Generic Key was found in the code of a public repository

[ox-barazouri]

• Category: Secret/PII Scan
• Policy Name: Secret in code
• Application Name: oxsecurity/MaskerLogger
• Fix Link:
• Click here to see details in OX App:

Issue Description:

A key for a system was discovered. Unfortunately, we were unable to determine the system/app the key was generated from. Manual identification and investigation of the key is required to determine the actual risk.

Recommendations:

Please verify if the Generic Key in the code is in use. Then do the following:

1. If the secret is in use, please revoke it.
2. Moving forward, store secrets in an environment variable or secret manager.
3. Change the code to access secrets using the method chosen above.

WARNING: The found Generic Key will still be visible in the Git History. Ensure it is revoked/disabled.

Aggregations:

File	Line	Match	Commit By	Open ticket day	Commit Message	Type	Merged by	Reviewers	Commit Date	Location	Parameter	Test	CVSS	Alert Link
maskerlogger/secrets_in_logs_example.py	21	logger.info('"current_key": "AIzaSOHbouG6DDa6DOc*******************"', extra=SKIP_MASK) # noqa	Tamar Galer [email protected]		add option to set fix masking len Signed-off-by: Tamar Galer <[email protected]>				2024-07-10 19:26:52