github_secrets.py is added
bhavya1857 opened this issue · 2 comments
Issue Description:
The problem initially was that the GITHUB_API_TOKEN and USERNAME variables were hard-coded into the github_secrets.py file. This means that anyone who had access to the file would be able to see the GitHub personal access token and username.
To fix this problem, I suggested changing the GITHUB_API_TOKEN and USERNAME variables to environment variables. This means that the GitHub personal access token and username would be stored in the environment and not in the file. This makes the code more secure because only the people who have access to the environment variables will be able to see the GitHub personal access token and username.
I also suggested adding comments to the code to explain what each line does. This makes the code easier to read and understand.
Finally, I suggested indenting the code by four spaces. This makes the code easier to read and understand. Moreover the github_secrets.py was missing
Expected Behavior:
The new changed code would get the GitHub personal access token and username from the environment, instead of hard-coding them into the file. This makes the code more secure because only the people who have access to the environment variables will be able to see the GitHub personal access token and username.
The code would also print the GitHub personal access token and username to the console. This is useful for debugging purposes.
Current Behavior:
If we don't implement the changes I suggested, then the GITHUB_API_TOKEN and USERNAME variables would still be hard-coded into the github_secrets.py file. This means that anyone who had access to the file would be able to see the GitHub personal access token and username.
This would be a security risk because anyone who could access the file could use the GitHub personal access token and username to access your GitHub account. They could then use your account to make changes to your repositories, create new repositories, or delete repositories.
In addition, if the file were to be leaked or compromised, anyone who could access it would be able to see your GitHub personal access token and username. This could be used to impersonate you on GitHub or to steal your identity.
Therefore, it is important to implement the changes I suggested to make the code more secure.
Labels:
new file added
i have done the PR for this already
link the PRs please.