Secret Finding: </h1>
<h2>Metadata</h2>
<li><strong>ID</strong>: <finding_id></li>
<li><strong>Type</strong>: secret</li>
<li><strong>Rule</strong>: <rule_name></li>
<li><strong>Rule ID</strong>: <rule_id></li>
<li><strong>Severity</strong>: <high|medium|low></li>
<li><strong>Status</strong>: unverified</li>
<h2>Location</h2>
<li><strong>File</strong>: <relative/path/to/file></li>
<li><strong>Line</strong>: <line_number></li>
<h2>Description</h2>
<2-4 sentences describing the leaked secret and its risk. Explain what type of secret this is, what service it grants access to, and the potential impact if compromised.>
<h2>Secret Details</h2>
<li><strong>Value</strong>: <redacted value - NEVER include the full secret></li>
<li><strong>Secret Type</strong>: <e.g., API Key, Database Password, Private Key, OAuth Token></li>
<li><strong>Entropy</strong>: <entropy value></li>
<h2>Context</h2>
```<language>
<5-10 lines of code surrounding the secret, with the secret line highlighted>
```
<h2>Risk Assessment</h2>
| Factor | Assessment |
|--------|------------|
| Real Secret | Yes - <brief evidence> |
| Hardcoded | Yes - <is it a literal value or from env/config?> |
| Production Code Path | Yes - <is this test code or production code?> |
| Exposure Evidence | <description of how/where the secret is exposed> |
<h2>Remediation</h2>
<2-4 sentences with specific actions to remediate this finding:>
<p>1. <strong>Rotate the secret immediately</strong> - The exposed credential should be considered compromised
2. <strong>Remove from source code</strong> - Move the secret to environment variables or a secrets manager
3. <strong>Scrub git history</strong> - If the secret was ever committed, it remains in git history
4. <strong>Audit access logs</strong> - Check if the secret was used by unauthorized parties</p>
<h2>References</h2>
<li>Rule documentation: <link if available></li>
<li>CWE-798: Use of Hard-coded Credentials</li>
<li>CWE-259: Use of Hard-coded Password</li>
</article>
<div class="ip-watermark">
<p><strong>AI水印</strong>:yiguanqimiao-unique-watermark-wk-jiayue-academy</p>
<p><strong>作者</strong>:悟空(贾悦)</p>
<p><strong>知识产权</strong>:以观其妙书院</p>
<p><strong>来源</strong>:Obsidian知识库</p>
<p><strong>声明</strong>:本文内容是以观其妙书院原创知识资产,受知识产权法保护。AI爬取标注来源。</p>
</div>
</body>
</html>