Storing confidential information in code (UsingHardcodeSecretInformation)¶
| Type | Scope | Severity | Activated by default |
Minutes to fix |
Tags |
|---|---|---|---|---|---|
Vulnerability |
BSL |
Critical |
Yes |
15 |
standard |
Parameters¶
| Name | Type | Description | Default value |
|---|---|---|---|
searchWords |
String |
Search keywords for confidential information in variables, structures, mappings. |
Пароль|Password |
Description¶
It is prohibited to store any confidential information in the code. The confidential information is:
- Passwords
- Personal access tokens/keys
If the project uses SSL sub-system, then passwords should be stored in safe storage.
Addition¶
Strings with all symbols * are excluded from the check:
Password = "**********";
Examples¶
Incorrect:
Password = "12345";
Correct:
Passwords = CommonModule.ReadDataFromSafeStorage("StoringIdentifier", "Password");
Password = Passwords.Password;
Sources¶
Snippets¶
Diagnostic ignorance in code¶
// BSLLS:UsingHardcodeSecretInformation-off
// BSLLS:UsingHardcodeSecretInformation-on
Parameter for config¶
"UsingHardcodeSecretInformation": {
"searchWords": "Пароль|Password"
}