Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-2774

Comments should not contain passwords

    XMLWordPrintable

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Remove this comment.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Targeted languages:
      ABAP, C#, C, C++, Cobol, Flex, HTML, Java, JavaScript, Objective-C, PHP, Python, RPG, Swift, VB.Net, VB6, XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      2min
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources, Test Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-615
    • OWASP:
      A3

      Description

      Credentials should never be included in comments. Doing so means that anyone who has access to the code also has access to the database.

      This rule flags each instance of "password" in a comment

      Noncompliant Code Example

      public void doTheDatabaseThing(ComplexObject cObj) {
        // password is red!    <-- Noncompliant
        // ...
      }
      

      See

        Attachments

        1.
        Cobol RSPEC-3384 Language-Specification Active Unassigned

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ann.campbell.2 Ann Campbell
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: