Merge pull request #6993 from Tohar-orca/cleartext_api_key_in_operati…

…on_security_description feat(query): clarify description for openapi exposed api keys
Checkmarx · Apr 11, 2024 · e4ad15d · e4ad15d
2 parents fd036a8 + 24e4bc0
commit e4ad15d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/assets/queries/openAPI/general/api_key_exposed_in_global_security/metadata.json b/assets/queries/openAPI/general/api_key_exposed_in_global_security/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "API Key Exposed In Global Security (v3)",
   "severity": "LOW",
   "category": "Access Control",
-  "descriptionText": "API Keys should not be transported over network",
+  "descriptionText": "API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key.",
   "descriptionUrl": "https://swagger.io/specification/#security-scheme-object",
   "platform": "OpenAPI",
   "descriptionID": "f7f6e7fb",
@@ -13,9 +13,10 @@
       "id": "533a0d13-6e89-4551-ae33-bce14e5849c1",
       "queryName": "API Key Exposed In Global Security (v2)",
       "descriptionUrl": "https://swagger.io/specification/v2/#securityDefinitionsObject",
-      "descriptionText": ""
+      "descriptionText": "API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key."
     }
   },
   "cwe": "",
-  "oldSeverity": "MEDIUM"
-}
+  "oldSeverity": "MEDIUM",
+  "cloudProvider": "common"
+}
diff --git a/assets/queries/openAPI/general/api_key_exposed_in_operation_security/metadata.json b/assets/queries/openAPI/general/api_key_exposed_in_operation_security/metadata.json
@@ -3,7 +3,7 @@
   "queryName": "API Key Exposed In Operation Security (v3)",
   "severity": "LOW",
   "category": "Access Control",
-  "descriptionText": "API Keys should not be transported over network",
+  "descriptionText": "API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key.",
   "descriptionUrl": "https://swagger.io/specification/#security-scheme-object",
   "platform": "OpenAPI",
   "descriptionID": "812604ac",
@@ -13,9 +13,10 @@
       "id": "392599e4-a4e2-403d-bc56-3fe05755782d",
       "queryName": "API Key Exposed In Operation Security (v2)",
       "descriptionUrl": "https://swagger.io/specification/v2/#securityDefinitionsObject",
-      "descriptionText": ""
+      "descriptionText": "API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key."
     }
   },
   "cwe": "",
-  "oldSeverity": "LOW"
-}
+  "oldSeverity": "LOW",
+  "cloudProvider": "common"
+}