studio
2020.10
false
- Release Notes
- Getting Started
- Setup and Configuration
- Automation Projects
- Dependencies
- Types of Workflows
- File Comparison
- Automation Best Practices
- Source Control Integration
- Debugging
- The Diagnostic Tool
- Workflow Analyzer
- About Workflow Analyzer
- ST-NMG-001 - Variables Naming Convention
- ST-NMG-002 - Arguments Naming Convention
- ST-NMG-004 - Display Name Duplication
- ST-NMG-005 - Variable Overrides Variable
- ST-NMG-006 - Variable Overrides Argument
- ST-NMG-008 - Variable Length Exceeded
- ST-NMG-009 - Prefix Datatable Variables
- ST-NMG-011 - Prefix Datatable Arguments
- ST-NMG-012 - Argument Default Values
- ST-NMG-016 - Argument Length Exceeded
- ST-DBP-002 - High Arguments Count
- ST-DBP-003 - Empty Catch Block
- ST-DBP-007 - Multiple Flowchart Layers
- ST-DBP-020 - Undefined Output Properties
- ST-DBP-023 - Empty Workflow
- ST-DBP-024 - Persistence Activity Check
- ST-DBP-025 - Variables Serialization Prerequisite
- ST-DBP-026 - Delay Activity Usage
- ST-DBP-027 - Persistence Best Practice
- ST-DBP-028 - Arguments Serialization Prerequisite
- ST-SEC-007 - SecureString Argument Usage
- ST-SEC-008 - SecureString Variable Usage
- ST-SEC-009 - SecureString Misusage
- Variables
- Arguments
- Imported Namespaces
- Recording
- UI Elements
- Control Flow
- Selectors
- Object Repository
- Data Scraping
- Image and Text Automation
- Automating Citrix Technologies
- RDP Automation
- SAP Automation
- VMware Horizon Automation
- Logging
- The ScaleCoordinates Migration Tool
- The ScreenScrapeJavaSupport Tool
- The WebDriver Protocol
- StudioPro
- Extensions
- Troubleshooting
ST-SEC-009 - SecureString Misusage
OUT OF SUPPORT
Studio User Guide
Last updated Dec 20, 2023
ST-SEC-009 - SecureString Misusage
Rule ID:
ST-SEC-009
Scope: Workflow
This rule checks whether the SecureString type is misused in the workflow. This string type is used when avoiding to store potentially sensitive strings as plain text.
The SecureString type should not be used for any purpose other than the intended one. Therefore, attempting to cast SecureString to String may be viewed as a security risk.
According to the official Microsoft documentation, if a String object contains any sensitive information, it raises the risk of the data being revealed after it is used.
In addition, the scope of SecureString type variables should be very limited, ideally in the same scope where they were created.