rspec/rules/S6784/secrets/rule.adoc

This rule template can be used to create rules, which will detect custom secrets
based on user-defined regular expressions.

include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

The consequences vary greatly depending on the situation and the secret-exposed
audience. Still, two main scenarios should be considered.

include::../../../shared_content/secrets/impact/financial_loss.adoc[]

include::../../../shared_content/secrets/impact/security_downgrade.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/recent_use.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: ghp_xd8KRQmqM8eGCdegBLeO5AJ4oS0VN3yWXWcw
:example_name: client_secret
:example_env: CLIENT_SECRET

include::../../../shared_content/secrets/examples.adoc[]

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

User-specified secrets should not be disclosed.


=== Parameters

.detectionPattern
****
_STRING_

The regular expression that is used to detect the secrets
****


endif::env-github,rspecator-view[]
Create rule S6784 (#3154) 2023-09-29 10:11:04 +02:00			`This rule template can be used to create rules, which will detect custom secrets`
			`based on user-defined regular expressions.`

			`include::../../../shared_content/secrets/description.adoc[]`

			`== Why is this an issue?`

			`include::../../../shared_content/secrets/rationale.adoc[]`

			`=== What is the potential impact?`

			`The consequences vary greatly depending on the situation and the secret-exposed`
			`audience. Still, two main scenarios should be considered.`

			`include::../../../shared_content/secrets/impact/financial_loss.adoc[]`

			`include::../../../shared_content/secrets/impact/security_downgrade.adoc[]`

			`== How to fix it`

			`include::../../../shared_content/secrets/fix/revoke.adoc[]`

			`include::../../../shared_content/secrets/fix/recent_use.adoc[]`

			`include::../../../shared_content/secrets/fix/vault.adoc[]`

			`=== Code examples`

			`:example_secret: ghp_xd8KRQmqM8eGCdegBLeO5AJ4oS0VN3yWXWcw`
			`:example_name: client_secret`
			`:example_env: CLIENT_SECRET`

			`include::../../../shared_content/secrets/examples.adoc[]`

			`//=== How does this work?`

			`//=== Pitfalls`

			`//=== Going the extra mile`

			`== Resources`

			`include::../../../shared_content/secrets/resources/standards.adoc[]`

			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`=== Message`

			`User-specified secrets should not be disclosed.`


			`=== Parameters`

			`.detectionPattern`
			`****`
			`_STRING_`

			`The regular expression that is used to detect the secrets`
			`****`



			`endif::env-github,rspecator-view[]`