From d798132b2d376114a949e83456c07a495bba1b96 Mon Sep 17 00:00:00 2001 From: sebastien-andrivet-sonarsource Date: Fri, 8 Sep 2023 14:27:25 +0200 Subject: [PATCH] Update rule description --- rules/S6753/metadata.json | 3 +- rules/S6753/secrets/metadata.json | 61 +++++++++++++++++++++++-------- rules/S6753/secrets/rule.adoc | 54 ++++++++++++++------------- 3 files changed, 76 insertions(+), 42 deletions(-) diff --git a/rules/S6753/metadata.json b/rules/S6753/metadata.json index 2c63c085104..0967ef424bc 100644 --- a/rules/S6753/metadata.json +++ b/rules/S6753/metadata.json @@ -1,2 +1 @@ -{ -} +{} diff --git a/rules/S6753/secrets/metadata.json b/rules/S6753/secrets/metadata.json index db24babc94d..b45c5250eeb 100644 --- a/rules/S6753/secrets/metadata.json +++ b/rules/S6753/secrets/metadata.json @@ -1,25 +1,56 @@ { - "title": "FIXME", - "type": "CODE_SMELL", + "title": "Zuplo API keys should not be disclosed", + "type": "VULNERABILITY", + "code": { + "impacts": { + "SECURITY": "HIGH" + }, + "attribute": "TRUSTWORTHY" + }, "status": "ready", "remediation": { "func": "Constant\/Issue", - "constantCost": "5min" + "constantCost": "30min" }, "tags": [ + "cwe", + "cert" ], - "defaultSeverity": "Major", + "extra": { + "replacementRules": [] + }, + "defaultSeverity": "Blocker", "ruleSpecification": "RSPEC-6753", "sqKey": "S6753", "scope": "All", - "defaultQualityProfiles": ["Sonar way"], - "quickfix": "unknown", - "code": { - "impacts": { - "MAINTAINABILITY": "HIGH", - "RELIABILITY": "MEDIUM", - "SECURITY": "LOW" - }, - "attribute": "CONVENTIONAL" - } -} + "securityStandards": { + "CWE": [ + 798, + 259 + ], + "OWASP": [ + "A3" + ], + "CERT": [ + "MSC03-J." + ], + "OWASP Top 10 2021": [ + "A7" + ], + "PCI DSS 3.2": [ + "6.5.10" + ], + "PCI DSS 4.0": [ + "6.2.4" + ], + "ASVS 4.0": [ + "2.10.4", + "3.5.2", + "6.4.1" + ] + }, + "defaultQualityProfiles": [ + "Sonar way" + ], + "quickfix": "unknown" +} \ No newline at end of file diff --git a/rules/S6753/secrets/rule.adoc b/rules/S6753/secrets/rule.adoc index 4bd440f87a8..64172842736 100644 --- a/rules/S6753/secrets/rule.adoc +++ b/rules/S6753/secrets/rule.adoc @@ -1,32 +1,35 @@ -FIXME: add a description - -// If you want to factorize the description uncomment the following line and create the file. -//include::../description.adoc[] +include::../../../shared_content/secrets/description.adoc[] == Why is this an issue? -FIXME: remove the unused optional headers (that are commented out) +include::../../../shared_content/secrets/rationale.adoc[] + +=== What is the potential impact? + +Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the credentials. + +:secret_type: credentials + +include::../../../shared_content/secrets/impact/codeless_vulnerability_chaining.adoc[] + +include::../../../shared_content/secrets/impact/data_compromise.adoc[] + +include::../../../shared_content/secrets/impact/suspicious_activities_termination.adoc[] -//=== What is the potential impact? == How to fix it -//== How to fix it in FRAMEWORK NAME -=== Code examples +include::../../../shared_content/secrets/fix/revoke.adoc[] -==== Noncompliant code example +include::../../../shared_content/secrets/fix/vault.adoc[] -[source,text,diff-id=1,diff-type=noncompliant] ----- -FIXME ----- +=== Code examples -==== Compliant solution +:example_secret: zpka_213d294a9a5a44619cd6a02e55a20417_5f43e4d0 +:example_name: zapi_key +:example_env: ZAPI_KEY -[source,text,diff-id=1,diff-type=compliant] ----- -FIXME ----- +include::../../../shared_content/secrets/examples.adoc[] //=== How does this work? @@ -34,11 +37,12 @@ FIXME //=== Going the extra mile +== Resources + +=== Documentation + +* Zuplo API documentation - https://zuplo.com/docs/articles/api-key-management[API Keys Overview] + +include::../../../shared_content/secrets/resources/standards.adoc[] -//== Resources -//=== Documentation -//=== Articles & blog posts -//=== Conference presentations -//=== Standards -//=== External coding guidelines -//=== Benchmarks +//=== Benchmarks \ No newline at end of file