Categories
Amazon Featured Java Language Python Tech News Unicorns

AWS’s CodeGuru Reviewer Now Has New Features To Spots Log4Shell-Like Bugs In Java And Python Code

The Amazon Web Services’ CodeGuru Reviewer Tool’s ‘detectors’ has been updated to seek out potential flaws like the recently disclosed Log4J bug.

Two new features are now available for CodeGuru Reviewer, an AWS scanner that uses machine learning to check code during reviews and suggest improvements. The tool aims to improve reviews in the context of continuous integration processes (CI/CD) developed by developers with source codes stored on GitHub or Bitbucket; after they commit their work onto these platforms, it will be easy for them to add CodeGuru Reviewer as a code reviewer.

This past year, the company added new features to help flesh out their security checks. The first is CodeGuru Reviewer Secrets Detector which detects risky hardcoded secrets in source code and configuration files for Java or Python applications like passwords (and API access keys).

With the new features for CodeGuru Review, which includes the ‘Detector Library,’ you can now detect common security flaws affecting Java and Python web applications as well as several detectors specifically aimed at Log4Shell-like log injection.

The detector library is a great resource for reviewing the many different types of vulnerabilities that can occur in your code. It contains information about each security issue, including its severity and how it may affect an application process or system functionality. With over 91 Java and 69 Python detectors to choose from, the library’s comprehensive security system has you covered.

References:

  • https://aws.amazon.com/blogs/aws/new-for-amazon-codeguru-reviewer-detector-library-and-security-detectors-for-log-injection-flaws/
  • https://www.zdnet.com/article/awss-ai-code-reviewer-now-spots-log4shell-like-bugs-in-java-and-python-code/
Categories
Language Swift Tech News Twitter Unicorns

Twitter Engineering Team Introduces A New Swift Package For Apache Thrift

Twitter is excited to announce the release of their new open-source, lightweight Thrift library for ApacheThrift and for communicating with backend servers. The company says that this will make it easier than ever before in developing software using Apple platforms and allow more people across all skill levels.

Thrift is an open-source interface description language similar to Google’s Protobuf. Thrifts and protofab are very similar; the main difference is that while prototypists use Serializer implementations for conversion purposes, at Twitter, they mainly rely on it to store data across services and communicate between ones where necessary.

Twitter wanted to use Swift in their new telemetry system because most features of the Twitter app are developed using that language. The library they previously used for Thrift only supported Objective-C, and it wasn’t intuitive or easy on anyone who had been coding exclusively with C.

Twitter Apache Thrift is a simple yet powerful package that you can add to any project in Xcode with ease. It doesn’t have any Foundation system framework dependencies, making it an ideal option for beginners!

Github: https://github.com/twitter/ios-twitter-apache-thrift

Reference: https://blog.twitter.com/engineering/en_us/topics/open-source/2022/introducing-twitter-apache-thrift

 

Categories
Google Tech News Uncategorized Unicorns

Google Open-Source ‘network-opt’: A C++ Library For Network Optimization

We are all part of the internet. From your computer’s electrical circuits to be networked networks that route data around globe, we live in this vast web-connected by blue links on pages everywhere you look- whether it is an article online or something more personal like Facebook status updates.

Networks have a variety of different shapes and sizes, from the most simple networks where all nodes communicate with each other to more complex arrangements that involve dedicated links or bridges between groups. The number is exponential as well; just 12 active participants can produce over 1 trillion possible topologies.

Google researchers have introduced a new open-source C++ library, ‘network-opt’, that can optimize network topologies. Using sophisticated techniques for combinatorial search, this algorithm efficiently constructs instances from series-parallel networks commonly found in electrical and telecommunications applications.

Paper: https://research.google/pubs/pub51051/

Github: https://github.com/google/network-opt

Reference: https://opensource.googleblog.com/2022/02/A-New-Library-for-Network-Optimization.html