ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create rule S7176

Browse Source
This commit is contained in:
jamie-anderson-sonarsource 2025-01-07 17:44:27 +00:00
parent dff46bdcfd
commit 0c2b4ee07f
3 changed files with 108 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/S7176/metadata.json Normal file
View File

@ -0,0 +1,2 @@
{
}

56
rules/S7176/secrets/metadata.json Normal file
View File

@ -0,0 +1,56 @@
{
"title": "SECRET_TYPE should not be disclosed",
"type": "VULNERABILITY",
"code": {
"impacts": {
"SECURITY": "HIGH"
},
"attribute": "TRUSTWORTHY"
},
"status": "ready",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "30min"
},
"tags": [
"cwe",
"cert"
],
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-7176",
"sqKey": "S7176",
"scope": "All",
"securityStandards": {
"CWE": [
798,
259
],
"OWASP": [
"A3"
],
"CERT": [
"MSC03-J."
],
"OWASP Top 10 2021": [
"A7"
],
"PCI DSS 3.2": [
"6.5.10"
],
"PCI DSS 4.0": [
"6.2.4"
],
"ASVS 4.0": [
"2.10.4",
"3.5.2",
"6.4.1"
],
"STIG ASD_V5R3": [
"V-222642"
]
},
"defaultQualityProfiles": [
"Sonar way"
],
"quickfix": "unknown"
}

50
rules/S7176/secrets/rule.adoc Normal file
View File

@ -0,0 +1,50 @@
include::../../../shared_content/secrets/description.adoc[]
== Why is this an issue?
include::../../../shared_content/secrets/rationale.adoc[]
=== What is the potential impact?
// Optional: Give a general description of the secret and what it's used for.
Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.
// Set value that can be used to refer to the type of secret in, for example:
// "An attacker can use this {secret_type} to ..."
:secret_type: secret
// Where possible, use predefined content for common impacts. This content can
// be found in the folder "shared_content/secrets/impact".
// When using predefined content, search for any required variables to be set and include them in this file.
// Not adding them will not trigger warnings.
//include::../../../shared_content/secrets/impact/some_impact.adoc[]
== How to fix it
include::../../../shared_content/secrets/fix/revoke.adoc[]
include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
:example_secret: example_secret_value
:example_name: java-property-name
:example_env: ENV_VAR_NAME
include::../../../shared_content/secrets/examples.adoc[]
//=== How does this work?
//=== Pitfalls
//=== Going the extra mile
== Resources
include::../../../shared_content/secrets/resources/standards.adoc[]
//=== Benchmarks