Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Sensitive Code Example

      Spring-social-twitter secrets can be stored inside a xml file:

      <?xml version="1.0" encoding="UTF-8"?>
      <beans xmlns="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="
              http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
        
          <bean id="connectionFactoryLocator" class="org.springframework.social.connect.support.ConnectionFactoryRegistry">
            <property name="connectionFactories">
                <list>
                    <bean class="org.springframework.social.twitter.connect.TwitterConnectionFactory">
                        <constructor-arg value="username" />
                        <constructor-arg value="very-secret-password" />   <!-- Sensitive --> 
                    </bean>
                </list>
            </property>
        </bean> 
      </beans>
      

      Compliant Solution

      In spring social twitter, retrieve secrets from environment variables:

      @Configuration
      public class SocialConfig implements SocialConfigurer {
      
          @Override
          public void addConnectionFactories(ConnectionFactoryConfigurer cfConfig, Environment env) {
              cfConfig.addConnectionFactory(new TwitterConnectionFactory(
                  env.getProperty("twitter.consumerKey"),    
                  env.getProperty("twitter.consumerSecret")));  <!-- Compliant --> 
          }
      }
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            eric.therond Eric Therond
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: