ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6736/secrets/rule.adoc
github-actions[bot] 62c5e35e40
Create rule S6736(secrets): AMQP Credentials should not be disclosed (#2985) 
You can preview this rule
[here](https://sonarsource.github.io/rspec/#/rspec/S6736/secrets)
(updated a few minutes after each push).

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: daniel-teuchert-sonarsource <daniel-teuchert-sonarsource@users.noreply.github.com>
Co-authored-by: Daniel Teuchert <daniel.teuchert@sonarsource.com>
Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
2023-08-31 10:23:54 +02:00

47 lines
1.1 KiB
Plaintext
Raw Permalink Blame History

include::../../../shared_content/secrets/description.adoc[]
== Why is this an issue?
include::../../../shared_content/secrets/rationale.adoc[]
=== What is the potential impact?
AMQP URLs containing credentials allow publishing and consuming messages from the queue.
Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the credentials.
:secret_type: credentials
include::../../../shared_content/secrets/impact/data_compromise.adoc[]
include::../../../shared_content/secrets/impact/malware_distribution.adoc[]
== How to fix it
include::../../../shared_content/secrets/fix/revoke.adoc[]
include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
:example_secret: amqps://admin:password@example.com:8080/example
:example_name: amqp-url
:example_env: amqps://"+System.getenv("AMQP_CREDENTIALS")+"@example.com:8080/example
include::../../../shared_content/secrets/examples.adoc[]
//=== How does this work?
//=== Pitfalls
//=== Going the extra mile
== Resources
include::../../../shared_content/secrets/resources/standards.adoc[]
//=== Benchmarks
Reference in New Issue View Git Blame Copy Permalink