sentry-react-native icon indicating copy to clipboard operation
sentry-react-native copied to clipboard
verified publisher icon getsentry

Add GH Action to warn devs about `sentryAuthToken` changes

Open krystofwoldrich opened this issue 1 year ago • 3 comments

Description

To prevent https://github.com/getsentry/sentry-react-native/security/advisories/GHSA-68c2-4mpx-qh95 in the future, we can add a GitHub Action which will add a warning to a PR when changes related to handling sentry auth token are included.

Impl can be a simple string search for sentryAuthToken, SENTRY_AUTH_TOKEN, and similar.

krystofwoldrich avatar Mar 18 '24 12:03 krystofwoldrich

This warning should not be triggered for changes in GH actions yml files.

krystofwoldrich avatar Mar 22 '24 13:03 krystofwoldrich

This may be closed once https://github.com/getsentry/.github/issues/134 is fixed

lucas-zimerman avatar Jul 12 '24 12:07 lucas-zimerman

This GH Issue is about adding a warning like https://github.com/getsentry/sentry-cocoa/pull/4091#issuecomment-2180159176

Screenshot 2024-07-12 at 15 24 11

For example changes in https://github.com/getsentry/sentry-react-native/blob/9d86532d68474e40b8d0c346799236ab466c0cb7/plugin/src/withSentry.ts related to the authToken variable should trigger such a warning.

krystofwoldrich avatar Jul 12 '24 13:07 krystofwoldrich