Skip to content

Security Alert: Sensitive Information Detected in Public Repository #1

Description

@vyastj

Hello lumeche,

Our security tools have identified a few in the public repository lumeche/appDirect. Details are as follows:

🚨 [HIGH] High-entropy secret assignment in workspace.xml https://raw.githubusercontent.com/lumeche/appDirect/master/.idea/workspace.xml
🚨 [HIGH] Keyword 'secret' found in HandlerDelegate.java at line 6 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/java/com/appdirect/controller/rest/HandlerDelegate.java
🚨 [HIGH] Keyword 'authorization' found in HandlerDelegate.java at line 6 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/java/com/appdirect/controller/rest/HandlerDelegate.java
🚨 [HIGH] Keyword 'token' found in HandlerDelegate.java at line 6 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/java/com/appdirect/controller/rest/HandlerDelegate.java
🚨 [HIGH] Keyword 'secret' found in app-direct-configuration.xml at line 6 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/app-direct-configuration.xml
🚨 [HIGH] Keyword 'secret' found in application.properties at line 2 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/application.properties
🚨 [HIGH] Keyword 'token' found in application.properties at line 5 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/application.properties
🚨 [HIGH] Possible secret assignment in application.properties https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/application.properties
🚨 [HIGH] Keyword 'token' found in event-cancel.xml at line 6 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/events/event-cancel.xml
🚨 [HIGH] Possible secret assignment in event-cancel.xml https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/events/event-cancel.xml
🚨 [HIGH] Keyword 'token' found in event-change.xml at line 6 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/events/event-change.xml
🚨 [HIGH] Possible secret assignment in event-change.xml https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/events/event-change.xml
🚨 [HIGH] Keyword 'token' found in event-order.xml at line 6 https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/events/event-order.xml
🚨 [HIGH] Possible secret assignment in event-order.xml https://raw.githubusercontent.com/lumeche/appDirect/master/src/main/resources/events/event-order.xml

Could you please review these findings and, if feasible, change the repository's visibility from public to private to prevent potential exposure of sensitive AppDirect information?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions