Use of Hard-coded, Security-relevant Constants
The product uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security reviews.
Hard-coded values make code harder to understand and maintain. When security-relevant values are hard-coded, it increases the risk of errors when the code needs to be modified.
이 취약점을 수정하는 방법
2개의 Shoulder 탐지 규칙을 기반으로 한 Hardcoded Security Constants 예방 전략.
Use environment variables for URLs with localhost as a development fallback
- const API_URL = 'http://localhost:3000'; + const API_URL = process.env.API_URL || 'http://localhost:3000'; const response = await fetch(`${API_URL}/users`);
Load URLs from environment variables with localhost as the development fallback
- API_URL = "http://localhost:3000/api" - DB_HOST = "127.0.0.1" + import os + + API_URL = os.getenv('API_URL', 'http://localhost:3000/api') + DB_HOST = os.getenv('DB_HOST', 'localhost') def fetch_data(): response = requests.get(f'{API_URL}/data') return response.json()
핵심 실천 사항
- Use environment variables
- configurable via environment variables
코드에서 취약점 찾기
Shoulder를 사용하여 코드에서 Use of Hard-coded, Security-relevant Constants 패턴을 스캔하세요. 2 규칙.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=547 # Or scan entire project npx @shoulderdev/cli trust .
탐지 규칙 (2)
코드 리뷰에서 주의할 점
이 패턴은 잠재적인 Use of Hard-coded, Security-relevant Constants 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.
코드베이스를 스캔하세요: Use of Hard-coded, Security-relevant Constants
Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.