Skip to content

Add Google API keys in AG001#14

Open
bashirokk wants to merge 2 commits into
amic25:mainfrom
bashirokk:main
Open

Add Google API keys in AG001#14
bashirokk wants to merge 2 commits into
amic25:mainfrom
bashirokk:main

Conversation

@bashirokk

Copy link
Copy Markdown

What changed

Added detection for hard coded Google API key to the existing rules. Previous covered OpenAI, AWS, GitHub but not Google.

Threat model or motivation

Trust Boundary: Source code should never contain secrets such as Google API keys. Google API keys follow a fixed format that is easy to regex and should have a low false positive rate. Test have been added to detect false postives.

Validation

  • Tests cover vulnerable and safe cases
  • make check passes
  • Documentation/changelog updated when behavior changed
  • Fixtures contain no real credentials or private data

Related issue

Closes #8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Detect Google API keys in AG001

1 participant