ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6695/secrets/rule.adoc
Loris S 1f304e54ca
Create Shared content: Make impacts consistents across messenger secrets (#2950) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: daniel-teuchert-sonarsource <141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
2023-08-24 14:27:22 +02:00

59 lines
1.6 KiB
Plaintext
Raw Blame History

include::../../../shared_content/secrets/description.adoc[]
== Why is this an issue?
include::../../../shared_content/secrets/rationale.adoc[]
=== What is the potential impact?
WeChat application keys are used for authentication and authorization purposes
when integrating third-party applications with the WeChat platform.
Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.
include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]
:secret_type: secret
include::../../../shared_content/secrets/impact/phishing.adoc[]
include::../../../shared_content/secrets/impact/malware_distribution.adoc[]
==== WeChat exploitation
Furthermore, the leaked app key could enable unauthorized parties to manipulate
or disrupt the functionality of the WeChat app. They could tamper with app
settings, inject malicious code, or even take control of the app's user base.
Such actions could result in a loss of user trust, service disruptions, and
reputational damage for both the app developer and the WeChat platform.
== How to fix it
include::../../../shared_content/secrets/fix/revoke.adoc[]
include::../../../shared_content/secrets/fix/recent_use.adoc[]
include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
:example_secret: 40b6b70508b47cbfb4ee39feb617a05a
:example_name: secret_key
:example_env: SECRET_KEY
include::../../../shared_content/secrets/examples.adoc[]
//=== How does this work?
//=== Pitfalls
//=== Going the extra mile
== Resources
include::../../../shared_content/secrets/resources/standards.adoc[]
//=== Benchmarks
Reference in New Issue View Git Blame Copy Permalink