CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
        • Aws-lambda
        • Gin
        • Gorilla
        • Gorm
        • Grpc
        • Jwt-go
        • Lang
          • Best practice
          • Correctness
          • Correctness
          • Maintainability
          • Memory
          • Security
          • Security
            • Audit
            • Audit
              • Crypto
              • Database
              • Net
              • Sqli
              • Xss
              • Xxe
            • Injection
        • Net
        • Otto
        • Secrets
        • Template
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Audit

    Crypto

    SSLv3 is insecure because it has known vulnerabilities. Starting with go1.14, SSLv3 will be removed. Instead, use ‘tls.VersionTLS13’.
    Likelihood: MEDIUM
    Confidence: HIGH
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    The package net/http/cgi is on the import blocklist. The package is vulnerable to httpoxy attacks (CVE-2015-5386). It is recommended to use net/http or a web framework to build a web application instead.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Do not use math/rand. Use crypto/rand instead.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    OWASP:
    - A02:2021 - Cryptographic Failures

    Disabled host key verification detected. This allows man-in-the-middle attacks. Use the ‘golang.org/x/crypto/ssh/knownhosts’ package to do host key verification. See https://skarlso.github.io/2019/02/17/go-ssh-with-host-key-verification/ to learn more about the problem and how to fix it.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-322: Key Exchange without Entity Authentication
    OWASP:
    - A02:2021 - Cryptographic Failures

    Detected an insecure CipherSuite via the ‘tls’ module. This suite is considered weak. Use the function ‘tls.CipherSuites()’ to get a list of good cipher suites. See https://golang.org/pkg/crypto/tls/#InsecureCipherSuites for why and what other cipher suites to use.
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    RSA keys should be at least 2048 bits
    Likelihood: HIGH
    Confidence: HIGH
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    MinVersion is missing from this TLS configuration. By default, TLS 1.2 is currently used as the minimum when acting as a client, and TLS 1.0 when acting as a server. General purpose web applications should default to TLS 1.3 with all other protocols disabled. Only where it is known that a web server must support legacy clients with unsupported an insecure browsers (such as Internet Explorer 10), it may be necessary to enable TLS 1.0 to provide support. Add `MinVersion: tls.VersionTLS13’ to the TLS configuration to bump the minimum version to TLS 1.3.
    Likelihood: MEDIUM
    Confidence: HIGH
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-328: Use of Weak Hash
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-328: Use of Weak Hash
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Detected DES cipher algorithm which is insecure. The algorithm is considered weak and has been deprecated. Use AES instead.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    Detected RC4 cipher algorithm which is insecure. The algorithm has many known vulnerabilities. Use AES instead.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    AuditDatabase
    twitterlinkedin
    Powered by Mintlify