ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6722/secrets/rule.adoc
github-actions[bot] a1e6719485
Create rule S6722(secrets): PlanetScale database passwords should not be disclosed (#2947) 
You can preview this rule
[here](https://sonarsource.github.io/rspec/#/rspec/S6722/secrets)
(updated a few minutes after each push).

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

---------

Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com>
Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com>
2023-08-29 14:34:32 +02:00

47 lines
1.2 KiB
Plaintext
Raw Blame History

include::../../../shared_content/secrets/description.adoc[]
== Why is this an issue?
include::../../../shared_content/secrets/rationale.adoc[]
=== What is the potential impact?
PlanetScale Database passwords are used to authenticate users against the
database engine. They are associated with user accounts that are granted
specific permissions over the database and its hosted data.
Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.
include::../../../shared_content/secrets/impact/data_compromise.adoc[]
include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
== How to fix it
include::../../../shared_content/secrets/fix/revoke.adoc[]
include::../../../shared_content/secrets/fix/recent_use.adoc[]
include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
:example_secret: pscale_pw_hatgoG_EprhgnblWotaJGbeOeFE7q9BwW0_g5ML486D
:example_name: planetscale_password
:example_env: PLANETSCALE_PASSWORD
include::../../../shared_content/secrets/examples.adoc[]
//=== How does this work?
//=== Pitfalls
//=== Going the extra mile
== Resources
include::../../../shared_content/secrets/resources/standards.adoc[]
//=== Benchmarks
Reference in New Issue View Git Blame Copy Permalink