"AWS' AI Code Reviewer Now Spots Log4Shell-Like Bugs in Java and Python Code"

Amazon Web Services (AWS) has updated its CodeGuru Reviewer tool detectors to find log injection flaws similar to the recently disclosed Log4Shell bug in the popular Java logging library Log4J. AWS' CodeGuru Reviewer is a scanner that applies Machine Learning (ML) to check code during reviews for bugs and to recommend revisions that address security issues. The tool's goal is to improve code reviews in the context of Continuous Integration/Continuous Development (CI/CD) processes. For example, after committing code to GitHub or Bitbucket, the developer can add CodeGuru Reviewer to review the code. The new features for CodeGuru Reviewer include a Detector Library for common security flaws impacting Java and Python web applications, and several security detectors for Log4Shell-like log injection flaws. The Detector Library lists several detectors for flaws common to Java and Python programming, such as unauthenticated LDAP requests in Java code. It also provides details about each security issue, highlighting their severity and impact on an application, and one case of non-compliant and compliant code for the issue. The library currently has 91 Java detectors and 69 Python detectors. AWS noted that CodeGuru uses ML and Automated Reasoning (AR) to identify possible problems, enabling each detector to find a range of defects. This article continues to discuss the new features of AWS' CodeGuru Reviewer aimed at spotting Log4Shell-like bugs in Java and Python code.

ZDNet reports "AWS' AI Code Reviewer Now Spots Log4Shell-Like Bugs in Java and Python Code"