Clear text credentials High

Credentials that are stored in clear text in memory or written to log files can be intercepted by a malicious actor.

Detector ID
java/clear-text-credentials@v1.0
Category

Noncompliant example

1public void logCredentialsNoncompliant() {
2    String publicData = "some public data";
3    AWSCredentials credentials = new DefaultAWSCredentialsProviderChain().getCredentials();
4    // Noncompliant: secret access key is logged.
5    log.error("somePublicData: " + publicData + " key: " + credentials.getAWSSecretKey());
6}

Compliant example

1public void logCredentialsCompliant() {
2    String publicData = "some public data";
3    AWSCredentials credentials = new DefaultAWSCredentialsProviderChain().getCredentials();
4    // Compliant: secret access key is not logged.
5    log.error("somePublicData: " + publicData);
6}