2024-06-26 09:52:29 +01:00
|
|
|
|
|
|
|
|
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
|
|
|
|
|
|
== Why is this an issue?
|
|
|
|
|
|
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
|
|
|
|
|
|
=== What is the potential impact?
|
|
|
|
|
|
|
|
|
|
// Optional: Give a general description of the secret and what it's used for.
|
|
|
|
|
|
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
|
|
|
exploiting the secret.
|
|
|
|
|
|
|
|
|
|
// Set value that can be used to refer to the type of secret in, for example:
|
|
|
|
|
// "An attacker can use this {secret_type} to ..."
|
|
|
|
|
:secret_type: secret
|
|
|
|
|
|
|
|
|
|
// Where possible, use predefined content for common impacts. This content can
|
|
|
|
|
// be found in the folder "shared_content/secrets/impact".
|
2024-07-09 11:39:30 +02:00
|
|
|
// When using predefined content, search for any required variables to be set and include them in this file.
|
|
|
|
|
// Not adding them will not trigger warnings.
|
2024-06-26 09:52:29 +01:00
|
|
|
|
|
|
|
|
//include::../../../shared_content/secrets/impact/some_impact.adoc[]
|
|
|
|
|
|
|
|
|
|
== How to fix it
|
|
|
|
|
|
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
|
|
|
|
|
|
=== Code examples
|
|
|
|
|
|
|
|
|
|
:example_secret: example_secret_value
|
|
|
|
|
:example_name: java-property-name
|
|
|
|
|
:example_env: ENV_VAR_NAME
|
|
|
|
|
|
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
|
|
|
|
|
|
//=== How does this work?
|
|
|
|
|
|
|
|
|
|
//=== Pitfalls
|
|
|
|
|
|
|
|
|
|
//=== Going the extra mile
|
|
|
|
|
|
|
|
|
|
== Resources
|
|
|
|
|
|
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
|
|
|
|
|
|
//=== Benchmarks
|
