Yet Another Security Code Smell Because Nobody Ever Reads the Documentation
TL;DR: Ignoring constant replacement leads to severe security risks.
Problems
Vulnerable endpoints
Lack of Testing
Documentation Nobody Reads
Solutions
Enforce constant key replacement
Audit upstream vendors
Automate security checks
Enforce your Documentation with tests
Use invalid defaults to ensure they are always replaced
Context
A major security flaw, PKfail, persisted unnoticed for 12 years, compromising hundreds of devices.
The vulnerability stems from vendors failing to replace a "DO NOT TRUST" Secure Boot master key, a critical step that was neglected despite clear instructions.
This oversight left countless devices open to exploitation, allowing threat actors to bypass security measures and install malicious software.
Sample Code
Wrong
fn generate_pk() -> String {
"DO NOT TRUST".to_string()
}
// Vendor forgets to replace PK
fn use_default_pk() -> String {
let pk = generate_pk();
pk // "DO NOT TRUST" PK used in production
}
Right
fn generate_pk() -> String {
"DO NOT TRUST".to_string()
// The documentation tells vendors to replace this value
}
fn use_default_pk() -> String {
let pk = generate_pk();
if pk == "DO NOT TRUST" {
panic!("Error: PK must be replaced before use.");
}
pk // Valid PK used in production
}
Detection
[X] Automatic
You can detect this smell by checking for default values that must be replaced before deployment.
Tools like static analyzers and manual code reviews help you identify hardcoded or placeholder keys that should be updated.
Tags
- Security
Level
[X] Intermediate
AI Generation
AI generators might create this smell unless instructed for context-specific security steps.
You must provide clear instructions to ensure proper key replacement.
AI Detection
AI tools can catch this smell with rules that flag placeholder values through testing and reviews.
Conclusion
Ignoring crucial steps in the security process, such as replacing default keys, can lead to severe vulnerabilities.
This long-lasting flaw emphasizes the need for diligent security practices.
Replace all your documentation with acceptance tests.
Relations
Code Smell 02 - Constants and Magic Numbers
Maxi Contieri ・ Oct 21 '20
Refactoring 011 - Replace Comments with Tests
Maxi Contieri ・ Apr 23 '23
More Info
Disclaimer
Code Smells are my opinion.
Credits
Photo by Jason Leung on Unsplash
It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.
Stephane Nappo
Software Engineering Great Quotes
Maxi Contieri ・ Dec 28 '20
This article is part of the CodeSmell Series.