c61e87ceda
* Create rule S6988 * Add initial rule content * Generalize content and move it to a shared location. --------- Co-authored-by: jamie-anderson-sonarsource <jamie-anderson-sonarsource@users.noreply.github.com> Co-authored-by: Jamie Anderson <jamie.anderson@sonarsource.com>
46 lines
1.1 KiB
Plaintext
46 lines
1.1 KiB
Plaintext
|
|
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
MapBox secret access tokens are used to authenticate MapBox API calls. Each
|
|
token is assigned one or more scopes that determine which API calls can be made
|
|
using that token.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the access token.
|
|
|
|
include::../../../shared_content/secrets/impact/data_modification.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/non_repudiation.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
:example_secret: sk.eyJ1IjoiZXhhbXBsZSIsImEiOiJFeEFtUGxFIn0.IsnG4xwWhubMpVzDrQfFWg
|
|
:example_name: mapbox.access-token
|
|
:example_env: MAPBOX_ACCESS_TOKEN
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
//=== How does this work?
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
== Resources
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
//=== Benchmarks
|