AWS's AI code reviewer now spots Log4Shell-like bugs in Java and Python code

Amazon Web Services (AWS) has updated the ‘detectors’ in its CodeGuru Reviewer tool to seek out log injection flaws like the recently disclosed Log4Shell bug in the popular Java logging library Log4J.

The critical Log4J bugs, collectively dubbed Log4Shell after their disclosure in December, jolted the tech industry and end-user organizations into mass remediation efforts that may have averted major attacks to date, but are expected to lurk in systems for years.

At the time, AWS released several tools to help customers protect resources, such as new web application firewall rules, and updates to its Inspector tool to detect the vulnerability in EC2 VM instances.

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

AWS has now announced two new features for CodeGuru Reviewer, AWS’s scanner that uses machine learning to check code during reviews for bugs and to suggest improvements for security issues. The tool aims to improve code reviews in the context of continuous integration and development (CI/CD) processes for developers with code. After developers commit code to say, GitHub or Bitbucket, they can add CodeGuru Reviewer as a code reviewer.

The new features help flesh out the service’s security checks. Last year, it added the CodeGuru Reviewer Secrets Detector, which detects risky

Read More: https://www.zdnet.com/article/awss-ai-code-reviewer-now-spots-log4shell-like-bugs-in-java-and-python-code/#ftag=RSSbaffb68