cb5723187a
* Create rule S7145 * Add skeleton * added first version --------- Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> Co-authored-by: Loris S. <91723853+loris-s-sonarsource@users.noreply.github.com>
43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
|
|
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
LaunchDarkly API access tokens are used to authenticate with the LaunchDarkly
|
|
REST API. It provides full access to all resources in the account, including
|
|
projects, environments, feature flags, and user data.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the secret.
|
|
|
|
:secret_type: API token
|
|
|
|
include::../../../shared_content/secrets/impact/financial_loss.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/source_code_compromise.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/infrastructure_takeover.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
:example_secret: api-b70dc288-ac6b-4bef-a18d-b988f4d79aca
|
|
:example_name: launchdarkly-api-token
|
|
:example_env: LAUNCHDARKLY_API_TOKEN
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|