rspec/rules/S2068/cobol/comments-and-links.adoc

=== on 23 Oct 2015, 18:35:38 Ann Campbell wrote:
FYI [~pierre-yves.nicolas]: COBOL subtask for RSPEC-2068 Credentials should not be hard-coded

=== on 26 Oct 2015, 12:47:30 Pierre-Yves Nicolas wrote:
\[~ann.campbell.2] What should we check here? Should we look for look for a more or less hardcoded password used in a database connection? I think that for other languages, we took a different approach: we look for variables which name contains "password" and which are assigned a hardcoded value.


=== on 26 Oct 2015, 13:28:15 Ann Campbell wrote:
\[~pierre-yves.nicolas] check out the Java code samples (RSPEC-2069), they parallel these quite closely. I.e. hard-coded strings used in the "password" position in a connection

=== on 26 Oct 2015, 13:42:44 Pierre-Yves Nicolas wrote:
\[~ann.campbell.2] OK, but I think that the current implementation of the Java rule would not catch the case mentioned in the example if the variable name was "pwd" instead of "password".

include::../comments-and-links.adoc[]
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 23 Oct 2015, 18:35:38 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`FYI [~pierre-yves.nicolas]: COBOL subtask for RSPEC-2068 Credentials should not be hard-coded`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 26 Oct 2015, 12:47:30 Pierre-Yves Nicolas wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~ann.campbell.2] What should we check here? Should we look for look for a more or less hardcoded password used in a database connection? I think that for other languages, we took a different approach: we look for variables which name contains "password" and which are assigned a hardcoded value.`



Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 26 Oct 2015, 13:28:15 Ann Campbell wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~pierre-yves.nicolas] check out the Java code samples (RSPEC-2069), they parallel these quite closely. I.e. hard-coded strings used in the "password" position in a connection`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`=== on 26 Oct 2015, 13:42:44 Pierre-Yves Nicolas wrote:`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`\[~ann.campbell.2] OK, but I think that the current implementation of the Java rule would not catch the case mentioned in the example if the variable name was "pwd" instead of "password".`

			`include::../comments-and-links.adoc[]`