Hard coded credentials detected
anugu-vijaykanth opened this issue · 1 comments
anugu-vijaykanth commented
Stratos Version
4.4.0
Frontend Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- npm run start
- Other (please specify below)
Backend (Jet Stream) Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- Other (please specify below)
Expected behaviour
Remove all hardcoded passwords from the source code.
Actual behaviour
The detected Golang code has hardcoded credentials or secrets. This information could be used to break into the account if an an attacker or a malicious internal employee gains access to the code base.
Example Code
password := MySecretPassword
Steps to reproduce the behavior
cfmr-ui\src\jetstream\repository\interfaces\auth.go:7
cfmr-ui\src\jetstream\repository\interfaces\structs.go:92
cfmr-ui\src\jetstream\setup_console.go:228
cfmr-ui\src\jetstream\plugins\kubernetes\auth\basic_auth.go:14
cfmr-ui\src\jetstream\plugins\metrics\main.go:156
cfmr-ui\src\jetstream\plugins\metrics\main.go:157
Log output covering before error and any error statements
Insert log hereCopy
Detailed Description
Hard coded credentials found in the code.
Context
Possible Implementation
anugu-vijaykanth commented
deleting it