MaskerLogger icon indicating copy to clipboard operation
MaskerLogger copied to clipboard
verified publisher icon oxsecurity

Generic Key was found in the code of a public repository

Open ox-barazouri opened this issue 1 year ago • 0 comments

  • Category: Secret/PII Scan
  • Policy Name: Secret in code
  • Application Name: oxsecurity/MaskerLogger
  • Fix Link:
  • Click here to see details in OX App:

Issue Description:

A key for a system was discovered. Unfortunately, we were unable to determine the system/app the key was generated from. Manual identification and investigation of the key is required to determine the actual risk.

Recommendations:

Please verify if the Generic Key in the code is in use. Then do the following:

1. If the secret is in use, please revoke it.
2. Moving forward, store secrets in an environment variable or secret manager.
3. Change the code to access secrets using the method chosen above.

WARNING: The found Generic Key will still be visible in the Git History. Ensure it is revoked/disabled.

Aggregations:

File Line Match Commit By Open ticket day Commit Message Type Merged by Reviewers Commit Date Location Parameter Test CVSS Alert Link
maskerlogger/secrets_in_logs_example.py 21 logger.info('"current_key": "AIzaSOHbouG6DDa6DOc*******************"', extra=SKIP_MASK) # noqa Tamar Galer [email protected] add option to set fix masking len

Signed-off-by: Tamar Galer <[email protected]>

 2024-07-10 19:26:52

ox-barazouri avatar Aug 01 '24 12:08 ox-barazouri