23fc89f4e5
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
55 lines
1.4 KiB
Plaintext
55 lines
1.4 KiB
Plaintext
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
If your application interacts with Amazon MWS then it requires credentials to
|
|
access all the resources it needs to function properly. +
|
|
The credentials authenticate to a seller account which can have access to
|
|
resources like products, orders, price or shipment information.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the secret.
|
|
|
|
:secret_type: secret
|
|
|
|
include::../../../shared_content/secrets/impact/banking_financial_loss.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/phishing.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/malware_distribution.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/suspicious_activities_termination.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
Only administrators should have access to the MWS credentials used by your
|
|
application.
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
:example_secret: amzn.mws.3b8be74a-5f63-5770-5bad-19bd40c0ac65
|
|
:example_name: mws-key
|
|
:example_env: MWS_KEY
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
//=== How does this work?
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
== Resources
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
//=== Benchmarks
|