maijun-sec
commented
1 week ago we can reference some rules from other static analysis tools for different languages:
- URIs should not be hardcoded(sonarqube swift, https://rules.sonarsource.com/swift/RSPEC-1075/)
- Using hardcoded IP addresses is security-sensitive(sonarqube java, https://rules.sonarsource.com/java/RSPEC-1313/)
- Using hardcoded IP addresses is security-sensitive(sonarqube c++, https://rules.sonarsource.com/cpp/RSPEC-1313/)
- URIs (URL & path) should not be hardcoded for testability purpose(CAST, https://doc.casthighlight.com/alt_hardcodedpaths-uris-url-path-not-hardcoded/)
What it does
Hard-coded URIs can lead to several disadvantages in software development:
Lack of Flexibility: Changing a hard-coded URI requires modifying the source code and redeploying the application, which can be cumbersome and time-consuming.
Maintainability Issues: As applications grow, managing multiple hard-coded URIs becomes difficult. It increases the risk of introducing errors when making changes.
Environment Configuration Challenges: Hard-coded URIs can hinder the ability to easily switch between environments (e.g., development, testing, production) without changing the code.
Security Risks: Exposing sensitive URIs in the source code can lead to security vulnerabilities, such as unauthorized access to APIs or services.
Version Control Issues: Hard-coded values can make it difficult to track changes over time, complicating version control and audit trails.
Code Readability: Hard-coded URIs can clutter the code and make it harder to understand, especially if the URI is long or complex.
Testing Difficulties: Testing different environments or endpoints becomes cumbersome if URIs are hard-coded, as it may require recompilation for every change.
Reduced Reusability: Functions or modules with hard-coded URIs are less reusable since they are tied to specific services or endpoints.
Advantage
Drawbacks
No response
Example