ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6700/secrets/rule.adoc
Egon Okerman fbef2e2b77
Modify rule S6700: Fix broken link (#3212) 
## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
2023-10-06 14:29:49 +02:00

56 lines
1.8 KiB
Plaintext
Raw Blame History

include::../../../shared_content/secrets/description.adoc[]
== Why is this an issue?
include::../../../shared_content/secrets/rationale.adoc[]
=== What is the potential impact?
A RapidAPI key is a unique identifier that allows you to access and use APIs
provided by RapidAPI. This key is used to track your API usage, manage your
subscriptions, and ensure that you have the necessary permissions to access the
APIs you are using. One RapidAPI key can be used to authenticate against a set
of multiple other third-party services, depending on the key entitlement.
If a RapidAPI key leaks to an unintended audience, it can have several potential
consequences. Especially, attackers may use the leaked key to access and utilize
the APIs associated with that key without permission. This can result in
unauthorized usage of API services, potentially leading to misuse, abuse, or
excessive consumption of resources.
== How to fix it
include::../../../shared_content/secrets/fix/revoke.adoc[]
include::../../../shared_content/secrets/fix/recent_use.adoc[]
RapidAPI services include an audit trail feature that can be used to audit
malicious use of the compromised key.
include::../../../shared_content/secrets/fix/vault.adoc[]
=== Code examples
:example_secret: 6f1bbe24b9mshcbb5030202794a4p18f7d0jsndd55ab0f981d
:example_name: rapidapi_key
:example_env: rapidapi_key
include::../../../shared_content/secrets/examples.adoc[]
//=== How does this work?
//=== Pitfalls
//=== Going the extra mile
== Resources
include::../../../shared_content/secrets/resources/standards.adoc[]
=== Documentation
* RapidAPI Documentation - https://docs.rapidapi.com/docs/keys-and-key-rotation#creating-or-rotating-a-rapid-api-key[Creating or rotating a Rapid API key]
* RapidAPI Documentation - https://docs.rapidapi.com/docs/org-audit-trails[Audit Trails]
//=== Benchmarks
Reference in New Issue View Git Blame Copy Permalink