Skip to content

Update stickyScrollModelProvider.ts#1

Open
LironJit wants to merge 1 commit intomainfrom
fake-secrets
Open

Update stickyScrollModelProvider.ts#1
LironJit wants to merge 1 commit intomainfrom
fake-secrets

Conversation

@LironJit
Copy link
Owner

@LironJit LironJit commented Sep 22, 2024

No description provided.

jit-ci[bot]
jit-ci bot reviewed Sep 22, 2024
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 3 important findings in this PR that you should review.
The findings are detailed below as separate comments.
It’s highly recommended that you fix these security issues before merge.

src/vs/editor/contrib/stickyScroll/browser/stickyScrollModelProvider.ts

const MAILGUN_API = 'key-LPxoYCANGEFkAMHBur4jTjbZ69ngpdbI'

const GITHUB_PAT_ONE = 'ghp_00a00aDDAg111xaAA7nAA0AalMspJB0tNaaa'
Copy link

@jit-ci jit-ci bot Sep 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Github-Pat

Description: Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "github-pat" in src/vs/editor/contrib/stickyScroll/browser/stickyScrollModelProvider.ts; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

src/vs/editor/contrib/stickyScroll/browser/stickyScrollModelProvider.ts
}
}

const AWS_KEY_ONE = 'AKIAIWSXFHRM7F6Z3NWQ'
Copy link

@jit-ci jit-ci bot Sep 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Aws-Access-Token

Description: Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "aws-access-token" in src/vs/editor/contrib/stickyScroll/browser/stickyScrollModelProvider.ts; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

src/vs/editor/contrib/stickyScroll/browser/stickyScrollModelProvider.ts

const AWS_KEY_ONE = 'AKIAIWSXFHRM7F6Z3NWQ'

const TWILIO_API = 'SK5d1d319A6Acf7EC9BDeDb8CCe4D76BA8'
Copy link

@jit-ci jit-ci bot Sep 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Secret Detection

Type: Twilio-Api-Key

Description: Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data.

Severity: HIGH

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_ignore_type_in_file Ignore any finding of type "twilio-api-key" in src/vs/editor/contrib/stickyScroll/browser/stickyScrollModelProvider.ts; future occurrences will also be ignored.
  • #jit_undo_ignore Undo ignore command

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jit-ci jit-ci[bot] jit-ci[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LironJit