5f72418577
* Add csharp to rule S6781 * Update RSPEC for .NET * Address review comments * Apply suggestions from code review * Apply suggestions from code review --------- Co-authored-by: sebastien-andrivet-sonarsource <sebastien-andrivet-sonarsource@users.noreply.github.com> Co-authored-by: sebastien-andrivet-sonarsource <sebastien.andrivet@sonarsource.com> Co-authored-by: Jamie Anderson <jamie.anderson@sonarsource.com> Co-authored-by: Loris S <91723853+loris-s-sonarsource@users.noreply.github.com>
42 lines
1.0 KiB
Plaintext
42 lines
1.0 KiB
Plaintext
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
include::../impact.adoc[]
|
|
|
|
// How to fix it section
|
|
|
|
include::./how-to-fix/net-core.adoc[]
|
|
|
|
include::./how-to-fix/net-framework.adoc[]
|
|
|
|
== Resources
|
|
|
|
=== Documentation
|
|
|
|
* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.jwt.jwtsecuritytoken?view=msal-web-dotnet-latest[JwtSecurityToken Class Class]
|
|
* Microsoft Learn - https://learn.microsoft.com/en-us/dotnet/api/system.identitymodel.tokens.symmetricsecuritykey?view=dotnet-plat-ext-8.0[SymmetricSecurityKey Class]
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
JWT secret keys should not be disclosed.
|
|
|
|
=== Highlight
|
|
|
|
The call to create a new instance of `SymmetricSecurityKey`.
|
|
|
|
'''
|
|
endif::env-github,rspecator-view[]
|