Page History

...

Hard coding sensitive information exposes that information to attackers. The severity of this rule can vary depending on the kind of information that is disclosed. Frequently, the information disclosed is password or key information, which can lead to remote exploitation. Consequently, a high severity rating is given but may be adjusted downwards according to the nature of the sensitive data.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
MSC03-J	High	Probable	No	NoMedium	P12P6	L1L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

JAVA.HARDCODED.PASSWD
JAVA.MISC.SD.EXT

Hardcoded Password (Java)
Sensitive Data Written to External Storage (Java)

Coverity

7.5

HARDCODED_CREDENTIALS
CONFIG
FB.DMI_CONSTANT_DB_ PASSWORD
FB.DMI_EMPTY_DB_PASSWORD

Implemented

Fortify

1.0

Password_Management
Password_Management__Hardcoded_Password

Partially implemented

Parasoft Jtest

Include Page

	Parasoft_V
	Parasoft_V

CERT.MSC03.HCCS
CERT.MSC03.HCCK
CERT.MSC03.AHCA

Avoid passing hardcoded usernames/passwords/URLs to database connection methods
Avoid using hard-coded cryptographic keys
Avoid hard-coding the arguments to certain methods

PMD

1.0

AvoidUsingHardCodedIP

Partially implemented

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V5331

SonarQube

Include Page

	SonarQube_V
	SonarQube_V

S1313
S2068

Partially implemented

...

Space shortcuts

Page tree

Versions Compared

Old Version 119

New Version Current

Key

Automated Detection