Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re: DomainTools Microsoft Sentinel Solutions - CodeQL alerts - CRM:01390016354 #11365

Merged
merged 1 commit into from
Nov 14, 2024
Merged

Re: DomainTools Microsoft Sentinel Solutions - CodeQL alerts - CRM:01390016354 #11365

merged 1 commit into from
Nov 14, 2024

Conversation

wesleya
Copy link
Contributor

@wesleya wesleya commented Oct 30, 2024

Change(s):

  • Use hashlib.sha256 to avoid any ambiguity

Reason for Change(s):

  • Attempting to resolve CodeQL alerts - CRM:01390016354

Version Updated:

  • No

Testing Completed:

  • Yes

Checked that the validations are passing and have addressed any issues that are present:

  • Need Help

Additional Details:
We received CodeQL alerts asking us to switch hashing algorithms to sha256. For example:

11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainRiskScore/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity

However, I'm unable to find any reference to md5 hash algorithm in the file referenced in the above example, or any of the files referenced in the full CodeQL alert. The only hash algorithm I see in the above referenced file is already sha256. I'm unfamiliar with how these alerts are generated, is it possible this alert was generated on an old package?

This PR changes import/syntax of sha256 to hashlib.sha256 in case that's what the "Use hashlib.sha256 to avoid any ambiguity" part of the CodeQL alert is referring to? Please review the changes in this PR. If this resolves the issue, I will apply the same update to the remaining files mentioned in the CodeQL alert and re-submit the PR. If no changes are needed, I'll close this PR. Please let me know if a different fix is required, thank you!

Full Code QL alert:


Due Date | Issue | SolutionName | FilePath | Fix |   |   |  
-- | -- | -- | -- | -- | -- | -- | --
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIPHost-Domains/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ClassicReverseIP/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/EnrichDomain/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByRegistrantName/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainProfile/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainSearch/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIPWhois/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseIP/__init__.py | Change sha1 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotMXHost/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnTaggedWithAll/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseEmailDomain/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/Evidence/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotBySSLHash/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/InvestigateDomain/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseNameServer/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByRegistrantOrg/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnDomainsFromSearchHash/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseEmail/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/HostingHistory/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/WhoisHistory/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotNameServerHost/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReverseWhois/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/WhoisLookup/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ParsedWhois/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/ReturnTaggedWithAny/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByNameserverIPAddress/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotByMXIP/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/DomainRiskScore/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity
11/10/2024 | Use of unrecognized hash algorithm | DomainTools | Solutions/DomainTools/Playbooks/CustomConnector/DomainTools_FunctionAppConnector/PivotSSLEmail/__init__.py | Change md5 to sha256. Use hashlib.sha256 to avoid any ambiguity

@wesleya wesleya requested review from a team as code owners October 30, 2024 15:57
@v-prasadboke v-prasadboke self-assigned this Nov 4, 2024
@v-prasadboke v-prasadboke added Playbook Playbook specialty review needed Solution Solution specialty review needed labels Nov 4, 2024
@wesleya
Copy link
Contributor Author

wesleya commented Nov 4, 2024

Hi @v-prasadboke, any thoughts on my questions in the "additional details" section of this PR description? Are we on the right track with this sample change? Or was the codeQL alert possibly run on an older version of this app?

@v-prasadboke
Copy link
Contributor

Hello @wesleya, Can you please provide me write permission to this branch need to committ updated zip of the connector

@wesleya
Copy link
Contributor Author

wesleya commented Nov 6, 2024

Hi @v-prasadboke I've sent you an invite, please let me know if you didn't receive it. Thank you!

@wesleya
Copy link
Contributor Author

wesleya commented Nov 12, 2024

Hi @v-prasadboke just checking in, did you have any guidance on my previous questions? Or do you need anymore context from us? Thank you!

@v-prasadboke v-prasadboke merged commit 3ffd473 into Azure:master Nov 14, 2024
31 checks passed
@v-prasadboke v-prasadboke mentioned this pull request Nov 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@v-prasadboke v-prasadboke v-prasadboke approved these changes

Assignees

@v-prasadboke v-prasadboke

Labels
Playbook Playbook specialty review needed Solution Solution specialty review needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wesleya @v-prasadboke