points. For that reason, every detector can discover a vary of defects along with the specific code instance proven on the detector’s description web page.

Let’s take a look at a couple of detectors. One detector is on the lookout for insecure cross-origin useful resource sharing (CORS) insurance policies which are too permissive and will result in loading content material from untrusted or malicious sources.

Detector Library screenshot.

One other detector checks for improper enter validation that may allow assaults and result in undesirable habits.

Detector Library screenshot.

Particular detectors enable you use the AWS SDK for Java and the AWS SDK for Python (Boto3) in your purposes. For instance, there are detectors that may detect hardcoded credentials, akin to passwords and entry keys, or inefficient polling of AWS assets.

New Detectors for Log-Injection Flaws
Following the latest Apache Log4j vulnerability, we launched in CodeGuru Reviewer new detectors that test should you’re logging something that’s not sanitized and presumably executable. These detectors cowl the difficulty described in CWE-117: Improper Output Neutralization for Logs.

These detectors work with Java and Python code and, for Java, are usually not restricted to the Log4j library. They don’t work by wanting on the model of the libraries you employ, however test what you might be really logging. On this approach, they’ll shield you if related bugs occur sooner or later.

Detector Library screenshot.

Following these detectors, user-provided inputs have to be sanitized earlier than they’re logged. This avoids having an attacker be capable to use this enter to interrupt the integrity of your logs, forge log entries, or bypass log displays.

Availability and Pricing
These new options can be found in the present day in all AWS Areas the place Amazon CodeGuru is obtainable. For extra info, see the AWS Regional Providers Checklist.

The Detector Library is free to browse as a part of the documentation. For the brand new detectors on the lookout for log-injection flaws, customary pricing applies. See the CodeGuru pricing web page for extra info.

Begin utilizing Amazon CodeGuru Reviewer in the present day to enhance the safety of your code.

Danilo



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments