rspec/rules/S6688/secrets/rule.adoc

include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

A Facebook application secret key is a unique authentication token assigned to
a Facebook application. It is used to authenticate and authorize the
application to access Facebook's APIs and services, such as:

* retrieving user data
* posting on behalf of users
* accessing various Facebook features

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.

include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]

:secret_type: secret


include::../../../shared_content/secrets/impact/phishing.adoc[]

include::../../../shared_content/secrets/impact/malware_distribution.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: a569a8eee3802560e1416edbc4ee119d
:example_name: facebook_secret
:example_env: FACEBOOK_SECRET

include::../../../shared_content/secrets/examples.adoc[]

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

=== Documentation

* Facebook documentation - https://developers.facebook.com/docs/facebook-login/security[Login Security]

//=== Benchmarks
Create rule S6688: Facebook app keys should not be disclosed (#2835) 2023-08-10 11:13:46 +02:00			`include::../../../shared_content/secrets/description.adoc[]`

			`== Why is this an issue?`

			`include::../../../shared_content/secrets/rationale.adoc[]`

			`=== What is the potential impact?`

Create Shared content: Make impacts consistents across messenger secrets (#2950) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com> 2023-08-24 14:27:22 +02:00			`A Facebook application secret key is a unique authentication token assigned to`
			`a Facebook application. It is used to authenticate and authorize the`
			`application to access Facebook's APIs and services, such as:`

			`* retrieving user data`
			`* posting on behalf of users`
			`* accessing various Facebook features`

			`Below are some real-world scenarios that illustrate some impacts of an attacker`
			`exploiting the secret.`

			`include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]`

			`:secret_type: secret`


			`include::../../../shared_content/secrets/impact/phishing.adoc[]`

			`include::../../../shared_content/secrets/impact/malware_distribution.adoc[]`
Create rule S6688: Facebook app keys should not be disclosed (#2835) 2023-08-10 11:13:46 +02:00
			`== How to fix it`

			`include::../../../shared_content/secrets/fix/revoke.adoc[]`

			`include::../../../shared_content/secrets/fix/vault.adoc[]`

			`=== Code examples`

			`:example_secret: a569a8eee3802560e1416edbc4ee119d`
			`:example_name: facebook_secret`
			`:example_env: FACEBOOK_SECRET`

			`include::../../../shared_content/secrets/examples.adoc[]`

			`//=== How does this work?`

			`//=== Pitfalls`

			`//=== Going the extra mile`

			`== Resources`

			`include::../../../shared_content/secrets/resources/standards.adoc[]`

			`=== Documentation`

			`* Facebook documentation - https://developers.facebook.com/docs/facebook-login/security[Login Security]`

			`//=== Benchmarks`