I am a security researcher, who is looking for security smells in Ansible scripts.
I found instances where certain keywords such as TODO, HACK, FIXME, bug repository IDs, in comments within Chef scripts.
According to the Common Weakness Enumeration organization this is a security weakness
(CWE-546: Suspicious Comment https://cwe.mitre.org/data/definitions/546.html).
I am trying to find out if you agree with the findings. I think it is possible to have a nuanced perspective. Any feedback is appreciated.
Greetings,
I am a security researcher, who is looking for security smells in Ansible scripts. I found instances where certain keywords such as TODO, HACK, FIXME, bug repository IDs, in comments within Chef scripts. According to the Common Weakness Enumeration organization this is a security weakness (CWE-546: Suspicious Comment https://cwe.mitre.org/data/definitions/546.html).
I am trying to find out if you agree with the findings. I think it is possible to have a nuanced perspective. Any feedback is appreciated.
Any feedback is appreciated.
Source: https://github.com/2015-Middleware-Keynote/demo-ansible/blob/master/playbooks/post_setup.yml