Skip to content

Commit

Permalink
Apply review suggestion wrt impact
Browse files Browse the repository at this point in the history
  • Loading branch information
egon-okerman-sonarsource committed Sep 15, 2023
1 parent 0d7fe58 commit 95e467f
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion rules/S6751/secrets/rule.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

The exact impact of the compromise of a PyPI API token varies depending on the permissions granted to this token. It can range from loss of sensitive data and source code to severe supply chain attacks.
The exact consequences of a PyPI API token compromise can vary depending on the scope of the affected token. Depending on this factor, the attacker might get access to the full account the token is bound to or only to a project belonging to that user.

In any case, such a compromise can lead to source code leaks, data leaks and even serious supply chain attacks. In general, a reputational loss is also a common threat.

include::../../../shared_content/secrets/impact/source_code_compromise.adoc[]

Expand Down

0 comments on commit 95e467f

Please sign in to comment.