Greetings,
I am a security researcher, who is looking for security smells in Chef scripts.
I found instances where certain keywords such as TODO, HACK, FIXME, bug repository IDs, in comments within Chef scripts.
According to the Common Weakness Enumeration organization this is a security weakness
(CWE-546: Suspicious Comment https://cwe.mitre.org/data/definitions/546.html).
I am trying to find out if you agree with the findings. I think it is possible to have a nuanced perspective. Any feedback is appreciated.
Source:
- https://github.com/berekuk/questhub/blob/master/cookbooks/apt/providers/repository.rb
Greetings,
I am a security researcher, who is looking for security smells in Chef scripts.
I found instances where certain keywords such as TODO, HACK, FIXME, bug repository IDs, in comments within Chef scripts.
According to the Common Weakness Enumeration organization this is a security weakness
(CWE-546: Suspicious Comment https://cwe.mitre.org/data/definitions/546.html).
I am trying to find out if you agree with the findings. I think it is possible to have a nuanced perspective. Any feedback is appreciated.
Source: