SecuryString Variable Usage - Analyze file

Help Studio
1

Hello All!

I’m using the “Analyze File” function, but I’m encountering the following error:
The image shows a code analysis tool highlighting three security warnings related to SecureString variable usage outside of the creation scope in different database credential contexts (Prod, Dev, and one unspecified). (Legendado por IA)

How can I handle this error? I’m obtaining the credentials from the orchestrator and using them to log onto the SQL Server.

image
image378×176 3.5 KB

2

@Erick_Richeter

This is not a blocker for your execution, if it is blocking to execute or publish you can modify it

to modify follow below steps,

1.open Workflow Analyzer settings
2. Search with ST-SEC-008
3. you can get the results there you can see the Default type as error change to warn or any other option.
4. click on Ok and proceed with your automation.

The image shows the interface of UiPath Studio with various options and tools for automating workflows, including Analyze File, Export to Excel, and Publish. (Captioned by AI)
The image shows the interface of UiPath Studio with various options and tools for automating workflows, including Analyze File, Export to Excel, and Publish. (Captioned by AI)952×302 19.1 KB

A screenshot of UiPath Project Settings highlighting the Workflow Analyzer configuration for the secure string variable usage. (Captioned by AI)
A screenshot of UiPath Project Settings highlighting the Workflow Analyzer configuration for the secure string variable usage. (Captioned by AI)862×427 23.3 KB

Happy Automation!!

3

@Erick_Richeter,

Keep your credential variable and use them closely. Like this. Variable scope should be inside that single sequence.

The image depicts a workflow sequence in UiPath with a "Get Credential" activity followed by a comment indicating where to use the credential. (Captioned by AI)
The image depicts a workflow sequence in UiPath with a "Get Credential" activity followed by a comment indicating where to use the credential. (Captioned by AI)473×352 13.5 KB

4

Hey @Erick_Richeter ok so you creating the securestring variable to log into some portal or any application you are accessing. these error rectifying that the Variable you created in for example sequence1 and now you are using it to sequence2. so use that variable inside that sequence.

cheers

5

Hi @Erick_Richeter,

This error happens when you are fetching secure creds outside of the immediate scope.

Per secure string related workflow analyzer rules,

  1. secure string variable should be defined and used within immediate scope
  2. should never be used as argument
  3. should never be converted to plain string

Hope this helps.

Regards
Sonali

6

Thank you, @singh_sumit and @ashokkarale. I adjusted the scope of my application to keep my secure string within the same scope. I also appreciate the explanation, @sonaliaggarwal47 !

2 Likes
7

Its a rule that the REFramework violates (at least in the one that is modified to load credentials to the Config Dictionary), but it doesnt proc the rule because the securestring is in a Dictionary<string, SecureString> and it doesnt realize the SecureString in the Dictionary.

It in my opinion should only be a warning as its not so serious if you pass from one workflow to another as thats no different than passing it from the workflow to the activity that uses it.

That being said, it is a good idea to keep the scope small, however I’ve suggest not only doing that with Credential type assets but all assets, ditch the config and just grab an asset the moment you need it.

1 Like
8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.