rspec/rules/S6701/secrets/rule.adoc

include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

Telegram bot keys are used to authenticate and authorize a bot to interact with
the Telegram Bot API. These keys are essentially access tokens that allow the
bot to send and receive messages, manage groups and channels, and perform other
actions on behalf of the bot.

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.

include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]

:secret_type: secret


include::../../../shared_content/secrets/impact/phishing.adoc[]

include::../../../shared_content/secrets/impact/malware_distribution.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: 7299363101:AAWJlilLyeMaKgTTrrfsyrtxDqqI-cdI-TF
:example_name: api_token
:example_env: API_TOKEN

include::../../../shared_content/secrets/examples.adoc[]

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

//=== Benchmarks
Create rule S6701: Telegram bot keys should not be disclosed (#2861) 2023-08-11 13:57:33 +00:00			`include::../../../shared_content/secrets/description.adoc[]`

			`== Why is this an issue?`

			`include::../../../shared_content/secrets/rationale.adoc[]`

			`=== What is the potential impact?`

			`Telegram bot keys are used to authenticate and authorize a bot to interact with`
			`the Telegram Bot API. These keys are essentially access tokens that allow the`
			`bot to send and receive messages, manage groups and channels, and perform other`
			`actions on behalf of the bot.`

Create Shared content: Make impacts consistents across messenger secrets (#2950) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> 2023-08-24 14:27:22 +02:00			`Below are some real-world scenarios that illustrate some impacts of an attacker`
			`exploiting the secret.`

			`include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]`

			`:secret_type: secret`


			`include::../../../shared_content/secrets/impact/phishing.adoc[]`

			`include::../../../shared_content/secrets/impact/malware_distribution.adoc[]`
Create rule S6701: Telegram bot keys should not be disclosed (#2861) 2023-08-11 13:57:33 +00:00
			`== How to fix it`

			`include::../../../shared_content/secrets/fix/revoke.adoc[]`

			`include::../../../shared_content/secrets/fix/vault.adoc[]`

			`=== Code examples`

			`:example_secret: 7299363101:AAWJlilLyeMaKgTTrrfsyrtxDqqI-cdI-TF`
			`:example_name: api_token`
			`:example_env: API_TOKEN`

			`include::../../../shared_content/secrets/examples.adoc[]`

			`//=== How does this work?`

			`//=== Pitfalls`

			`//=== Going the extra mile`

			`== Resources`

			`include::../../../shared_content/secrets/resources/standards.adoc[]`

			`//=== Benchmarks`