Skip to content

Update totally_not_secrets.yaml#2

Open
sean-jit wants to merge 1 commit intomainfrom
sean-jit-patch-2
Open

Update totally_not_secrets.yaml#2
sean-jit wants to merge 1 commit intomainfrom
sean-jit-patch-2

Conversation

@sean-jit
Copy link

@sean-jit sean-jit commented Sep 28, 2023

Thank you for submitting a pull request to the WebGoat!

@jit-ci
Copy link

jit-ci bot commented Sep 28, 2023

Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset.

In case there are security findings, they will be communicated to you as a comment inside the PR.

Hope you’ll enjoy using Jit.

Questions? Comments? Want to learn more? Get in touch with us.

jit-ci[bot]
jit-ci bot reviewed Sep 28, 2023
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 10 important findings in this PR that you should review.
The findings are detailed below as separate comments.
It’s highly recommended that you fix these security issues before merge.

totally_not_secrets.yaml
MAILGUN_API = 'key-LPxoYCANGEFkAMHBur4jTjbZ69ngpdbI'

GITHUB_PAT_ONE = 'ghp_00a00aDDAg111xaAA7nAA0AalMspJB0tNaaa'
GITHUB_PAT_TWO = 'ghp_99g00bXXGj528xxAA4kQG2CxlMspJB0tNxaz'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Github-Pat

Description: GitHub Personal Access Token

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml

STRIPE = 'pk_live_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'

SLACK = 'xapp-1-A01C259PH2A-1440755929120-7d5241948a2cc1b464add85df8a8e75f9040ae2869f6599926ed0b9dcafdb32b'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Slack-App-Token

Description: Slack App-level token

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml

TWILIO_API = 'SK5d1d319A6Acf7EC9BDeDb8CCe4D76BA8'

MAILGUN_API = 'key-LPxoYCANGEFkAMHBur4jTjbZ69ngpdbI'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Generic-Api-Key

Description: Generic API Key

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml
jwt_secret: YourJWTSecretKeyHere
GOOGLE_API = 'AIzaSyBUPHAjZl3n8Eza66ka6B78iVyPteC5MgM'

STRIPE = 'pk_live_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Stripe-Access-Token

Description: Stripe Access Token

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml

MAILGUN_API = 'key-LPxoYCANGEFkAMHBur4jTjbZ69ngpdbI'

GITHUB_PAT_ONE = 'ghp_00a00aDDAg111xaAA7nAA0AalMspJB0tNaaa'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Github-Pat

Description: GitHub Personal Access Token

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml
mysql_password: MySQLPassword123
postgres_password: myPostgresPassw0rd
jwt_secret: YourJWTSecretKeyHere
GOOGLE_API = 'AIzaSyBUPHAjZl3n8Eza66ka6B78iVyPteC5MgM'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Gcp-Api-Key

Description: GCP API key

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml
SLACK_BOT = 'xoxb-730191371696-1413868247813-IG7Z6nYevC2hdviE3aJhb5kY'

AWS_KEY_ONE = 'AKIAIWSXFHRM7F6Z3NWQ'
AWS_KEY_TWO = 'AKIASLEPEFMTEF3JEWSP'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Aws-Access-Token

Description: AWS

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml
SLACK = 'xapp-1-A01C259PH2A-1440755929120-7d5241948a2cc1b464add85df8a8e75f9040ae2869f6599926ed0b9dcafdb32b'
SLACK_BOT = 'xoxb-730191371696-1413868247813-IG7Z6nYevC2hdviE3aJhb5kY'

AWS_KEY_ONE = 'AKIAIWSXFHRM7F6Z3NWQ'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Aws-Access-Token

Description: AWS

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml
STRIPE = 'pk_live_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'

SLACK = 'xapp-1-A01C259PH2A-1440755929120-7d5241948a2cc1b464add85df8a8e75f9040ae2869f6599926ed0b9dcafdb32b'
SLACK_BOT = 'xoxb-730191371696-1413868247813-IG7Z6nYevC2hdviE3aJhb5kY'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Slack-Bot-Token

Description: Slack Bot token

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

totally_not_secrets.yaml
AWS_KEY_ONE = 'AKIAIWSXFHRM7F6Z3NWQ'
AWS_KEY_TWO = 'AKIASLEPEFMTEF3JEWSP'

TWILIO_API = 'SK5d1d319A6Acf7EC9BDeDb8CCe4D76BA8'
Copy link

@jit-ci jit-ci bot Sep 28, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Twilio-Api-Key

Description: Twilio API Key

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jit-ci jit-ci[bot] jit-ci[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sean-jit