Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      string username = "admin";
      string password = "Admin123"; // Sensitive
      string usernamePassword  = "user=admin&password=Admin123"; // Sensitive
      string url = "scheme://user:Admin123@domain.com"; // Sensitive
      

      Compliant Solution

      string username = "admin";
      string password = GetEncryptedPassword();
      string usernamePassword = string.Format("user={0}&password={1}", GetEncryptedUsername(), GetEncryptedPassword());
      string url = $"scheme://{username}:{password}@domain.com";
      
      string url2 = "http://guest:guest@domain.com"; // Compliant
      const string Password_Property = "custom.password"; // Compliant
      

      Exceptions

      • Issue is not raised when URI username and password are the same.
      • Issue is not raised when searched pattern is found in variable name and value.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            michal.barczyk Michal Barczyk (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: