Modify S6698&S6703&S6697: Add a warning against default values (#3121)
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
This commit is contained in:
Loris S
GitHub
parent
44e2e766ed
commit
cf35afd3dd
@ -38,6 +38,8 @@ They can be used to audit malicious use of password-leak-affected accounts.
|
|||||||
|
|
||||||
include::../../../shared_content/secrets/fix/vault.adoc[]
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
||||||
|
|
||||||
|
include::../../../shared_content/secrets/fix/default.adoc[]
|
||||||
|
|
||||||
=== Code examples
|
=== Code examples
|
||||||
|
|
||||||
==== Noncompliant code example
|
==== Noncompliant code example
|
||||||
|
|||||||
@ -39,6 +39,8 @@ for this to happen.
|
|||||||
|
|
||||||
include::../../../shared_content/secrets/fix/vault.adoc[]
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
||||||
|
|
||||||
|
include::../../../shared_content/secrets/fix/default.adoc[]
|
||||||
|
|
||||||
=== Code examples
|
=== Code examples
|
||||||
|
|
||||||
==== Noncompliant code example
|
==== Noncompliant code example
|
||||||
|
|||||||
@ -33,6 +33,8 @@ include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|||||||
|
|
||||||
include::../../../shared_content/secrets/fix/vault.adoc[]
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
||||||
|
|
||||||
|
include::../../../shared_content/secrets/fix/default.adoc[]
|
||||||
|
|
||||||
=== Code examples
|
=== Code examples
|
||||||
|
|
||||||
==== Noncompliant code example
|
==== Noncompliant code example
|
||||||
|
|||||||
16
shared_content/secrets/fix/default.adoc
Normal file
16
shared_content/secrets/fix/default.adoc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
**Never hard-code secrets, not even the default values**
|
||||||
|
|
||||||
|
It is important that you do not hard-code secrets, even default values.
|
||||||
|
|
||||||
|
First, hard-coded default secrets are often short and can be easily compromised
|
||||||
|
even by attackers who do not have access to the code base.
|
||||||
|
|
||||||
|
Second, hard-coded default secrets can cause problems if they need to be
|
||||||
|
changed or replaced.
|
||||||
|
|
||||||
|
And most importantly, there is always the possibility to accidentally set
|
||||||
|
default secrets for production services, which can lead to security
|
||||||
|
vulnerabilities and make production insecure by default.
|
||||||
|
|
||||||
|
To minimize these risks, it is recommended to apply the above strategies, even
|
||||||
|
for the default settings.
|
||||||
Loading…
x
Reference in New Issue
Block a user