From a203cccf9ed2695299459c79ee91b22b7bae04be Mon Sep 17 00:00:00 2001 From: Johann Beleites <63855942+johann-beleites-sonarsource@users.noreply.github.com> Date: Tue, 28 Jun 2022 16:58:48 +0200 Subject: [PATCH] Modify rule S6263: Add info about scope of rule and correct upper-case tag to be lower-case. (#1078) * Add info about the scope of the rule and correct the upper-case tag to be lower-case. * Improve grammar and spelling --- rules/S6263/java/message.adoc | 2 +- rules/S6263/java/metadata.json | 4 ++-- rules/S6263/java/rule.adoc | 5 +++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/rules/S6263/java/message.adoc b/rules/S6263/java/message.adoc index b11870c615..2816994333 100644 --- a/rules/S6263/java/message.adoc +++ b/rules/S6263/java/message.adoc @@ -1,4 +1,4 @@ === Message -Make sure using a Long-term access key is safe here. +Make sure using a long-term access key is safe here. diff --git a/rules/S6263/java/metadata.json b/rules/S6263/java/metadata.json index 2558195373..9e99194c50 100644 --- a/rules/S6263/java/metadata.json +++ b/rules/S6263/java/metadata.json @@ -1,5 +1,5 @@ { - "title": "Using Long-term access keys are security-sensitive", + "title": "Using long-term access keys is security-sensitive", "type": "SECURITY_HOTSPOT", "status": "ready", "remediation": { @@ -7,7 +7,7 @@ "constantCost": "1h" }, "tags": [ - "AWS" + "aws" ], "extra": { "replacementRules": [ diff --git a/rules/S6263/java/rule.adoc b/rules/S6263/java/rule.adoc index f74aa71adb..d4cc58a4db 100644 --- a/rules/S6263/java/rule.adoc +++ b/rules/S6263/java/rule.adoc @@ -1,5 +1,6 @@ -In AWS, Long-term access keys will be valid until you manually revoke them. This makes them highly sensitive as any exposure can have serious consequences and should be used with care. +In AWS, long-term access keys will be valid until you manually revoke them. This makes them highly sensitive as any exposure can have serious consequences and should be used with care. +This rule will trigger when encountering an instantiation of `com.amazonaws.auth.BasicAWSCredentials`. == Ask Yourself Whether @@ -8,7 +9,7 @@ In AWS, Long-term access keys will be valid until you manually revoke them. This * The access keys need to be embedded within a mobile application. * Existing identity providers (SAML 2.0, on-premises identity store) already exists. -For more information, see https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#use-roles[Use IAM roles instead of Long-term access keys]. +For more information, see https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#use-roles[Use IAM roles instead of long-term access keys]. There is a risk if you answered yes to any of those questions.