Create rule S6987: Docker swarm tokens should not be disclosed (APPSE…

…C-1800) (#3988)
SonarSource · Jun 27, 2024 · 8ceaab0 · 8ceaab0
1 parent 90f15e5
commit 8ceaab0
Show file tree

Hide file tree

Showing 3 changed files with 128 additions and 0 deletions.
diff --git a/rules/S6987/metadata.json b/rules/S6987/metadata.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/rules/S6987/secrets/metadata.json b/rules/S6987/secrets/metadata.json
@@ -0,0 +1,64 @@
+{
+  "title": "Docker swarm tokens should not be disclosed",
+  "type": "VULNERABILITY",
+  "code": {
+    "impacts": {
+      "SECURITY": "HIGH"
+    },
+    "attribute": "TRUSTWORTHY"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "cwe",
+    "cert"
+  ],
+  "extra": {
+    "replacementRules": [
+
+    ],
+    "legacyKeys": [
+
+    ]
+  },
+  "defaultSeverity": "Blocker",
+  "ruleSpecification": "RSPEC-6290",
+  "sqKey": "S6290",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      798,
+      259
+    ],
+    "OWASP": [
+      "A3"
+    ],
+    "CERT": [
+      "MSC03-J."
+    ],
+    "OWASP Top 10 2021": [
+      "A7"
+    ],
+    "PCI DSS 3.2": [
+      "6.5.10"
+    ],
+    "PCI DSS 4.0": [
+      "6.2.4"
+    ],
+    "ASVS 4.0": [
+      "2.10.4",
+      "3.5.2",
+      "6.4.1"
+    ],
+    "STIG ASD 2023-06-08": [
+      "V-222642"
+    ]
+  },
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "unknown"
+}
diff --git a/rules/S6987/secrets/rule.adoc b/rules/S6987/secrets/rule.adoc
@@ -0,0 +1,62 @@
+include::../../../shared_content/secrets/description.adoc[]
+
+== Why is this an issue?
+
+include::../../../shared_content/secrets/rationale.adoc[]
+
+If an attacker gains access to a Docker swarm token, they might be able to add new workers or managers to the swarm.
+
+=== What is the potential impact?
+
+An attacker with control over a manager or worker node might be able to access sensitive information pushed to those malicious nodes. If the compromised token allows joining a
+manager node to the swarm, this one could compromise other legitimate nodes by pushing
+malicious tasks to them.
+
+include::../../../shared_content/secrets/impact/data_compromise.adoc[]
+
+:service_name: Docker Swarm
+
+include::../../../shared_content/secrets/impact/infrastructure_takeover.adoc[]
+
+
+== How to fix it
+
+include::../../../shared_content/secrets/fix/revoke.adoc[]
+
+include::../../../shared_content/secrets/fix/vault.adoc[]
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,java,diff-id=1,diff-type=noncompliant]
+----
+SwarmJoin swarmJoin = new SwarmJoin();
+
+swarmJoin.getRemoteAddrs().add("103.214.142.16:2377");
+swarmJoin.setJoinToken("SWMTKN-1-0o98pf607edyse6ncy7j3z5tjz5ehz6wdmmlevttk55nkgpyh1-pq3hfd1utmhpjnd5hvom0z6va");
+----
+
+==== Compliant solution
+
+[source,java,diff-id=1,diff-type=compliant]
+----
+SwarmJoin swarmJoin = new SwarmJoin();
+
+swarmJoin.getRemoteAddrs().add("103.214.142.16:2377");
+swarmJoin.setJoinToken(System.getenv("JOIN_TOKEN"));
+----
+
+//=== How does this work?
+
+//=== Pitfalls
+
+//=== Going the extra mile
+
+== Resources
+
+=== Documentation
+
+Docker Documentation - https://docs.docker.com/reference/cli/docker/swarm/join-token/[docker swarm join-token]
+
+include::../../../shared_content/secrets/resources/standards.adoc[]