rspec/rules/S6781/python/rule.adoc

include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/flask.adoc[]

include::how-to-fix-it/python-jose.adoc[]

include::how-to-fix-it/pyjwt.adoc[]

include::how-to-fix-it/django.adoc[]

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

=== Documentation

* Flask JWT documentation - https://flask-jwt-extended.readthedocs.io/en/stable/options.html#jwt-secret-key[Config - JWT_SECRET_KEY]
* Python-Jose documentation - https://python-jose.readthedocs.io/en/latest/jwt/index.html[JSON Web Token]
* PyJWT documentation - https://pyjwt.readthedocs.io/en/stable/api.html[API Reference]
* Simple JWT documentation - https://django-rest-framework-simplejwt.readthedocs.io/en/latest/settings.html#signing-key[SIGNING_KEY]

//=== Benchmarks
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00			`include::../../../shared_content/secrets/description.adoc[]`

			`== Why is this an issue?`

			`include::../../../shared_content/secrets/rationale.adoc[]`

			`=== What is the potential impact?`

Create rule S6781: JWT secret keys should not be disclosed (#3838) * Add csharp to rule S6781 * Update RSPEC for .NET * Address review comments * Apply suggestions from code review * Apply suggestions from code review --------- Co-authored-by: sebastien-andrivet-sonarsource <sebastien-andrivet-sonarsource@users.noreply.github.com> Co-authored-by: sebastien-andrivet-sonarsource <sebastien.andrivet@sonarsource.com> Co-authored-by: Jamie Anderson <jamie.anderson@sonarsource.com> Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com> 2024-04-03 17:33:30 +01:00			`include::../impact.adoc[]`
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00
Modify rule S6781: Adjustments for Python (APPSEC-1693) (#3728) * Update S6781 for JWT hardcoded secrets 2024-03-08 09:08:14 +01:00			`// How to fix it section`
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00
Modify rule S6781: Adjustments for Python (APPSEC-1693) (#3728) * Update S6781 for JWT hardcoded secrets 2024-03-08 09:08:14 +01:00			`include::how-to-fix-it/flask.adoc[]`
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00
Modify rule S6781: Adjustments for Python (APPSEC-1693) (#3728) * Update S6781 for JWT hardcoded secrets 2024-03-08 09:08:14 +01:00			`include::how-to-fix-it/python-jose.adoc[]`
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00
Modify rule S6781: Adjustments for Python (APPSEC-1693) (#3728) * Update S6781 for JWT hardcoded secrets 2024-03-08 09:08:14 +01:00			`include::how-to-fix-it/pyjwt.adoc[]`
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00
Modify rule S6781: Adjustments for Python (APPSEC-1693) (#3728) * Update S6781 for JWT hardcoded secrets 2024-03-08 09:08:14 +01:00			`include::how-to-fix-it/django.adoc[]`
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00
			`== Resources`

			`include::../../../shared_content/secrets/resources/standards.adoc[]`

			`=== Documentation`

			`* Flask JWT documentation - https://flask-jwt-extended.readthedocs.io/en/stable/options.html#jwt-secret-key[Config - JWT_SECRET_KEY]`
Modify rule S6781: Adjustments for Python (APPSEC-1693) (#3728) * Update S6781 for JWT hardcoded secrets 2024-03-08 09:08:14 +01:00			`* Python-Jose documentation - https://python-jose.readthedocs.io/en/latest/jwt/index.html[JSON Web Token]`
			`* PyJWT documentation - https://pyjwt.readthedocs.io/en/stable/api.html[API Reference]`
			`* Simple JWT documentation - https://django-rest-framework-simplejwt.readthedocs.io/en/latest/settings.html#signing-key[SIGNING_KEY]`
Create rule S6781: JWT secret keys should not be disclosed (#3101) 2023-09-25 12:31:17 +02:00
			`//=== Benchmarks`