rspec/rules/S6418/php/rule.adoc

:detections: variables/fields
:defaultsensibility: 5

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

[source,php,diff-id=1,diff-type=noncompliant]
----
$secret = '47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37';
MyClass->callMyService($secret);
----

== Compliant Solution

Using https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php/example_code/secretsmanager[AWS Secrets Manager]:

[source,php,diff-id=1,diff-type=compliant]
----
use Aws\SecretsManager\SecretsManagerClient;
use Aws\Exception\AwsException;
$client = new SecretsManagerClient(...);
$secretName = 'example';
doSomething($client, $secretName)
function doSomething($client, $secretName) {
    try {
        $result = $client->getSecretValue([
            'SecretId' => $secretName,
        ]);
    } catch (AwsException $e) {
    ...
    }
    if (isset($result['SecretString'])) {
        $secret = $result['SecretString'];
    } else {
        $secret = base64_decode($result['SecretBinary']);
    }
    // do something with the secret
    MyClass->callMyService($secret);
}
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../parameters.adoc[]

'''
endif::env-github,rspecator-view[]
S6418/php: fix typo in variable name (#4665) `description.adoc` is using `detections` and not `detectons` as a variable: ``` This rule detects {detections} having a name matching a list of words (secret, token, credential, auth, api[_.-]?key) being assigned a pseudorandom hard-coded value. ``` This PR makes the value rendered correctly on https://sonarsource.github.io/rspec/#/rspec/S6418/php 2025-02-17 09:52:55 +01:00			`:detections: variables/fields`
Create rule S6418 (#4470) * Add csharp to rule S6418 * initial commit * update wording to be about c# * revert greg's change * Update Default detections/sensitivity --------- Co-authored-by: alex-meseldzija-sonarsource <alex-meseldzija-sonarsource@users.noreply.github.com> Co-authored-by: Alex Meseldzija <alexander.meseldzija@sonarsource.com> Co-authored-by: Gregory Paidis <115458417+gregory-paidis-sonarsource@users.noreply.github.com> 2024-11-05 18:07:55 +00:00			`:defaultsensibility: 5`

Create rule S6418 add PHP (#4447) 2024-10-29 10:41:43 +01:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`[source,php,diff-id=1,diff-type=noncompliant]`
			`----`
			`$secret = '47828a8dd77ee1eb9dde2d5e93cb221ce8c32b37';`
			`MyClass->callMyService($secret);`
			`----`

			`== Compliant Solution`

			`Using https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/php/example_code/secretsmanager[AWS Secrets Manager]:`

			`[source,php,diff-id=1,diff-type=compliant]`
			`----`
			`use Aws\SecretsManager\SecretsManagerClient;`
			`use Aws\Exception\AwsException;`
			`$client = new SecretsManagerClient(...);`
			`$secretName = 'example';`
			`doSomething($client, $secretName)`
			`function doSomething($client, $secretName) {`
			`try {`
			`$result = $client->getSecretValue([`
			`'SecretId' => $secretName,`
			`]);`
			`} catch (AwsException $e) {`
			`...`
			`}`
			`if (isset($result['SecretString'])) {`
			`$secret = $result['SecretString'];`
			`} else {`
			`$secret = base64_decode($result['SecretBinary']);`
			`}`
			`// do something with the secret`
			`MyClass->callMyService($secret);`
			`}`
			`----`

			`include::../see.adoc[]`

			`ifdef::env-github,rspecator-view[]`
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`include::../parameters.adoc[]`

			`'''`
			`endif::env-github,rspecator-view[]`