Update timing_attack_node.yaml (#113)

Add more explanation about the attack. Remove Snyk reference. Add NodeJs reference.
ajinabraham · Mar 13, 2024 · 40ff09e · 40ff09e
1 parent 5cbf144
commit 40ff09e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/njsscan/rules/semantic_grep/crypto/timing_attack_node.yaml b/njsscan/rules/semantic_grep/crypto/timing_attack_node.yaml
@@ -485,7 +485,8 @@ rules:
               return api != $X;
     message: >-
       String comparisons using '===', '!==', '!=' and '==' is vulnerable to timing attacks.
-      More info: https://snyk.io/blog/node-js-timing-attack-ccc-ctf/
+      A timing attack allows the attacker to learn potentially sensitive information by, for example, measuring how long it takes for the application to respond to a request. 
+      More info: https://nodejs.org/en/learn/getting-started/security-best-practices#information-exposure-through-timing-attacks-cwe-208
     languages:
       - javascript
     severity: WARNING