AWS code-library medium security documentation change
Summary
Modified Java code example to enforce command-line argument validation and use dynamic input parameters instead of hardcoded values.
Security assessment
The change adds proper input validation (checking for 3 arguments) and removes hardcoded credentials/bucket names. This demonstrates secure coding practices by preventing potential misconfiguration risks from hardcoded values and ensuring required parameters are provided.
Diff
diff --git a/code-library/latest/ug/acm_example_acm_ImportCertificate_section.md b/code-library/latest/ug/acm_example_acm_ImportCertificate_section.md index 2a71032f6..a7c02c779 100644 --- a//code-library/latest/ug/acm_example_acm_ImportCertificate_section.md +++ b//code-library/latest/ug/acm_example_acm_ImportCertificate_section.md @@ -166,8 +166,8 @@ There's more on GitHub. Find the complete example and learn how to set up and ru - //if (args.length != 3) { - // System.out.println(usage); - // return; - // } - - String bucketName = "certbucket100" ; //args[0]; - String certificateKey = "certificate.pem" ; // args[1]; - String privateKeyKey = "private_key.pem" ; //args[2]; + if (args.length != 3) { + System.out.println(usage); + return; + } + + String bucketName = args[0]; + String certificateKey = args[1]; + String privateKeyKey = args[2];