74 lines
1.5 KiB
Plaintext
74 lines
1.5 KiB
Plaintext
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
include::../common/impact/rationale.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/financial_loss.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/recent_use.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
include::../common/fix/code-rationale.adoc[]
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
import org.h2.security.SHA256;
|
|
|
|
String inputString = "s3cr37";
|
|
byte[] key = inputString.getBytes();
|
|
|
|
SHA256.getHMAC(key, message); // Noncompliant
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
import org.h2.security.SHA256;
|
|
|
|
String inputString = System.getenv("SECRET");
|
|
byte[] key = inputString.getBytes();
|
|
|
|
SHA256.getHMAC(key, message); // Noncompliant
|
|
----
|
|
|
|
include::../common/fix/how-it-works.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/documentation.adoc[]
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Revoke and change this password, as it is compromised.
|
|
|
|
=== Highlighting
|
|
|
|
Highlight the credential use and its initialization.
|
|
|
|
'''
|
|
endif::env-github,rspecator-view[]
|