Skip to content

New vulnerability #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
claire-villard-sonarsource wants to merge 2 commits into
base: main
Choose a base branch
from
Open

New vulnerability #5

claire-villard-sonarsource wants to merge 2 commits into from

Conversation

@claire-villard-sonarsource
Copy link
Owner

@claire-villard-sonarsource claire-villard-sonarsource commented May 26, 2023

No description provided.

github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloudsquad-1

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYhYxCuU6EhLaUgqJ0NL-->Make sure this AWS Access Key ID is not disclosed. <p>See more on <a href="https://squad-1-core.sc-dev.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYhYxCuU6EhLaUgqJ0NL&open=AYhYxCuU6EhLaUgqJ0NL&pullRequest=5">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloudsquad-2

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYhYxEmeYus4ag5Kh3Q5-->Make sure this AWS Access Key ID is not disclosed. <p>See more on <a href="https://squad-2-core.sc-dev.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYhYxEmeYus4ag5Kh3Q5&open=AYhYxEmeYus4ag5Kh3Q5&pullRequest=5">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2023
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloudsquad-3

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYhYxFT7lg2aQqTzhPlJ-->Make sure this AWS Access Key ID is not disclosed. <p>See more on <a href="https://squad-3-core.sc-dev.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYhYxFT7lg2aQqTzhPlJ&open=AYhYxFT7lg2aQqTzhPlJ&pullRequest=5">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems May 26, 2023
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 1, 2023
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 7, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloudsquad-5

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYkwOKamn8Vp1FcXsEZJ-->Make sure this AWS Access Key ID is not disclosed. <p>See more on <a href="https://squad-5-core.sc-dev.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYkwOKamn8Vp1FcXsEZJ&open=AYkwOKamn8Vp1FcXsEZJ&pullRequest=5">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 16, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloudStaging

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYn95jd0xLPUlgkTLEm6-->Make sure this AWS Access Key ID gets revoked, changed, and removed from the code. <p>See more on <a href="https://sc-staging.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYn95jd0xLPUlgkTLEm6&open=AYn95jd0xLPUlgkTLEm6&pullRequest=5">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 11, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloudDev

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYqE3vuxNUIodHWTmwJW-->Make sure this AWS Access Key ID gets revoked, changed, and removed from the code. <p>See more on <a href="https://dev.sc-dev.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYqE3vuxNUIodHWTmwJW&open=AYqE3vuxNUIodHWTmwJW&pullRequest=5">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 6, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloud

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYsFo2TvdL_u4gWOlJtu-->Make sure the access granted with this AWS access key ID is restricted <p>See more on <a href="https://sonarcloud.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYsFo2TvdL_u4gWOlJtu&open=AYsFo2TvdL_u4gWOlJtu&pullRequest=5">SonarCloud</a></p>
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 13, 2023
View reviewed changes
@ghost
Copy link

ghost commented Oct 13, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability E 1 Vulnerability
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 13, 2023
View reviewed changes
@ghost
Copy link

ghost commented Oct 13, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability E 1 Vulnerability
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 13, 2023
View reviewed changes
src/Config.js
@@ -0,0 +1,12 @@
import firebase from 'firebase'

const aws_access_key_id = "ASIALKSJGJSHBGSL135H"

Check failure

Code scanning / SonarCloudsquad-4

Amazon Web Services credentials should not be disclosed

<!--SONAR_ISSUE_KEY:AYsobsZ0DTP1HF8QknEN-->Make sure the access granted with this AWS access key ID is restricted <p>See more on <a href="https://squad-4-core.sc-dev.io/project/issues?id=claire-villard-sonarsource_test-vue-issue&issues=AYsobsZ0DTP1HF8QknEN&open=AYsobsZ0DTP1HF8QknEN&pullRequest=5">SonarCloud</a></p>
Repository owner deleted a comment Sep 29, 2025
Repository owner deleted a comment Sep 29, 2025
Repository owner deleted a comment from sonarqube-cloud-dev bot Sep 29, 2025
Repository owner deleted a comment Sep 29, 2025
Repository owner deleted a comment Sep 29, 2025
Repository owner deleted a comment from sonarqube-cloud-staging bot Sep 29, 2025
Repository owner deleted a comment Sep 29, 2025
@sonarclouddev5
Copy link

sonarclouddev5 bot commented Sep 29, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Repository owner deleted a comment from sonarqube-cloud-staging bot Sep 29, 2025
Repository owner deleted a comment from sonarqube-cloud-dev bot Sep 29, 2025
Repository owner deleted a comment from sonarqubecloud bot Sep 29, 2025
Repository owner deleted a comment Sep 29, 2025
@sonarclouddev4
Copy link

sonarclouddev4 bot commented Sep 29, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarclouddev14
Copy link

sonarclouddev14 bot commented Sep 29, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarclouddev10
Copy link

sonarclouddev10 bot commented Sep 29, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarclouddev6
Copy link

sonarclouddev6 bot commented Sep 29, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarclouddev13
Copy link

sonarclouddev13 bot commented Sep 30, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-cloud-staging
Copy link

sonarqube-cloud-staging bot commented Oct 3, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarclouddev6
Copy link

sonarclouddev6 bot commented Oct 9, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-cloud-dev19
Copy link

sonarqube-cloud-dev19 bot commented Oct 15, 2025

🤖 Pull Request summary

SECURITY CRITICAL - Configuration file with exposed credentials added.

• New Config.js file created with Firebase configuration object
• AWS access key ID hardcoded in plaintext variable
• Firebase API keys and project settings exposed in source code

⚠️ IMMEDIATE ATTENTION REQUIRED: This PR contains hardcoded secrets that must be moved to environment variables or secure config management before merging. All exposed credentials should be rotated.

💬 Please send your feedback

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-cloud-dev17
Copy link

sonarqube-cloud-dev17 bot commented Oct 21, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarclouddev5
Copy link

sonarclouddev5 bot commented Oct 23, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-cloud-dev19
Copy link

sonarqube-cloud-dev19 bot commented Oct 23, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarclouddev7
Copy link

sonarclouddev7 bot commented Nov 3, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

1 similar comment
@sonarclouddev7
Copy link

sonarclouddev7 bot commented Nov 7, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-cloud-dev17
Copy link

sonarqube-cloud-dev17 bot commented Nov 10, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@claire-villard-sonarsource