43 lines
984 B
Plaintext
43 lines
984 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
String ip = "192.168.12.42"; // Sensitive
|
|
Socket socket = new Socket(ip, 6667);
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
String ip = System.getenv("IP_ADDRESS"); // Compliant
|
|
Socket socket = new Socket(ip, 6667);
|
|
----
|
|
|
|
include::../exceptions.adoc[]
|
|
|
|
== See
|
|
|
|
* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control
|
|
* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[CERT, MSC03-J.] - Never hard code sensitive information
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|