TypeScript example

[try-panwiac]

No description provided.

[prisma-cloud-devsecops]

Prisma Cloud has found errors in this PR ⬇️

[prisma-cloud-devsecops]

  Observable timing discrepancy
    File: verify.ts | Checkov ID: CKV3_SAST_161

Description

CWE: CWE-208: Observable Timing Discrepancy

This SAST policy detects string comparisons using the ===, !==, ==, or != operators against security-sensitive values. These string comparisons are not constant time, meaning that the conditional statement will immediately exit as soon as the first character that does not match is found. This can lead to observable timing discrepancies and potentially allow an adversary to calculate or observe small timing differences to brute force a string that matches the expected value.

Vulnerable code example:

if (password == userInput) {
    // Do something
}

The above code is vulnerable because it compares the user's input with a security-sensitive value, password, using the == operator. This type of comparison is not constant time and allows an adversary to potentially guess the correct value by monitoring the timing differences.

[prisma-cloud-devsecops]

  Observable timing discrepancy
    File: verify.ts | Checkov ID: CKV3_SAST_161

Description

CWE: CWE-208: Observable Timing Discrepancy

This SAST policy detects string comparisons using the ===, !==, ==, or != operators against security-sensitive values. These string comparisons are not constant time, meaning that the conditional statement will immediately exit as soon as the first character that does not match is found. This can lead to observable timing discrepancies and potentially allow an adversary to calculate or observe small timing differences to brute force a string that matches the expected value.

Vulnerable code example:

if (password == userInput) {
    // Do something
}

The above code is vulnerable because it compares the user's input with a security-sensitive value, password, using the == operator. This type of comparison is not constant time and allows an adversary to potentially guess the correct value by monitoring the timing differences.

[prisma-cloud-devsecops]

  Observable timing discrepancy
    File: verify.ts | Checkov ID: CKV3_SAST_161

Description

CWE: CWE-208: Observable Timing Discrepancy

This SAST policy detects string comparisons using the ===, !==, ==, or != operators against security-sensitive values. These string comparisons are not constant time, meaning that the conditional statement will immediately exit as soon as the first character that does not match is found. This can lead to observable timing discrepancies and potentially allow an adversary to calculate or observe small timing differences to brute force a string that matches the expected value.

Vulnerable code example:

if (password == userInput) {
    // Do something
}

The above code is vulnerable because it compares the user's input with a security-sensitive value, password, using the == operator. This type of comparison is not constant time and allows an adversary to potentially guess the correct value by monitoring the timing differences.

[prisma-cloud-devsecops]

  JSON Web Tokens (JWT) signature verification bypass
    File: verify.ts | Checkov ID: CKV3_SAST_181

Description

CWE: CWE-347: Improper Verification of Cryptographic Signature
OWASP: A02:2021-Cryptographic Failures

This policy identifies instances in JavaScript where JSON Web Tokens (JWT) are decoded or processed without proper verification of the token's signature.

Vulnerable code example:

let jwt = require('jsonwebtoken');
let decoded = jwt.decode(token);

The above code is vulnerable to cryptographic failures as it improperly verifies the cryptographic signature of the JSON Web Token. This could potentially result in JWT signature verification bypass.