ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify rule S7007: Update example (#4418)

Browse Source 
While validating this rule, it was found that the noncompliant example
in the RSPEC did not trigger. This is because the detection also looks
for the secret ID, which is missing from the example.

The example has now been updated to include a secret ID and it now
correctly triggers the rule.
This commit is contained in:
Jamie Anderson 2024-10-15 14:04:15 +01:00 committed by GitHub
parent c24b9fb275
commit 82b94b9a0b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
rules/S7007/secrets/rule.adoc
View File

@ -27,11 +27,21 @@ include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
:example_secret: 6YPElC5Wip6ECQcMHwv350RjkgONEMTn
:example_name: tencent.secret-key
:example_env: TENCENT_SECRET_KEY
==== Noncompliant code example
include::../../../shared_content/secrets/examples.adoc[]
[source,java,diff-id=1,diff-type=noncompliant,subs="attributes"]
----
props.set("tencent.secret-id", "AKID6CtdYzpITwVpVj8rPUbVYoh8VexW0WOv");
props.set("tencent.secret-key", "zPdkmi5UUKjqkXgJFsHf6HMOZsxNrgRk"); // Noncompliant
----
==== Compliant solution
[source,java,diff-id=1,diff-type=compliant,subs="attributes"]
----
props.set("tencent.secret-id", System.getenv("TENCENT_SECRET_ID"));
props.set("tencent.secret-key", System.getenv("TENCENT_SECRET_KEY"));
----
//=== How does this work?