Skip to content

Commit

Permalink
Create rule S7166: Adobe OAuth credentials should not be disclosed (A…
Browse files Browse the repository at this point in the history
…PPSEC-2237) (#4504)
  • Loading branch information
github-actions[bot] authored Dec 17, 2024
1 parent 8558f5e commit 5e5c005
Show file tree
Hide file tree
Showing 3 changed files with 100 additions and 0 deletions.
2 changes: 2 additions & 0 deletions rules/S7166/metadata.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
{
}
56 changes: 56 additions & 0 deletions rules/S7166/secrets/metadata.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"title": "Adobe OAuth credentials should not be disclosed",
"type": "VULNERABILITY",
"code": {
"impacts": {
"SECURITY": "HIGH"
},
"attribute": "TRUSTWORTHY"
},
"status": "ready",
"remediation": {
"func": "Constant\/Issue",
"constantCost": "30min"
},
"tags": [
"cwe",
"cert"
],
"defaultSeverity": "Blocker",
"ruleSpecification": "RSPEC-7166",
"sqKey": "S7166",
"scope": "All",
"securityStandards": {
"CWE": [
798,
259
],
"OWASP": [
"A3"
],
"CERT": [
"MSC03-J."
],
"OWASP Top 10 2021": [
"A7"
],
"PCI DSS 3.2": [
"6.5.10"
],
"PCI DSS 4.0": [
"6.2.4"
],
"ASVS 4.0": [
"2.10.4",
"3.5.2",
"6.4.1"
],
"STIG ASD_V5R3": [
"V-222642"
]
},
"defaultQualityProfiles": [
"Sonar way"
],
"quickfix": "unknown"
}
42 changes: 42 additions & 0 deletions rules/S7166/secrets/rule.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@

include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

If an attacker gains access to Adobe OAuth credentials, they might be able to authenticate as users or applications.

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the secret.

include::../../../shared_content/secrets/impact/data_modification.adoc[]

include::../../../shared_content/secrets/impact/data_compromise.adoc[]

include::../../../shared_content/secrets/impact/financial_loss.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: p8e-qPoC8Xii8fI-G2QHT97wbOpwqG4PgGri
:example_name: adobe.client-secret
:example_env: ADOBE_CLIENT_SECRET

include::../../../shared_content/secrets/examples.adoc[]


== Resources

=== Documentation

* Adobe - https://developer.adobe.com/developer-console/docs/guides/authentication/UserAuthentication/[User Authentication]

include::../../../shared_content/secrets/resources/standards.adoc[]

0 comments on commit 5e5c005

Please sign in to comment.