diff --git a/rules/S7171/secrets/metadata.json b/rules/S7171/secrets/metadata.json index cf49c766fbf..5ce74ebf50c 100644 --- a/rules/S7171/secrets/metadata.json +++ b/rules/S7171/secrets/metadata.json @@ -1,5 +1,5 @@ { - "title": "SECRET_TYPE should not be disclosed", + "title": "Mailgun SMTP credentials should not be disclosed", "type": "VULNERABILITY", "code": { "impacts": { diff --git a/rules/S7171/secrets/rule.adoc b/rules/S7171/secrets/rule.adoc index 28f3a64def8..ec22ee6631c 100644 --- a/rules/S7171/secrets/rule.adoc +++ b/rules/S7171/secrets/rule.adoc @@ -14,14 +14,20 @@ exploiting the secret. // Set value that can be used to refer to the type of secret in, for example: // "An attacker can use this {secret_type} to ..." -:secret_type: secret +:secret_type: credentials // Where possible, use predefined content for common impacts. This content can // be found in the folder "shared_content/secrets/impact". // When using predefined content, search for any required variables to be set and include them in this file. // Not adding them will not trigger warnings. -//include::../../../shared_content/secrets/impact/some_impact.adoc[] +include::../../../shared_content/secrets/impact/phishing.adoc[] + +include::../../../shared_content/secrets/impact/exceed_rate_limits.adoc[] + +include::../../../shared_content/secrets/impact/suspicious_activities_termination.adoc[] + + == How to fix it @@ -31,9 +37,9 @@ include::../../../shared_content/secrets/fix/vault.adoc[] === Code examples -:example_secret: example_secret_value -:example_name: java-property-name -:example_env: ENV_VAR_NAME +:example_secret: aae73f3aa79607cabffe7cd69e37e478-058ba5af-d1a3a279 +:example_name: mailgun.smtp.password +:example_env: MAILGUN_SMTP_PASSWORD include::../../../shared_content/secrets/examples.adoc[]