Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

security rules: June 2024 Update #610

Merged
merged 1 commit into from
Jun 1, 2024
Merged

security rules: June 2024 Update #610

merged 1 commit into from
Jun 1, 2024

Conversation

thypon
Copy link
Member

@thypon thypon commented Jun 1, 2024

@ nonfree.audit (+1, -14)
+ go.gorilla.security.audit.session-cookie-samesitenone.session-cookie-samesitenone
- generic.secrets.security.detected-github-token.detected-github-token
- generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account
- generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token
- generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key
- generic.secrets.security.detected-hockeyapp.detected-hockeyapp
- generic.secrets.security.detected-jwt-token.detected-jwt-token
- generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key
- generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key
- generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key
- generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token
- generic.secrets.security.detected-outlook-team.detected-outlook-team
- generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token
- generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block
- go.lang.security.audit.net.use-tls.use-tls
@ nonfree.others (+0, -0)
@ nonfree.security_noaudit_novuln (+0, -0)
@ nonfree.vulns (+7, -0)
+ php.lang.security.injection.printed-request.printed-request
+ solidity.security.missing-self-transfer-check-ercx.missing-self-transfer-check-ercx
+ yaml.openapi.security.use-of-basic-authentication.use-of-basic-authentication
+ python.twilio.security.twiml-injection.twiml-injection
+ generic.secrets.gitleaks.cloudflare-global-api-key.cloudflare-global-api-key
+ generic.secrets.gitleaks.cloudflare-api-key.cloudflare-api-key
+ generic.secrets.gitleaks.cloudflare-origin-ca-key.cloudflare-origin-ca-key
@ oss.audit (+0, -0)
@ oss.others (+1, -0)
+ mobsf.mobsfscan.webview.webview_allow_file_from_url.webview_allow_file_from_url
@ oss.security_noaudit_novuln (+0, -0)
@ oss.vulns (+0, -0)

```
@ nonfree.audit (+1, -14)
+ go.gorilla.security.audit.session-cookie-samesitenone.session-cookie-samesitenone
- generic.secrets.security.detected-github-token.detected-github-token
- generic.secrets.security.detected-google-gcm-service-account.detected-google-gcm-service-account
- generic.secrets.security.detected-google-oauth-access-token.detected-google-oauth-access-token
- generic.secrets.security.detected-heroku-api-key.detected-heroku-api-key
- generic.secrets.security.detected-hockeyapp.detected-hockeyapp
- generic.secrets.security.detected-jwt-token.detected-jwt-token
- generic.secrets.security.detected-kolide-api-key.detected-kolide-api-key
- generic.secrets.security.detected-mailchimp-api-key.detected-mailchimp-api-key
- generic.secrets.security.detected-mailgun-api-key.detected-mailgun-api-key
- generic.secrets.security.detected-npm-registry-auth-token.detected-npm-registry-auth-token
- generic.secrets.security.detected-outlook-team.detected-outlook-team
- generic.secrets.security.detected-paypal-braintree-access-token.detected-paypal-braintree-access-token
- generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block
- go.lang.security.audit.net.use-tls.use-tls
@ nonfree.others (+0, -0)
@ nonfree.security_noaudit_novuln (+0, -0)
@ nonfree.vulns (+7, -0)
+ php.lang.security.injection.printed-request.printed-request
+ solidity.security.missing-self-transfer-check-ercx.missing-self-transfer-check-ercx
+ yaml.openapi.security.use-of-basic-authentication.use-of-basic-authentication
+ python.twilio.security.twiml-injection.twiml-injection
+ generic.secrets.gitleaks.cloudflare-global-api-key.cloudflare-global-api-key
+ generic.secrets.gitleaks.cloudflare-api-key.cloudflare-api-key
+ generic.secrets.gitleaks.cloudflare-origin-ca-key.cloudflare-origin-ca-key
@ oss.audit (+0, -0)
@ oss.others (+1, -0)
+ mobsf.mobsfscan.webview.webview_allow_file_from_url.webview_allow_file_from_url
@ oss.security_noaudit_novuln (+0, -0)
@ oss.vulns (+0, -0)
```
Copy link

github-actions bot commented Jun 1, 2024

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "authentication, oauth" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

@thypon thypon merged commit 84915eb into main Jun 1, 2024
8 checks passed
@thypon thypon deleted the features/june24-update branch June 1, 2024 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants