Create ThresholdTest.py #37
Conversation
![cycode-security[bot]](https://avatars.githubusercontent.com/in/39308?s=60&v=4){kind=small}
| PASSWORD = 'opensaysme' | ||
|
|
||
| # Generic application secret | ||
| APP_SECRET = 'ttn9Jb9ep2U4KvG9hq6e' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 99%
SHA: d46b3ef538
Description
A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| APP_SECRET = 'ttn9Jb9ep2U4KvG9hq6e' | ||
|
|
||
| # Generic api key | ||
| API_KEY = 'SGwJgqnZYzH945UBWnauBuKXKLEhq5Le' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Base64 Entropy' was found.
Severity: Medium
SHA: d8d189fd80
Description
The Base64 Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within base64-encoded text.. Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string format
Cycode Remediation Guideline
❗ How to revoke
- Identify the source and purpose of the Base64-encoded secret.
- Decode the Base64 string to understand the original secret.
- Determine the type of secret (e.g., API key, password) and the service it is associated with.
- Access the service or system where the secret is used.
- Revoke or delete the original secret from the service or system.
- Generate a new secret to replace the revoked one.
- Encode the new secret in Base64 if required by the application.
- Update the application or system configuration with the new Base64-encoded secret.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| REDIS_PASSWORD = 'redis' | ||
|
|
||
| # Generic weak postgres password | ||
| POSTGRES_PASSWORD = 'postgres' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 93%
SHA: a942b37ccf
Description
A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| # Stripe | ||
| ## Stripe Secret Key | ||
| STRIPE_SECRET_KEY = 'sk_live_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 95%
SHA: c20a389198
Description
A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| # Square | ||
| ## Square Access Token | ||
| SQUARE_ACCESS_TOKEN = 'sqOatp-TDt6aBq8Z_Oup1JezKC1cK' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 98%
SHA: cb7a881768
Description
A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| # Twilio | ||
| ## Twilio API Key | ||
| VAR_26 = 'SK5d1d319A6Acf7EC9BDeDb8CCe4D76BA8' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Twilio Api Key' was found.
Severity: High
SHA: 8a6d5eb92f
Description
Twilio is a communication platform that allows businesses to build, scale, and manage communication systems. To use the Twilio API, an API key is required
Cycode Remediation Guideline
❗ How to revoke
- Log in to the Twilio Console.
- Navigate to the "API Keys" section under "Account" settings.
- Identify the compromised API key.
- Click on the API key to view its details.
- Click the "Delete" button to revoke the API key.
- Generate a new API key by clicking the "Create new API key" button.
- Update your application to use the new API key.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| ## Twilio API Key | ||
|
|
||
| TWILIO_ACCOUNT_SID = 'ACXvJ0lkU-BhvkmBkZPUWAxExvPSF6s5En' | ||
| TWILIO_APP_SID = 'APNLX3uzXotXDUKvurSeS95o8O3RpYuuy6' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Artifactory Password' was found.
Severity: Critical
SHA: 95b3445067
Description
An Artifactory password is a secret password that is used to authenticate a user's access to an Artifactory instance, a repository manager for storing, managing, and distributing binary artifacts such as JARs and Docker images
Cycode Remediation Guideline
❗ How to revoke
- Log in to the Artifactory instance with an account that has administrative privileges.
- Navigate to the "Admin" tab and select "Users" under the "Security" section.
- Locate the user account associated with the compromised password.
- Change the password for the user account to a new, strong password.
- Inform the user of the password change and provide them with the new password securely.
- Review and update any systems or scripts that were using the old password to use the new password.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| # Github | ||
| ## Github Personal Access Token | ||
| GITHUB_KEY = '88df97769ab3185f2c0b2a73fdae1b27d89409ca' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Hex Entropy' was found.
Severity: Medium
SHA: 3dce0a45c9
Description
The Hex Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within Hex text.. Hexadecimal, or "hex," is a base-16 numbering system that uses the digits 0-9 and the letters A-F to represent numbers
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| ## Github OAuth App | ||
| GITHUB_OAUTH_CLIENT_ID = '2d7d90e5719c63788b50' | ||
| GITHUB_OAUTH_SECRET = '74e7e1837a98c7e0e4cd7fcf8b955894465964ec' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Hex Entropy' was found.
Severity: Medium
SHA: d9ca94ac5c
Description
The Hex Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within Hex text.. Hexadecimal, or "hex," is a base-16 numbering system that uses the digits 0-9 and the letters A-F to represent numbers
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| AWS_ACCESS_SECRET_KEY = 'UpUbsQANRHLf2uuQ7QOlNXPbbtV5fmseW/GgT5D/' | ||
|
|
||
| ## AWS MWS Auth Token | ||
| MWS_AUTH_TOKEN = 'amzn.mws.f90f3ce6-9b5a-26a7-9a87-4ff8052be2ec' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Amazon Mws Auth Token' was found.
Severity: Critical
SHA: 07e24883f2
Description
Amazon Marketplace Web Service (MWS) is a collection of APIs that allow sellers to programmatically exchange data on orders, payments, and more with Amazon. The MWS Auth Token is a unique identifier that is used to authenticate the seller's account when making API calls.
Cycode Remediation Guideline
❗ How to revoke
- Log in to your Amazon MWS account.
- Navigate to the "User Permissions" section.
- Locate the application or user associated with the MWS Auth Token.
- Revoke the MWS Auth Token by removing the application's access or deleting the user.
- Generate a new MWS Auth Token if continued access is required.
- Update your applications and systems with the new MWS Auth Token.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| # AWS | ||
| ## AWS Access Key ID | ||
| VAR_1 = 'AKIAIWSXFHRM7F6Z3NWQ' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Aws Access Key Id' was found.
Severity: Low
SHA: 552db608ee
Description
An AWS (Amazon Web Services) access key ID is a unique identifier that is used to authenticate and authorize access to the AWS Management Console and the various AWS services and resources. An AWS access key ID consists of two parts: an access key ID and a secret access key.
Cycode Remediation Guideline
❗ How to revoke
- Sign in to the AWS Management Console.
- Navigate to the IAM (Identity and Access Management) dashboard.
- Select "Users" from the navigation pane.
- Choose the user whose access key needs to be revoked.
- Click on the "Security credentials" tab.
- Locate the access key ID that needs to be revoked.
- Click on the "Make inactive" button next to the access key ID.
- Confirm the action to deactivate the access key.
- Click on the "Delete" button next to the inactive access key ID.
- Confirm the deletion of the access key.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| GCP_PRIVATE_KEY = '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChoGF4j4AUnAfj\nbVGP/tSJqAyeYiZfOf4UCwd9+B/2oej3rsiuZmx506kuWVN4Jhg8UocLn5l/OfqU\n2MyV3Mq5VjtGQjYWF7a/Y04yEMRWf+spiJp1iYGS1vTOVjuyYyMa9h+8sbDiBFAD\nBcZejB4FQHxstFtmlnehf7cieMLTa3Wezv8LX8pH0q+pEynuvusQkhe8uPmjUsuo\nWG5W5CgVchQVzQf9eB5xtyt85t6VozMvAEI4h+WwZRdn+EWrQi+z8A8vXF7iUDmu\n2lpypLExcZBrZINMh8ecs8B34JNIYzO4Hod7RB4IwXN8PG/5RHlb7qQbzXSxir2B\n17gPPf8JAgMBAAECggEAHbkdG7sGIqQkJjypInpKc0tKkMj7hgkn8t8pYE7kb+qM\nKZqE0N/IpKnaY8ntGfwlelhx+d7+r0FGFh/9lbTOOkHDslLEWBFB3BYC4B2pwb+S\nC2gSAboJMGwkBpsgrNhi8RcgtIaYASSqYzfpaGNLtQsMJsCPS4Ex3GscjnQXXiJK\n5MExF8VYZVvT8Hq2lvECUpFMTWwM2o/QndwjLrEq/vRI3n7PmweXZGKgLuyOjpWk\ny80qa/IUlB6xO4XHvjnaEGxRq1LSF8hgEGU2Nmd8GDRT5ZLkSk+TMtqPrEbHEi6n\n4pZGndX0XmttWkKcUX/NwB/WZC5ROEsUl8Fyw+T5RQKBgQDMfgFB6Xx+Na2iB33w\nkhzNxo4HPCJzxeAB0zCRpfDpM1GtqK6JsIxvrci5lDAKaP8TQTr/gQxXpbJjE1Dl\n3VWGzFbW4czSw+AqBFl1he20RZhGjATcDCCzSOyEiRhqoJwTPTvqcXRK8NbKGfJR\nV6b4Auw+McNhnEUyfrZzguV93QKBgQDKVlLPhb4O84mINKFK73QFf2xlns0IHI0m\nWqNvY7HxJP9WUH5FgX4r/cO6aIafg+u5j0gNPDd2JD67htnY85EH/n5KNhb9ytsN\n+hkDeidFvdOrD+h9YFHkNoNy3XHwrQ0mtYRj2FBWhhpBsVlHVO2KcLe0TvivinN2\nfIac2uZhHQKBgAYE23KeNbzdRZwUTl+rXU+tPXb3DSiNNXe4SKCw2rNygD/1TBXf\nbXLIEbVsqDFWP9PIQr1Mhhl6VhLWebYaWq8aCqBOiyHVBB8Ye62a4JFCzyWcb3Qu\nozPDvLp18pMI4S8ryTywVDT0e839D4XXZ6G7LEr0WgTgfaTr1+D0hF69AoGBAKIQ\nxKGeAV6eaOGlLjAEXgztRFic+qLto409+jyFQQji1nY/YPSxROtdhkGv6WypUM0/\nW7nmKpJBc9HmsGUaqmcZy/QLIR1FN3IZiaGEXSJ6aqlQw6pw1QcTNvRxNQtOwQLp\nT1Jd9/Nl1HAb6mO9PcqugCY3Pu/z2InmMjg/CVptAoGAMpwMsoen4xEHv4uGZVt8\n8wlvQ2fYnso4wgRSYAkjh8cOHjB85eazlSAsaJvmQ9D1rV086Re5zKxKjrjQWdaT\nRMyIZJMJYZr6c8RKmabOfO1oc5urDdETQjGi3qXJuiu86wp7IoBINdmBEPRl6+m3\nGqJA6hgV5niKAq4sJtv9EW4=\n-----END PRIVATE KEY-----\n' | ||
|
|
||
| ## Google API Key | ||
| GOOGLE_API_KEY = 'AIzaSyBUPHAjZl3n8Eza66ka6B78iVyPteC5MgM' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Google Cloud Api Key' was found.
Severity: Critical
SHA: b87fff7f2a
Description
Google Cloud is a suite of cloud computing services that allows businesses to build, deploy, and manage applications and infrastructure on the Google Cloud Platform. To use the Google Cloud API, a Google Cloud API key is required
Cycode Remediation Guideline
❗ How to revoke
- Go to the Google Cloud Console.
- Navigate to the "APIs & Services" section.
- Select "Credentials" from the sidebar.
- Locate the API key you need to revoke.
- Click on the trash icon next to the API key to delete it.
- Confirm the deletion when prompted.
- Generate a new API key if needed and update your applications with the new key.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| SLACK_CLIENT_SECRET = 'f90dd63cdcb13662a6f4b008081c1524' | ||
|
|
||
| ## Slack Signing Secret | ||
| SLACK_SIGNING_SECRET = 'f0c8970d9c172fb35ec4c71aa536d401' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Hex Entropy' was found.
Severity: Medium
SHA: 17c7daf6a5
Description
The Hex Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within Hex text.. Hexadecimal, or "hex," is a base-16 numbering system that uses the digits 0-9 and the letters A-F to represent numbers
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| ## GCP Credentials | ||
| GCP_PRIVATE_KEY_ID = 'c4c474d61701fd6fd4191883b8fea9a8411bf771' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'GCP Service Account Private Key Id' was found.
Severity: Low
SHA: c3c4c0ae73
Description
GCP service account private key ID, is a unique identifier assigned to a specific private key file, created when generating new service account keys (a public/private key pair). This ID is primarily used by administrators to distinguish between multiple keys for the same service account, aiding in key management tasks like auditing, rotation, and deletion.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| VAR_14 = 'f90dd63cdcb13662a6f4b008081c1524' | ||
|
|
||
| ## Slack Signing Secret | ||
| VAR_15 = 'f0c8970d9c172fb35ec4c71aa536d401' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Hex Entropy' was found.
Severity: Medium
SHA: 17c7daf6a5
Description
The Hex Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within Hex text.. Hexadecimal, or "hex," is a base-16 numbering system that uses the digits 0-9 and the letters A-F to represent numbers
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| ## GCP Credentials | ||
| VAR_4 = 'c4c474d61701fd6fd4191883b8fea9a8411bf771' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'GCP Service Account Private Key Id' was found.
Severity: Low
SHA: c3c4c0ae73
Description
GCP service account private key ID, is a unique identifier assigned to a specific private key file, created when generating new service account keys (a public/private key pair). This ID is primarily used by administrators to distinguish between multiple keys for the same service account, aiding in key management tasks like auditing, rotation, and deletion.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| DATABASE_PASSWORD = 'GYW2mMmpG327BtrdTnUL' | ||
|
|
||
| # Generic weak redis password | ||
| REDIS_PASSWORD = 'redis' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 93%
SHA: 34fb46c847
Description
A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| VAR_1 = 'AKIAIWSXFHRM7F6Z3NWQ' | ||
|
|
||
| ## AWS Secret Access Key | ||
| VAR_2 = 'UpUbsQANRHLf2uuQ7QOlNXPbbtV5fmseW/GgT5D/' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Base64 Entropy' was found.
Severity: Medium
SHA: 1fcb262aa3
Description
The Base64 Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within base64-encoded text.. Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string format
Cycode Remediation Guideline
❗ How to revoke
- Identify the source and purpose of the Base64-encoded secret.
- Decode the Base64 string to understand the original secret.
- Determine the type of secret (e.g., API key, password) and the service it is associated with.
- Access the service or system where the secret is used.
- Revoke or delete the original secret from the service or system.
- Generate a new secret to replace the revoked one.
- Encode the new secret in Base64 if required by the application.
- Update the application or system configuration with the new Base64-encoded secret.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| VAR_2 = 'UpUbsQANRHLf2uuQ7QOlNXPbbtV5fmseW/GgT5D/' | ||
|
|
||
| ## AWS MWS Auth Token | ||
| VAR_3 = 'amzn.mws.f90f3ce6-9b5a-26a7-9a87-4ff8052be2ec' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Amazon Mws Auth Token' was found.
Severity: Critical
SHA: 07e24883f2
Description
Amazon Marketplace Web Service (MWS) is a collection of APIs that allow sellers to programmatically exchange data on orders, payments, and more with Amazon. The MWS Auth Token is a unique identifier that is used to authenticate the seller's account when making API calls.
Cycode Remediation Guideline
❗ How to revoke
- Log in to your Amazon MWS account.
- Navigate to the "User Permissions" section.
- Locate the application or user associated with the MWS Auth Token.
- Revoke the MWS Auth Token by removing the application's access or deleting the user.
- Generate a new MWS Auth Token if continued access is required.
- Update your applications and systems with the new MWS Auth Token.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| POSTGRES_PASSWORD = 'postgres' | ||
|
|
||
| # Generic weak password | ||
| PASSWORD = 'opensaysme' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Generic Password' was found.
Severity: Medium
Confidence Score: 94%
SHA: 57afd97120
Description
A generic secret or password is an authentication token used to access a computer or application and is assigned to a password variable.
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| # Slack | ||
| ## Slack App | ||
| SLACK_CLIENT_ID = '730191371696.1410179799078' | ||
| SLACK_CLIENT_SECRET = 'f90dd63cdcb13662a6f4b008081c1524' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Hex Entropy' was found.
Severity: Medium
SHA: c1caed60bd
Description
The Hex Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within Hex text.. Hexadecimal, or "hex," is a base-16 numbering system that uses the digits 0-9 and the letters A-F to represent numbers
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| VAR_17 = 'xoxb-730191371696-1413868247813-IG7Z6nYevC2hdviE3aJhb5kY' | ||
|
|
||
| ## Slack Webhook | ||
| VAR_18 = 'https://hooks.slack.com/services/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' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Slack Webhook' was found.
Severity: Medium
SHA: a9df3fdc16
Description
A Slack webhook is a way to send a message to a Slack channel or conversation using the Slack API. Webhooks allow you to send data to a Slack channel or conversation using a simple HTTP request, without the need for a user to be present in the channel or to have a Slack bot or app installed.
Cycode Remediation Guideline
❗ How to revoke
- Navigate to the Slack App management page.
- Locate the app associated with the webhook.
- Delete the webhook URL or the entire app if no longer needed.
- Create a new webhook URL if necessary.
- Update any systems or scripts to use the new webhook URL.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| # Github | ||
| ## Github Personal Access Token | ||
| VAR_8 = '88df97769ab3185f2c0b2a73fdae1b27d89409ca' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Hex Entropy' was found.
Severity: Medium
SHA: 3dce0a45c9
Description
The Hex Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within Hex text.. Hexadecimal, or "hex," is a base-16 numbering system that uses the digits 0-9 and the letters A-F to represent numbers
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| SLACK_OAUTH_ACCESS_TOKEN = 'xoxb-730191371696-1413868247813-IG7Z6nYevC2hdviE3aJhb5kY' | ||
|
|
||
| ## Slack Webhook | ||
| SLACK_WEBHOOK = 'https://hooks.slack.com/services/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' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Slack Webhook' was found.
Severity: Medium
SHA: a9df3fdc16
Description
A Slack webhook is a way to send a message to a Slack channel or conversation using the Slack API. Webhooks allow you to send data to a Slack channel or conversation using a simple HTTP request, without the need for a user to be present in the channel or to have a Slack bot or app installed.
Cycode Remediation Guideline
❗ How to revoke
- Navigate to the Slack App management page.
- Locate the app associated with the webhook.
- Delete the webhook URL or the entire app if no longer needed.
- Create a new webhook URL if necessary.
- Update any systems or scripts to use the new webhook URL.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| AWS_ACCESS_KEY_ID = 'AKIAIWSXFHRM7F6Z3NWQ' | ||
|
|
||
| ## AWS Secret Access Key | ||
| AWS_ACCESS_SECRET_KEY = 'UpUbsQANRHLf2uuQ7QOlNXPbbtV5fmseW/GgT5D/' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Aws Secret Access Key' was found.
Severity: Critical
SHA: 1fcb262aa3
Description
Alongside with with an AWS access key , the AWS secret access key is a string of characters that is used in to sign and authenticate requests to AWS service
Cycode Remediation Guideline
❗ How to revoke
- Sign in to the AWS Management Console.
- Navigate to the IAM (Identity and Access Management) service.
- Select "Users" from the navigation pane.
- Choose the user whose secret access key you need to revoke.
- Click on the "Security credentials" tab.
- Find the access key associated with the secret access key.
- Click "Deactivate" next to the access key.
- Click "Delete" to permanently remove the access key.
- Generate a new access key and secret access key if needed.
- Update any applications or services with the new access key and secret access key.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| ## Github App | ||
| GITHUB_CLIENT_ID = 'Iv1.3e3354ce147fd412' | ||
| GITHUB_APP_SECRET = '895b1da4051440395f90e1411c4a1150e423c922' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Hex Entropy' was found.
Severity: Medium
SHA: 6143cb6aa4
Description
The Hex Entropy is designed to identify any strings with high entropy that are assigned to sensitive variables within Hex text.. Hexadecimal, or "hex," is a base-16 numbering system that uses the digits 0-9 and the letters A-F to represent numbers
Company Remediation Guideline
Please see http://www.espn.com for more info
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
|
|
||
| # AWS | ||
| ## AWS Access Key ID | ||
| AWS_ACCESS_KEY_ID = 'AKIAIWSXFHRM7F6Z3NWQ' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Aws Access Key Id' was found.
Severity: Low
SHA: 552db608ee
Description
An AWS (Amazon Web Services) access key ID is a unique identifier that is used to authenticate and authorize access to the AWS Management Console and the various AWS services and resources. An AWS access key ID consists of two parts: an access key ID and a secret access key.
Cycode Remediation Guideline
❗ How to revoke
- Sign in to the AWS Management Console.
- Navigate to the IAM (Identity and Access Management) dashboard.
- Select "Users" from the navigation pane.
- Choose the user whose access key needs to be revoked.
- Click on the "Security credentials" tab.
- Locate the access key ID that needs to be revoked.
- Click on the "Make inactive" button next to the access key ID.
- Confirm the action to deactivate the access key.
- Click on the "Delete" button next to the inactive access key ID.
- Confirm the deletion of the access key.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
| VAR_5 = '-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQChoGF4j4AUnAfj\nbVGP/tSJqAyeYiZfOf4UCwd9+B/2oej3rsiuZmx506kuWVN4Jhg8UocLn5l/OfqU\n2MyV3Mq5VjtGQjYWF7a/Y04yEMRWf+spiJp1iYGS1vTOVjuyYyMa9h+8sbDiBFAD\nBcZejB4FQHxstFtmlnehf7cieMLTa3Wezv8LX8pH0q+pEynuvusQkhe8uPmjUsuo\nWG5W5CgVchQVzQf9eB5xtyt85t6VozMvAEI4h+WwZRdn+EWrQi+z8A8vXF7iUDmu\n2lpypLExcZBrZINMh8ecs8B34JNIYzO4Hod7RB4IwXN8PG/5RHlb7qQbzXSxir2B\n17gPPf8JAgMBAAECggEAHbkdG7sGIqQkJjypInpKc0tKkMj7hgkn8t8pYE7kb+qM\nKZqE0N/IpKnaY8ntGfwlelhx+d7+r0FGFh/9lbTOOkHDslLEWBFB3BYC4B2pwb+S\nC2gSAboJMGwkBpsgrNhi8RcgtIaYASSqYzfpaGNLtQsMJsCPS4Ex3GscjnQXXiJK\n5MExF8VYZVvT8Hq2lvECUpFMTWwM2o/QndwjLrEq/vRI3n7PmweXZGKgLuyOjpWk\ny80qa/IUlB6xO4XHvjnaEGxRq1LSF8hgEGU2Nmd8GDRT5ZLkSk+TMtqPrEbHEi6n\n4pZGndX0XmttWkKcUX/NwB/WZC5ROEsUl8Fyw+T5RQKBgQDMfgFB6Xx+Na2iB33w\nkhzNxo4HPCJzxeAB0zCRpfDpM1GtqK6JsIxvrci5lDAKaP8TQTr/gQxXpbJjE1Dl\n3VWGzFbW4czSw+AqBFl1he20RZhGjATcDCCzSOyEiRhqoJwTPTvqcXRK8NbKGfJR\nV6b4Auw+McNhnEUyfrZzguV93QKBgQDKVlLPhb4O84mINKFK73QFf2xlns0IHI0m\nWqNvY7HxJP9WUH5FgX4r/cO6aIafg+u5j0gNPDd2JD67htnY85EH/n5KNhb9ytsN\n+hkDeidFvdOrD+h9YFHkNoNy3XHwrQ0mtYRj2FBWhhpBsVlHVO2KcLe0TvivinN2\nfIac2uZhHQKBgAYE23KeNbzdRZwUTl+rXU+tPXb3DSiNNXe4SKCw2rNygD/1TBXf\nbXLIEbVsqDFWP9PIQr1Mhhl6VhLWebYaWq8aCqBOiyHVBB8Ye62a4JFCzyWcb3Qu\nozPDvLp18pMI4S8ryTywVDT0e839D4XXZ6G7LEr0WgTgfaTr1+D0hF69AoGBAKIQ\nxKGeAV6eaOGlLjAEXgztRFic+qLto409+jyFQQji1nY/YPSxROtdhkGv6WypUM0/\nW7nmKpJBc9HmsGUaqmcZy/QLIR1FN3IZiaGEXSJ6aqlQw6pw1QcTNvRxNQtOwQLp\nT1Jd9/Nl1HAb6mO9PcqugCY3Pu/z2InmMjg/CVptAoGAMpwMsoen4xEHv4uGZVt8\n8wlvQ2fYnso4wgRSYAkjh8cOHjB85eazlSAsaJvmQ9D1rV086Re5zKxKjrjQWdaT\nRMyIZJMJYZr6c8RKmabOfO1oc5urDdETQjGi3qXJuiu86wp7IoBINdmBEPRl6+m3\nGqJA6hgV5niKAq4sJtv9EW4=\n-----END PRIVATE KEY-----\n' | ||
|
|
||
| ## Google API Key | ||
| VAR_6 = 'AIzaSyBUPHAjZl3n8Eza66ka6B78iVyPteC5MgM' |
There was a problem hiding this comment.
❗Cycode: Secret of type: 'Google Cloud Api Key' was found.
Severity: Critical
SHA: b87fff7f2a
Description
Google Cloud is a suite of cloud computing services that allows businesses to build, deploy, and manage applications and infrastructure on the Google Cloud Platform. To use the Google Cloud API, a Google Cloud API key is required
Cycode Remediation Guideline
❗ How to revoke
- Go to the Google Cloud Console.
- Navigate to the "APIs & Services" section.
- Select "Credentials" from the sidebar.
- Locate the API key you need to revoke.
- Click on the trash icon next to the API key to delete it.
- Confirm the deletion when prompted.
- Generate a new API key if needed and update your applications with the new key.
Tell us what how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_secret_false_positive | Applies to this secret value for all repos in your organization |
| #cycode_secret_revoked | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_everywhere <reason> | Applies to this secret value for all repos in your organization |
| #cycode_secret_ignore_here <reason> | Applies to this request only |
No description provided.