Seriously how many times does this have to happen(lemmy.world)

posted 2 months ago

carrylex@lemmy.world

programmer_humor@programming.dev

45 commentshide report

One does not commit or compile credentials

Template

Context:

This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

PlexSheep@infosec.pub

9 points

2 months ago

This sounds like a really useful solution, how do you implement something like this? Especially with linter integration

permalink

report

parent

[ - ]

dan@upvote.au

7 points

2 months ago

I’m not sure, sorry. The source control team at work set it up a long time ago. I don’t know how it works - I’m just a user of it.

The linter probably just runs git diff | grep @nocommit or similar.

permalink

report

parent

[ - ]

zqwzzle@lemmy.ca

4 points

2 months ago

Depending on which stack you’re using, you could use https://danger.systems to automatically fail PRs.

permalink

report

parent

[ - ]

PlexSheep@infosec.pub

4 points

2 months ago

PRs? Isn’t the point of @nocommit that something does not get committed, and therefore no credentials are stored in the git repository? Even if the PR does not get merged, the file is still stored as a hit object and can be restored.

permalink

report

parent

[ - ]

zqwzzle@lemmy.ca

2 points

2 months ago

I read the lint part and my brain forgot about everything else. You could stick the danger call in a pre commit hook though.

permalink

report

parent