Synopsis

Never hard code sensitive information.

Enabled by default

Yes

Severity/Certainty

High/Medium

Full description

Hard coding sensitive information, such as passwords or encryption keys can expose the information to attackers. Anyone who has access to the executable or dynamic library files can examine them for strings or other critical data, revealing the sensitive information.

Coding standards

Code examples

The following code example fails the check and will give a warning:

const char *github_token = "1234567890abcdef";

The following code example passes the check and will not give a warning about this issue:

char *github_token;