rspec/rules/S6705/secrets/rule.adoc

include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

An OpenWeather API key is a unique identifier that allows you to access the 
OpenWeatherMap API. The OpenWeatherMap API provides weather data and forecasts
for various locations worldwide.

If an OpenWeather API key leaks to an unintended audience, it can have several
security consequences. Attackers may use the leaked API key to access the
OpenWeatherMap API and consume the weather data without proper authorization.
This can lead to excessive usage, potentially exceeding the API rate limits, or
violating the terms of service.

Moreover, depending on the pricing model of the corresponding OpenWeather
account, unauthorized usage of the leaked API key can result in unexpected
charges or increased costs. Attackers may consume a large amount of data or make
excessive requests, leading to additional expenses for the API key owner.

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

==== Noncompliant code example

[source,python,diff-id=1,diff-type=noncompliant]
----
url = "http://api.openweathermap.org/data/2.5/weather?units=imperial&appid=ae73acab47d0fc4b71b634d943b00518&q="
----

==== Compliant solution

[source,python,diff-id=1,diff-type=compliant]
----
import os
token = os.environ["OW_TOKEN"]

uri = "http://api.openweathermap.org/data/2.5/weather?units=imperial&appid={token}&q="
----

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

=== Documentation

OpenWeather Documentation - https://openweathermap.org/appid[API keys]

//=== Benchmarks