d76bab68bd
* Revise the secret rspec template
* Set status=beta for new secrets
* Revert back to old values for example_{secret,name,env} vars
63 lines
1.2 KiB
Plaintext
63 lines
1.2 KiB
Plaintext
This rule template can be used to create rules, which will detect custom secrets
|
|
based on user-defined regular expressions.
|
|
|
|
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
include::../../../shared_content/secrets/impact/generic_impact.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/recent_use.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
:example_secret: ghp_xd8KRQmqM8eGCdegBLeO5AJ4oS0VN3yWXWcw
|
|
:example_name: client_secret
|
|
:example_env: CLIENT_SECRET
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
//=== How does this work?
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
== Resources
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
User-specified secrets should not be disclosed.
|
|
|
|
|
|
=== Parameters
|
|
|
|
.detectionPattern
|
|
****
|
|
_STRING_
|
|
|
|
The regular expression that is used to detect the secrets
|
|
****
|
|
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|