d76bab68bd
* Revise the secret rspec template
* Set status=beta for new secrets
* Revert back to old values for example_{secret,name,env} vars
120 lines
4.6 KiB
Plaintext
120 lines
4.6 KiB
Plaintext
:example_env: ENV_VAR_NAME
|
|
:example_name: java-property-name
|
|
:example_secret: example_secret_value
|
|
|
|
// Set value that can be used to refer to the type of secret in, for example:
|
|
// "An attacker can use this {secret_type} to ..."
|
|
// Commonly used values: access token, api key, application secret, application key or consumer key, service password, OAuth token, deployment password
|
|
:secret_type: secret
|
|
|
|
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
// Optional: Give a general description of the secret and what it's used for.
|
|
|
|
include::../../../shared_content/secrets/impact/generic_impact.adoc[]
|
|
|
|
// Uncomment the following line, if specifying detailed impacts from below:
|
|
// include::../../../shared_content/secrets/impact/specific_impact_intro.adoc[]
|
|
|
|
// Secret may allow hosting arbitrary files
|
|
// include::../../../shared_content/secrets/impact/malware_distribution.adoc[]
|
|
|
|
// Secret may allow accessing or compromising sensitive data
|
|
// include::../../../shared_content/secrets/impact/data_compromise.adoc[]
|
|
|
|
// Secret may allow uploading artifacts to services used elsewhere in the supply chain
|
|
// This is specific for code and artifact repositories
|
|
// include::../../../shared_content/secrets/impact/supply_chain_attack.adoc[]
|
|
|
|
// Secret may be used to trigger workflows
|
|
// This is webhook-specific
|
|
// include::../../../shared_content/secrets/impact/codeless_vulnerability_chaining.adoc[]
|
|
|
|
// OAuth tokens may allow accessing 3rd party services
|
|
// include::../../../shared_content/secrets/impact/oauth_token_compromise.adoc[]
|
|
|
|
// Mailing service compromise may allow sending spam, which may result in account termination
|
|
// include::../../../shared_content/secrets/impact/suspicious_activities_termination.adoc[]
|
|
|
|
// Sensitive information leak / identity impersonation, e.g., through leaked signing secret
|
|
// include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
|
|
|
|
// Audit trail discrepancies
|
|
// include::../../../shared_content/secrets/impact/non_repudiation.adoc[]
|
|
|
|
// Package repository secrets may allow access to source code etc.
|
|
// include::../../../shared_content/secrets/impact/source_code_compromise.adoc[]
|
|
|
|
// Spamming automated calls may cause large bills and rate limited service access
|
|
// include::../../../shared_content/secrets/impact/exceed_rate_limits.adoc[]
|
|
|
|
// For blockchain specific tokens
|
|
// include::../../../shared_content/secrets/impact/blockchain_data_exposure.adoc[]
|
|
|
|
// Specific for banking / financial transaction tokens, causing financial loss
|
|
// include::../../../shared_content/secrets/impact/banking_financial_loss.adoc[]
|
|
|
|
// Secret can be used to send spam or phish users
|
|
// include::../../../shared_content/secrets/impact/phishing.adoc[]
|
|
|
|
// Secret may allow modifying application data (object stores etc.)
|
|
// include::../../../shared_content/secrets/impact/data_modification.adoc[]
|
|
|
|
// Specific to services that are used to share PII (personal infos, chat logs, ..)
|
|
// include::../../../shared_content/secrets/impact/personal_data_compromise.adoc[]
|
|
|
|
// Secret may allow accessing financial data, like CC information or confidential financial reports
|
|
// include::../../../shared_content/secrets/impact/disclosure_of_financial_data.adoc[]
|
|
|
|
// Secret may allow occurring financial losses through 3rd party API usage
|
|
// include::../../../shared_content/secrets/impact/financial_loss.adoc[]
|
|
|
|
// Secret may be used to modify dashboards to corrupt shown data
|
|
// Requires setting service_name variable
|
|
// :service_name: secret service
|
|
// include::../../../shared_content/secrets/impact/dataviz_takeover.adoc[]
|
|
|
|
// Secret is related to IaaS providers and can be used to change DNS, launch VMs, etc.
|
|
// Requires setting service_name variable
|
|
// :service_name: secret service
|
|
// include::../../../shared_content/secrets/impact/infrastructure_takeover.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
// 1. Revoke leaked secrets
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
// 2. Analyze recent use to identify misuse
|
|
include::../../../shared_content/secrets/fix/recent_use.adoc[]
|
|
|
|
// 3. Use a secret vault in the future
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
// 4. Never hard-code secrets
|
|
include::../../../shared_content/secrets/fix/default.adoc[]
|
|
|
|
// OAuth PKCE is very specific to OAuth 2.0
|
|
// include::../../../shared_content/secrets/fix/oauth_pkce.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
//=== How does this work?
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
== Resources
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
//=== Benchmarks
|