Skip to content

fix: Replace hardcoded AWS credentials with AnonymousCredentialsProvi…#7148

Open
ford220102 wants to merge 1 commit into
aws:masterfrom
ford220102:master
Open

fix: Replace hardcoded AWS credentials with AnonymousCredentialsProvi…#7148
ford220102 wants to merge 1 commit into
aws:masterfrom
ford220102:master

Conversation

@ford220102

@ford220102 ford220102 commented Jul 14, 2026

Copy link
Copy Markdown

…der in benchmark

Security fix for java:S6263 - Long-term AWS access keys should not be used.

Replaced hardcoded dummy credentials ("test"/"test") with AnonymousCredentialsProvider in V1CborRoundtripBenchmark.

The benchmark uses a local mock server and does not require real AWS credentials. Using AnonymousCredentialsProvider makes this intent explicit and avoids the security hotspot.

This change:

  • Eliminates the security warning for hardcoded credentials
  • Makes the code's intent clearer (no real AWS access needed)
  • Is safe for benchmark code that never contacts real AWS services

Motivation and Context

Modifications

Testing

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

…der in benchmark

Security fix for java:S6263 - Long-term AWS access keys should not be used.

Replaced hardcoded dummy credentials ("test"/"test") with
AnonymousCredentialsProvider in V1CborRoundtripBenchmark.

The benchmark uses a local mock server and does not require
real AWS credentials. Using AnonymousCredentialsProvider makes
this intent explicit and avoids the security hotspot.

This change:
- Eliminates the security warning for hardcoded credentials
- Makes the code's intent clearer (no real AWS access needed)
- Is safe for benchmark code that never contacts real AWS services
@ford220102 ford220102 requested a review from a team as a code owner July 14, 2026 22:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant