-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathsemgrep.yaml
More file actions
43 lines (43 loc) · 1.96 KB
/
semgrep.yaml
File metadata and controls
43 lines (43 loc) · 1.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
rules:
- id: clojure.lang.security.use-of-md5.use-of-md5
languages:
- clojure
message: MD5 hash algorithm detected. This is not collision resistant and leads to easily-cracked password hashes. Replace with current recommended hashing algorithms.
metadata:
author: Gabriel Marquet <gab.marquet@gmail.com>
category: security
confidence: HIGH
cwe:
- 'CWE-328: Use of Weak Hash'
impact: HIGH
likelihood: MEDIUM
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html
- https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
source-rule-url: https://github.com/clj-holmes/clj-holmes-rules/blob/main/security/weak-hash-function-md5.yml
subcategory:
- vuln
technology:
- clojure
pattern-either:
- pattern: (MessageDigest/getInstance "MD5")
- pattern: (MessageDigest/getInstance MessageDigestAlgorithms/MD5)
- pattern: (MessageDigest/getInstance org.apache.commons.codec.digest.MessageDigestAlgorithms/MD5)
- pattern: (java.security.MessageDigest/getInstance "MD5")
- pattern: (java.security.MessageDigest/getInstance MessageDigestAlgorithms/MD5)
- pattern: (java.security.MessageDigest/getInstance org.apache.commons.codec.digest.MessageDigestAlgorithms/MD5)
severity: WARNING
- id: codacy.generic.plsql.empty-strings
languages:
- generic
message: Empty strings can lead to unexpected behavior and should be handled carefully.
metadata:
category: security
confidence: MEDIUM
description: Detects empty strings in the code which might cause issues or bugs.
impact: MEDIUM
pattern: $VAR VARCHAR2($LENGTH) := '';
severity: WARNING