Johannes Späth
Johannes Späth
Hi @SumoSourabh The [Readme.md](https://github.com/SumoLogic/sumologic-aws-lambda/blob/main/cloudwatchevents/README.md#running-tests) for the CloudWatchEvents deployments needs an update, as it contains an AWS SAR security vulnerability that has been recently discovered. We wrote a [detailed explanation](https://codeshield.io/blog/2021/08/26/sar_confused_deputy/) on...
## This is my intent (choose one) - [ ] I want to report a bug - [ ] I want to request a feature or change - [x] I...
Hi @dacort the README [states](https://github.com/dacort/athena-sqlite#serverless-app-repo) that deployment is done using AWS SAR. There has been a [recent cross-account vulnerability](https://codeshield.io/blog/2021/08/26/sar_confused_deputy/) related to AWS SAR and your repo may be affected. In...
The code generated by CogniCrypt should have comments that ease the integration into the own code. More detailed suggestions are found in a [comment of the golem article (german)](https://forum.golem.de/kommentare/security/software-entwickler-krypto-fehler-vermeiden-mit-cognicrypt/die-idee-ist-super/126648,5387813,5387813,read.html#msg-5387813).
When the analysis is run on the [own jar file](https://github.com/CROSSINGTUD/CryptoAnalysis/releases), the analysis crashes. (see strack trace below) Soot reads in the jar file incorrectly and tries to load a class...
The data-flow of a static field is not correctly detected. The test case below succeeds ``` @Test public void generateNewAES128GCMKeySet() throws GeneralSecurityException { KeyTemplate kt = AeadKeyTemplates.createAesGcmKeyTemplate(16); Assertions.hasEnsuredPredicate(kt); } ```...
The analysis varies highly from project to project. We should evaluate how the following factors influence the analysis time such that we can predict it in CogniCrypt. - Complexity of...
For each finding, we want to output the set of statements (i.e., path) *relevant* for the data-flow propagation. A statement is relevant, if the propagated variable is used at the...
The analysis generates a lot of [IncompleteOperationErrors](https://github.com/CROSSINGTUD/CryptoAnalysis/blob/master/CryptoAnalysis/src/main/java/crypto/analysis/errors/IncompleteOperationError.java). Extend the test cases found [here](https://github.com/CROSSINGTUD/CryptoAnalysis/blob/master/CryptoAnalysis/src/test/java/test/headless/HeadlessTests.java) to test more thoroughly for these errors.
Hi @pushplay, I just crossed with your repo and saw it uses CloudFormation template, some of which you have been working on. I am developing a tool to visualize data-flows...