hannes/git-repo-manager
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make sure we do not expose secrets in output

Browse Source 
This is using the RFC-8959 URI scheme to detect secrets. Thanks
hackernews for the idea ;)
This commit is contained in:
Hannes Körber
2022-05-27 23:37:54 +02:00
parent 90d188e01e
commit a71711978e
4 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
e2e_tests/docker-rest/flask/github.py
View File

@@ -12,7 +12,7 @@ def check_headers():
app.logger.error("Invalid accept header")
abort(500)
auth_header = request.headers.get("authorization")
if auth_header != "token authtoken":
if auth_header != "token secret-token:myauthtoken":
app.logger.error("Invalid authorization header: %s", auth_header)
abort(
make_response(

2
e2e_tests/docker-rest/flask/gitlab.py
View File

@@ -12,7 +12,7 @@ def check_headers():
app.logger.error("Invalid accept header")
abort(500)
auth_header = request.headers.get("authorization")
if auth_header != "bearer authtoken":
if auth_header != "bearer secret-token:myauthtoken":
app.logger.error("Invalid authorization header: %s", auth_header)
abort(
make_response(