rspec/rules/S7002/default-description.html

<div class="sect1">
<h2 id="_description">Description</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Secret leaks often occur when a sensitive piece of authentication data is
stored with the source code of an application. Considering the source code is
intended to be deployed across multiple assets, including source code
repositories or application hosting servers, the secrets might get exposed to an
unintended audience.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_why_is_this_an_issue">Why is this an issue?</h2>
<div class="sectionbody">
<div class="paragraph">
<p>In most cases, trust boundaries are violated when a secret is exposed in a
source code repository or an uncontrolled deployment environment.
Unintended people who don&#8217;t need to know the secret might get access to it. They
might then be able to use it to gain unwanted access to associated services or
resources.</p>
</div>
<div class="paragraph">
<p>The trust issue can be more or less severe depending on the people&#8217;s role and
entitlement.</p>
</div>
<div class="sect2">
<h3 id="_what_is_the_potential_impact">What is the potential impact?</h3>
<div class="paragraph">
<p>Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.</p>
</div>
<div class="sect3">
<h4 id="_infrastructure_takeover">Infrastructure takeover</h4>
<div class="paragraph">
<p>By obtaining a leaked secret, an attacker can gain control over your organization&#8217;s Linode infrastructure. They can modify DNS settings, redirect traffic, or launch malicious instances that can be used for various nefarious activities, including launching DDoS attacks, hosting phishing websites, or distributing malware. Malicious instances may also be used for resource-intensive tasks such as cryptocurrency mining.</p>
</div>
<div class="paragraph">
<p>This can result in legal liability, but also increased costs, degraded performance, and potential service disruptions.</p>
</div>
<div class="paragraph">
<p>Furthermore, corporate Linode infrastructures are often connected to other services and to the internal networks of the organization. Because of this, cloud infrastructure is often used by attackers as a gateway to other assets. Attackers can leverage this gateway to gain access to more services, to compromise more business-critical data and to cause more damage to the overall infrastructure.</p>
</div>
</div>
<div class="sect3">
<h4 id="_compromise_of_sensitive_data">Compromise of sensitive data</h4>
<div class="paragraph">
<p>If the affected service is used to store or process personally identifiable
information or other sensitive data, attackers knowing an authentication secret
could be able to access it. Depending on the type of data that is compromised,
it could lead to privacy violations, identity theft, financial loss, or other
negative outcomes.</p>
</div>
<div class="paragraph">
<p>In most cases, a company suffering a sensitive data compromise will face a
reputational loss when the security issue is publicly disclosed.</p>
</div>
</div>
<div class="sect3">
<h4 id="_modification_of_application_data">Modification of application data</h4>
<div class="paragraph">
<p>Applications may rely on data that cannot be distributed with the application
code. This may be due to the size of the data, or because the data is regularly
updated. This data is downloaded by the application as it is needed.</p>
</div>
<div class="paragraph">
<p>If an attacker can gain access to an authentication secret, they may be able to
alter or delete this application data. This may cause parts of the application
to misbehave or stop working. Maliciously altered data could also contain
undesirable content which results in reputational damage.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_how_to_fix_it">How to fix it</h2>
<div class="sectionbody">
<div class="paragraph">
<p><strong>Revoke the secret</strong></p>
</div>
<div class="paragraph">
<p>Revoke any leaked secrets and remove them from the application source code.</p>
</div>
<div class="paragraph">
<p>Before revoking the secret, ensure that no other applications or processes are
using it. Other usages of the secret will also be impacted when the secret is
revoked.</p>
</div>
<div class="paragraph">
<p><strong>Use a secret vault</strong></p>
</div>
<div class="paragraph">
<p>A secret vault should be used to generate and store the new secret. This
will ensure the secret&#8217;s security and prevent any further unexpected disclosure.</p>
</div>
<div class="paragraph">
<p>Depending on the development platform and the leaked secret type, multiple
solutions are currently available.</p>
</div>
<div class="sect2">
<h3 id="_code_examples">Code examples</h3>
<div class="sect3">
<h4 id="_noncompliant_code_example">Noncompliant code example</h4>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-java" data-lang="java">props.set("linode-token", "eb1429239d3a82b7d7f9dca569012e74e611b0fde840e7f6c9fe1735ac1258ca") // Noncompliant</code></pre>
</div>
</div>
</div>
<div class="sect3">
<h4 id="_compliant_solution">Compliant solution</h4>
<div class="listingblock">
<div class="content">
<pre class="highlight"><code class="language-java" data-lang="java">props.set("linode-token", System.getenv("LINODE_TOKEN"))</code></pre>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_resources">Resources</h2>
<div class="sectionbody">
<div class="sect2">
<h3 id="_standards">Standards</h3>
<div class="ulist">
<ul>
<li>
<p>OWASP - <a href="https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/">Top 10 2021 Category A7 - Identification and Authentication Failures</a></p>
</li>
<li>
<p>OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data Exposure</a></p>
</li>
<li>
<p>CWE - <a href="https://cwe.mitre.org/data/definitions/798">CWE-798 - Use of Hard-coded Credentials</a></p>
</li>
<li>
<p>CWE - <a href="https://cwe.mitre.org/data/definitions/259">CWE-259 - Use of Hard-coded Password</a></p>
</li>
<li>
<p>STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222642">Application Security and Development: V-222642</a> - The application must not contain embedded authentication data.</p>
</li>
</ul>
</div>
</div>
</div>
</div>
Deploying to gh-pages from @ efc8e97d4020c5f6556aa2a90d4ea2840f00ed1d 🚀 2025-03-29 03:09:29 +00:00			`<div class="sect1">`
			`<h2 id="_description">Description</h2>`
			`<div class="sectionbody">`
			`<div class="paragraph">`
			`<p>Secret leaks often occur when a sensitive piece of authentication data is`
			`stored with the source code of an application. Considering the source code is`
			`intended to be deployed across multiple assets, including source code`
			`repositories or application hosting servers, the secrets might get exposed to an`
			`unintended audience.</p>`
			`</div>`
			`</div>`
			`</div>`
			`<div class="sect1">`
			`<h2 id="_why_is_this_an_issue">Why is this an issue?</h2>`
			`<div class="sectionbody">`
			`<div class="paragraph">`
			`<p>In most cases, trust boundaries are violated when a secret is exposed in a`
			`source code repository or an uncontrolled deployment environment.`
			`Unintended people who don’t need to know the secret might get access to it. They`
			`might then be able to use it to gain unwanted access to associated services or`
			`resources.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p>The trust issue can be more or less severe depending on the people’s role and`
			`entitlement.</p>`
			`</div>`
			`<div class="sect2">`
			`<h3 id="_what_is_the_potential_impact">What is the potential impact?</h3>`
			`<div class="paragraph">`
			`<p>Below are some real-world scenarios that illustrate some impacts of an attacker`
			`exploiting the secret.</p>`
			`</div>`
			`<div class="sect3">`
			`<h4 id="_infrastructure_takeover">Infrastructure takeover</h4>`
			`<div class="paragraph">`
			`<p>By obtaining a leaked secret, an attacker can gain control over your organization’s Linode infrastructure. They can modify DNS settings, redirect traffic, or launch malicious instances that can be used for various nefarious activities, including launching DDoS attacks, hosting phishing websites, or distributing malware. Malicious instances may also be used for resource-intensive tasks such as cryptocurrency mining.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p>This can result in legal liability, but also increased costs, degraded performance, and potential service disruptions.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p>Furthermore, corporate Linode infrastructures are often connected to other services and to the internal networks of the organization. Because of this, cloud infrastructure is often used by attackers as a gateway to other assets. Attackers can leverage this gateway to gain access to more services, to compromise more business-critical data and to cause more damage to the overall infrastructure.</p>`
			`</div>`
			`</div>`
			`<div class="sect3">`
			`<h4 id="_compromise_of_sensitive_data">Compromise of sensitive data</h4>`
			`<div class="paragraph">`
			`<p>If the affected service is used to store or process personally identifiable`
			`information or other sensitive data, attackers knowing an authentication secret`
			`could be able to access it. Depending on the type of data that is compromised,`
			`it could lead to privacy violations, identity theft, financial loss, or other`
			`negative outcomes.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p>In most cases, a company suffering a sensitive data compromise will face a`
			`reputational loss when the security issue is publicly disclosed.</p>`
			`</div>`
			`</div>`
			`<div class="sect3">`
			`<h4 id="_modification_of_application_data">Modification of application data</h4>`
			`<div class="paragraph">`
			`<p>Applications may rely on data that cannot be distributed with the application`
			`code. This may be due to the size of the data, or because the data is regularly`
			`updated. This data is downloaded by the application as it is needed.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p>If an attacker can gain access to an authentication secret, they may be able to`
			`alter or delete this application data. This may cause parts of the application`
			`to misbehave or stop working. Maliciously altered data could also contain`
			`undesirable content which results in reputational damage.</p>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`<div class="sect1">`
			`<h2 id="_how_to_fix_it">How to fix it</h2>`
			`<div class="sectionbody">`
			`<div class="paragraph">`
			`<p><strong>Revoke the secret</strong></p>`
			`</div>`
			`<div class="paragraph">`
			`<p>Revoke any leaked secrets and remove them from the application source code.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p>Before revoking the secret, ensure that no other applications or processes are`
			`using it. Other usages of the secret will also be impacted when the secret is`
			`revoked.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p><strong>Use a secret vault</strong></p>`
			`</div>`
			`<div class="paragraph">`
			`<p>A secret vault should be used to generate and store the new secret. This`
			`will ensure the secret’s security and prevent any further unexpected disclosure.</p>`
			`</div>`
			`<div class="paragraph">`
			`<p>Depending on the development platform and the leaked secret type, multiple`
			`solutions are currently available.</p>`
			`</div>`
			`<div class="sect2">`
			`<h3 id="_code_examples">Code examples</h3>`
			`<div class="sect3">`
			`<h4 id="_noncompliant_code_example">Noncompliant code example</h4>`
			`<div class="listingblock">`
			`<div class="content">`
			`<pre class="highlight"><code class="language-java" data-lang="java">props.set("linode-token", "eb1429239d3a82b7d7f9dca569012e74e611b0fde840e7f6c9fe1735ac1258ca") // Noncompliant</code></pre>`
			`</div>`
			`</div>`
			`</div>`
			`<div class="sect3">`
			`<h4 id="_compliant_solution">Compliant solution</h4>`
			`<div class="listingblock">`
			`<div class="content">`
			`<pre class="highlight"><code class="language-java" data-lang="java">props.set("linode-token", System.getenv("LINODE_TOKEN"))</code></pre>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`
			`<div class="sect1">`
			`<h2 id="_resources">Resources</h2>`
			`<div class="sectionbody">`
			`<div class="sect2">`
			`<h3 id="_standards">Standards</h3>`
			`<div class="ulist">`
			`<ul>`
			`<li>`
			`<p>OWASP - <a href="https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/">Top 10 2021 Category A7 - Identification and Authentication Failures</a></p>`
			`</li>`
			`<li>`
			`<p>OWASP - <a href="https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure">Top 10 2017 Category A3 - Sensitive Data Exposure</a></p>`
			`</li>`
			`<li>`
			`<p>CWE - <a href="https://cwe.mitre.org/data/definitions/798">CWE-798 - Use of Hard-coded Credentials</a></p>`
			`</li>`
			`<li>`
			`<p>CWE - <a href="https://cwe.mitre.org/data/definitions/259">CWE-259 - Use of Hard-coded Password</a></p>`
			`</li>`
			`<li>`
			`<p>STIG Viewer - <a href="https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222642">Application Security and Development: V-222642</a> - The application must not contain embedded authentication data.</p>`
			`</li>`
			`</ul>`
			`</div>`
			`</div>`
			`</div>`
			`</div>`