Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not safe implementation #44

Open
l3r8yJ opened this issue Apr 4, 2024 · 2 comments
Open

Not safe implementation #44

l3r8yJ opened this issue Apr 4, 2024 · 2 comments
Assignees
@l3r8yJ
Labels
bug Something isn't working

Comments

@l3r8yJ
Copy link
Contributor

l3r8yJ commented Apr 4, 2024

@h1alexbel take a look, please

code-review-action/src/main/java/git/tracehub/codereview/action/github/GhRequest.java

Line 47 in dbd3f56

.header("Authorization", String.format("Bearer %s", this.token));

I suppose that we have vulnerability here, in Java strings are cached and storing any sensitive data as strings is bad habit. I suppose that we have to store token as raw byte array
@h1alexbel
Copy link
Contributor

@l3r8yJ thanks for the report. That's definitely a good point. We should fix it

@h1alexbel h1alexbel added the bug Something isn't working label Apr 5, 2024
@l3r8yJ
Copy link
Contributor Author

l3r8yJ commented Apr 5, 2024

@h1alexbel assign it to me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@l3r8yJ l3r8yJ

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@l3r8yJ @h1alexbel