Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(openapi): New OpenAPI check CKV_OPENAPI_20 #5253

Merged
merged 9 commits into from
Jul 4, 2023
Merged

feat(openapi): New OpenAPI check CKV_OPENAPI_20 #5253

merged 9 commits into from
Jul 4, 2023

Conversation

tsmithv11
Copy link
Collaborator

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

New check for exposed API keys

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@gruebel gruebel temporarily deployed to scan-security June 27, 2023 14:23 — with GitHub Actions Inactive
JamesWoolfenden
JamesWoolfenden approved these changes Jun 29, 2023
View reviewed changes
Copy link
Contributor

@JamesWoolfenden JamesWoolfenden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gruebel gruebel temporarily deployed to scan-security July 3, 2023 18:52 — with GitHub Actions Inactive
gruebel
gruebel approved these changes Jul 3, 2023
View reviewed changes
Copy link
Contributor

@gruebel gruebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏖️

@gruebel gruebel merged commit 787abad into main Jul 4, 2023
32 checks passed
@gruebel gruebel deleted the openapi-checks-jun23 branch July 4, 2023 07:03
gruebel added a commit to gruebel/checkov that referenced this pull request Jul 5, 2023
@tsmithv11 @JamesWoolfenden
@gruebel @actions-user
feat(openapi): New OpenAPI check CKV_OPENAPI_20 (bridgecrewio#5253)
e5df99e 
* New OpenAPI check

* Fix flake

* Update ClearTextAPIKey.py

* Update ClearTextAPIKey.py

* fix mypy

* Fix mypy

* change folder name

* improve check logic

---------

Co-authored-by: James Woolfenden <[email protected]>
Co-authored-by: gruebel <[email protected]>
gruebel added a commit to gruebel/checkov that referenced this pull request Jul 5, 2023
@tsmithv11 @JamesWoolfenden
@gruebel @actions-user
feat(openapi): New OpenAPI check CKV_OPENAPI_20 (bridgecrewio#5253)
2a7bc82 
* New OpenAPI check

* Fix flake

* Update ClearTextAPIKey.py

* Update ClearTextAPIKey.py

* fix mypy

* Fix mypy

* change folder name

* improve check logic

---------

Co-authored-by: James Woolfenden <[email protected]>
Co-authored-by: gruebel <[email protected]>
@dizer
Copy link

dizer commented Jul 5, 2023

Hey there! I'm curious about why these keys are considered more exposed compared to oauth2 keys. It would be great if you could provide some insight into the reasoning behind this change. Thanks!

@ziggythehamster ziggythehamster mentioned this pull request Jul 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JamesWoolfenden JamesWoolfenden JamesWoolfenden approved these changes

@gruebel gruebel gruebel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tsmithv11 @dizer @JamesWoolfenden @gruebel