Subscribe

UiPath Studio

The UiPath Studio Guide

ST-SEC-009 - SecureString Misusage

Rule ID: ST-SEC-009

Scope: Workflow

Description

This rule checks whether the SecureString type is misused in the workflow. This string type is used when avoiding to store potentially sensitive strings as plain text.

Recommendation

The SecureString type should not be used for any purpose other than the intended one. Therefore, attempting to cast SecureString to String may be viewed as a security risk.

According to the official Microsoft documentation, if a String object contains any sensitive information, it raises the risk of the data being revealed after it is used.

In addition, the scope of SecureString type variables should be very limited, ideally in the same scope where they were created.

1040

Updated 3 years ago

See Also

About Workflow Analyzer
Security Rules
Usage Rules
Reliability Rules

ST-SEC-009 - SecureString Misusage

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.