Few studio activities incompatible with workflow analyzer rule(ST-SEC-009)

Hi UiPath team,

As part of our governance implementation at an enterprise level, we have come across few finding which we would like to share with you.

Below studio activities are found to be incompatible with the workflow analyzer rule(even in default state) ST-SEC-009(secure string misusage) as these activities doesn’t accept credentials in a secure way and rule ST-SEC-009 aims to identify such patterns and help block them from entering production thus making it impossible for such scenarios to co-exist with governance enabled on this rule:

Studio Package Studio Activity Issue Assets(credential)
UiPath.WebAPI.Activities = 1.7.0 HTTP activity Headers section under Options in properties panel doesn’t accept API key as secure string API Key
UiPath.WebAPI.Activities = 1.7.0 HTTP activity Request Body under Options in properties panel doesn’t accept Password as secure string Password
UiPath.Database.Activities =1.4.0 Connect Activity Connection string doesn’t accept Password as secure string Password
UiPath.Cryptography.Activities = 1.2.0 Encrypt/Decrypt Activity Key section doesn’t accept Encryption key as secure string Encryption Key

Hope this info helps to identify and resolve more of such patterns in studio activities.

Regards
Sonali

Thanks for reporting.

We will address this in next releases of activities.

1 Like