Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Auto-generated PR comment (Polaris)
Polaris SAST Issue - Hard-coded Secrets in Server-side Code
Low CWE-798
A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to.
How to fix
Sensitive information such as access credentials, passwords, and cryptographic keys should not be stored in the source code. Always store secrets outside the source code. When possible, keep them in a strongly-protected, encrypted configuration file or database that is protected
from access by all outsiders, including other local users on the same system.
One solution is to encrypt passwords within the properties file and store the key in a safe location. This is especially necessary if people other than the administrators have access to the properties file. Upon encryption, if different people need access to the properties file, access to the encryption key should be restricted. There are different options to implement such solutions depending on the deployment scenario. For example, on Windows you may consider using the Data Protection API (DPAPI or the newer DPAPI-NG).