CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
        • Lang
          • Security
        • Security
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Lang

    Security

    command-injection-shell-call

    A call to clojure.java.shell has been found, this could lead to an RCE if the inputs are user-controllable. Please ensure their origin is validated and sanitized.
    Likelihood: MEDIUM
    Confidence: LOW
    CWE:
    - CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
    OWASP:
    - A01:2017 - Injection
    - A03:2021 - Injection

    documentbuilderfactory-xxe

    DOCTYPE declarations are enabled for javax.xml.parsers.SAXParserFactory. Without prohibiting external entity declarations, this is vulnerable to XML external entity attacks. Disable this by setting the feature “http://apache.org/xml/features/disallow-doctype-decl” to true. Alternatively, allow DOCTYPE declarations and only prohibit external entities declarations. This can be done by setting the features “http://xml.org/sax/features/external-general-entities” and “http://xml.org/sax/features/external-parameter-entities” to false.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-611: Improper Restriction of XML External Entity Reference
    OWASP:
    - A04:2017 - XML External Entities (XXE)
    - A05:2021 - Security Misconfiguration

    use-of-md5

    MD5 hash algorithm detected. This is not collision resistant and leads to easily-cracked password hashes. Replace with current recommended hashing algorithms.
    Likelihood: MEDIUM
    Confidence: HIGH
    CWE:
    - CWE-328: Use of Weak Hash
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    use-of-sha1

    Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Instead, use PBKDF2 for password hashing or SHA256 or SHA512 for other hash function applications.
    Likelihood: MEDIUM
    Confidence: HIGH
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    - CWE-328: Use of Weak Hash
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures
    SecurityClojure read string
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.