77 lines
1.6 KiB
Plaintext
77 lines
1.6 KiB
Plaintext
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
include::../common/impact/rationale.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/financial_loss.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/recent_use.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
include::../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,php,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
use Defuse\Crypto\KeyOrPassword;
|
|
|
|
function createKey() {
|
|
$password = "3xAmpl3"; // Noncompliant
|
|
return KeyOrPassword::createFromPassword($password);
|
|
}
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,php,diff-id=1,diff-type=compliant]
|
|
----
|
|
use Defuse\Crypto\KeyOrPassword;
|
|
|
|
function createKey() {
|
|
$password = $_ENV["SECRET"]
|
|
return KeyOrPassword::createFromPassword($password);
|
|
}
|
|
----
|
|
|
|
include::../common/fix/how-it-works.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/documentation.adoc[]
|
|
|
|
* Symfony - https://symfony.com/doc/current/configuration/secrets.html[How to
|
|
Keep Sensitive Information Secret]
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Revoke and change this password, as it is compromised.
|
|
|
|
=== Highlighting
|
|
|
|
Highlight the credential use and its initialization.
|
|
|
|
'''
|
|
endif::env-github,rspecator-view[]
|