I am a security researcher, who is looking for security smells in Chef scripts.
I found instances where certain keywords such as TODO, HACK, FIXME, bug repository IDs, in comments within Chef scripts.
According to the Common Weakness Enumeration organization this is a security weakness
(CWE-546: Suspicious Comment https://cwe.mitre.org/data/definitions/546.html).
I am trying to find out if you agree with the findings. I think it is possible to have a nuanced perspective. Any feedback is appreciated.
Greetings,
I am a security researcher, who is looking for security smells in Chef scripts. I found instances where certain keywords such as TODO, HACK, FIXME, bug repository IDs, in comments within Chef scripts. According to the Common Weakness Enumeration organization this is a security weakness (CWE-546: Suspicious Comment https://cwe.mitre.org/data/definitions/546.html).
I am trying to find out if you agree with the findings. I think it is possible to have a nuanced perspective. Any feedback is appreciated.
Source: