985ef74f45
* Modify S6781(C#): Add alternative message * Apply suggestion --------- Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com>
45 lines
1.2 KiB
Plaintext
45 lines
1.2 KiB
Plaintext
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
include::../impact.adoc[]
|
|
|
|
// How to fix it section
|
|
|
|
include::./how-to-fix/net-core.adoc[]
|
|
|
|
include::./how-to-fix/net-framework.adoc[]
|
|
|
|
== Resources
|
|
|
|
=== Documentation
|
|
|
|
* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytoken?view=msal-web-dotnet-latest[JwtSecurityToken Class Class]
|
|
* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.symmetricsecuritykey?view=dotnet-plat-ext-8.0[SymmetricSecurityKey Class]
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
* When secrets are stored in configuration files:
|
|
** Make sure that JWT secret keys used in production are not stored in source control.
|
|
* Other cases:
|
|
** JWT secret keys should not be disclosed.
|
|
|
|
=== Highlight
|
|
|
|
The call to create a new instance of `SymmetricSecurityKey`.
|
|
|
|
'''
|
|
endif::env-github,rspecator-view[]
|