From 90bbc1c99eced2b40c81eef31e8e87025c2319aa Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 12 Nov 2024 17:23:43 +0100
Subject: [PATCH] Create rule S7149: Doppler auth tokens should not be
 disclosed (#4483)

---
 rules/S7149/metadata.json         |  2 ++
 rules/S7149/secrets/metadata.json | 56 +++++++++++++++++++++++++++++++
 rules/S7149/secrets/rule.adoc     | 34 +++++++++++++++++++
 3 files changed, 92 insertions(+)
 create mode 100644 rules/S7149/metadata.json
 create mode 100644 rules/S7149/secrets/metadata.json
 create mode 100644 rules/S7149/secrets/rule.adoc

diff --git a/rules/S7149/metadata.json b/rules/S7149/metadata.json
new file mode 100644
index 00000000000..2c63c085104
--- /dev/null
+++ b/rules/S7149/metadata.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/rules/S7149/secrets/metadata.json b/rules/S7149/secrets/metadata.json
new file mode 100644
index 00000000000..ce101068f6e
--- /dev/null
+++ b/rules/S7149/secrets/metadata.json
@@ -0,0 +1,56 @@
+{
+  "title": "Doppler auth tokens should not be disclosed",
+  "type": "VULNERABILITY",
+  "code": {
+    "impacts": {
+      "SECURITY": "HIGH"
+    },
+    "attribute": "TRUSTWORTHY"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "cwe",
+    "cert"
+  ],
+  "defaultSeverity": "Blocker",
+  "ruleSpecification": "RSPEC-7149",
+  "sqKey": "S7149",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      798,
+      259
+    ],
+    "OWASP": [
+      "A3"
+    ],
+    "CERT": [
+      "MSC03-J."
+    ],
+    "OWASP Top 10 2021": [
+      "A7"
+    ],
+    "PCI DSS 3.2": [
+      "6.5.10"
+    ],
+    "PCI DSS 4.0": [
+      "6.2.4"
+    ],
+    "ASVS 4.0": [
+      "2.10.4",
+      "3.5.2",
+      "6.4.1"
+    ],
+    "STIG ASD_V5R3": [
+      "V-222642"
+    ]
+  },
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "unknown"
+}
diff --git a/rules/S7149/secrets/rule.adoc b/rules/S7149/secrets/rule.adoc
new file mode 100644
index 00000000000..bab910e1fb5
--- /dev/null
+++ b/rules/S7149/secrets/rule.adoc
@@ -0,0 +1,34 @@
+
+include::../../../shared_content/secrets/description.adoc[]
+
+== Why is this an issue?
+
+include::../../../shared_content/secrets/rationale.adoc[]
+
+=== What is the potential impact?
+
+Below are some real-world scenarios that illustrate some impacts of an attacker
+exploiting the secret.
+
+include::../../../shared_content/secrets/impact/data_compromise.adoc[]
+
+include::../../../shared_content/secrets/impact/financial_loss.adoc[]
+
+== How to fix it
+
+include::../../../shared_content/secrets/fix/revoke.adoc[]
+
+include::../../../shared_content/secrets/fix/vault.adoc[]
+
+=== Code examples
+
+:example_secret: dp.ct.bAqhcVzrhy5cRHkOlNTc0Ve6w5NUDCpcutm8vGE9myi
+:example_name: doppler-auth-token
+:example_env: DOPPLER_AUTH_TOKEN
+
+include::../../../shared_content/secrets/examples.adoc[]
+
+== Resources
+
+include::../../../shared_content/secrets/resources/standards.adoc[]
+