use env vars over hardcoded values このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
このルールを試す ID: python-security/aws-boto-credentials
Language: Python
Severity: Notice
Category: Security
Description This rule makes sure that the boto3 library use the environments variables to authenticate instead of using hardcoded credentials. This rule checks for the boto3.client and boto3.Session calls. It addresses the CWE-798 rule - uses of hardcoded credentials in code.
Learn More Non-Compliant Code Examples from boto3 import client
cli = client (
's3' ,
aws_access_key_id = "AGPAFOOBAR" ,
aws_secret_access_key = "bar" ,
aws_session_token = SESSION_TOKEN
)
import boto3
client = boto3 . client (
's3' ,
aws_access_key_id = "AGPAFOOBAR" ,
aws_secret_access_key = "bar" ,
aws_session_token = SESSION_TOKEN
)
import boto3
client = boto3 . Session (
's3' ,
aws_access_key_id = ACCESS_KEY ,
aws_secret_access_key = SECRET_KEY ,
aws_session_token = "foobar" # hard coded credential
)
Compliant Code Examples import boto3
client = boto3 . Session (
's3' ,
aws_session_token = SESSION_TOKEN
)
import boto3
client = boto3 . client (
's3' ,
aws_session_token = SESSION_TOKEN
)
client = boto3 . client (
's3' ,
aws_access_key_id = ACCESS_KEY ,
aws_secret_access_key = SECRET_KEY ,
aws_session_token = SESSION_TOKEN
)
Seamless integrations. Try Datadog Code Analysis
