rspec/rules/S6722/secrets/rule.adoc

include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

PlanetScale Database passwords are used to authenticate users against the
database engine. They are associated with user accounts that are granted
specific permissions over the database and its hosted data.

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.

include::../../../shared_content/secrets/impact/data_compromise.adoc[]

include::../../../shared_content/secrets/impact/security_downgrade.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/recent_use.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: pscale_pw_hatgoG_EprhgnblWotaJGbeOeFE7q9BwW0_g5ML486D
:example_name: planetscale_password
:example_env: PLANETSCALE_PASSWORD

include::../../../shared_content/secrets/examples.adoc[]

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

//=== Benchmarks
Create rule S6722(secrets): PlanetScale database passwords should not be disclosed (#2947) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6722/secrets) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> 2023-08-29 14:34:32 +02:00			`include::../../../shared_content/secrets/description.adoc[]`

			`== Why is this an issue?`

			`include::../../../shared_content/secrets/rationale.adoc[]`

			`=== What is the potential impact?`

			`PlanetScale Database passwords are used to authenticate users against the`
			`database engine. They are associated with user accounts that are granted`
			`specific permissions over the database and its hosted data.`

			`Below are some real-world scenarios that illustrate some impacts of an attacker`
			`exploiting the secret.`

			`include::../../../shared_content/secrets/impact/data_compromise.adoc[]`

			`include::../../../shared_content/secrets/impact/security_downgrade.adoc[]`

			`== How to fix it`

			`include::../../../shared_content/secrets/fix/revoke.adoc[]`

			`include::../../../shared_content/secrets/fix/recent_use.adoc[]`

			`include::../../../shared_content/secrets/fix/vault.adoc[]`

			`=== Code examples`

			`:example_secret: pscale_pw_hatgoG_EprhgnblWotaJGbeOeFE7q9BwW0_g5ML486D`
			`:example_name: planetscale_password`
			`:example_env: PLANETSCALE_PASSWORD`

			`include::../../../shared_content/secrets/examples.adoc[]`

			`//=== How does this work?`

			`//=== Pitfalls`

			`//=== Going the extra mile`

			`== Resources`

			`include::../../../shared_content/secrets/resources/standards.adoc[]`

			`//=== Benchmarks`