54 lines
1.6 KiB
Plaintext
54 lines
1.6 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
String ip = "192.168.12.42"; // Sensitive
|
|
Socket socket = new Socket(ip, 6667);
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,java]
|
|
----
|
|
String ip = System.getenv("IP_ADDRESS"); // Compliant
|
|
Socket socket = new Socket(ip, 6667);
|
|
----
|
|
|
|
== Exceptions
|
|
|
|
No issue is reported for the following cases because they are not considered sensitive:
|
|
|
|
* Loopback addresses 127.0.0.0/8 in CIDR notation (from 127.0.0.0 to 127.255.255.255)
|
|
* Broadcast address 255.255.255.255
|
|
* Non-routable address 0.0.0.0
|
|
* Strings of the form ``++2.5.<number>.<number>++`` as they http://www.oid-info.com/introduction.htm[often match Object Identifiers] (OID)
|
|
* Addresses in the ranges 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24, reserved for documentation purposes by https://datatracker.ietf.org/doc/html/rfc5737[RFC 5737]
|
|
* Addresses in the range 2001:db8::/32, reserved for documentation purposes by https://datatracker.ietf.org/doc/html/rfc3849[RFC 3849]
|
|
|
|
== See
|
|
|
|
* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]
|
|
* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
|
|
* https://wiki.sei.cmu.edu/confluence/x/OjdGBQ[CERT, MSC03-J.] - Never hard code sensitive information
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|