ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6437/python/rule.adoc
gaetan-ferry-sonarsource 2b814963d3
Modify S6437: Change text to LaYC format (APPSEC-1111) (#3165)
2023-09-29 14:44:00 +02:00

89 lines
2.0 KiB
Plaintext
Raw Blame History

include::../../../shared_content/secrets/description.adoc[]
== Why is this an issue?
include::../../../shared_content/secrets/rationale.adoc[]
=== What is the potential impact?
include::../common/impact/rationale.adoc[]
include::../../../shared_content/secrets/impact/financial_loss.adoc[]
include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
== How to fix it
include::../../../shared_content/secrets/fix/revoke.adoc[]
include::../../../shared_content/secrets/fix/recent_use.adoc[]
include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
include::../common/fix/code-rationale.adoc[]
==== Noncompliant code example
[source,python,diff-id=1,diff-type=noncompliant]
----
from requests_oauthlib.oauth2_session import OAuth2Session
scope = ['https://www.api.example.com/auth/example.data']
oauth = OAuth2Session(
'example_client_id',
redirect_uri='https://callback.example.com/uri',
scope=scope)
token = oauth.fetch_token(
'https://api.example.com/o/oauth2/token',
client_secret='example_Password') # Noncompliant
----
==== Compliant solution
[source,python,diff-id=1,diff-type=compliant]
----
from os import environ
from requests_oauthlib.oauth2_session import OAuth2Session
scope = ['https://www.api.example.com/auth/example.data']
oauth = OAuth2Session(
'example_client_id',
redirect_uri='https://callback.example.com/uri',
scope=scope)
password = environ.get('OAUTH_SECRET')
token = oauth.fetch_token(
'https://api.example.com/o/oauth2/token',
client_secret=password)
----
include::../common/fix/how-it-works.adoc[]
== Resources
include::../common/resources/documentation.adoc[]
include::../common/resources/standards.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Revoke and change this password, as it is compromised.
=== Highlighting
Highlight the credential use and its initialization.
'''
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink