So some dumbass in my employer's security department apparently wrote a custom secret scanner pattern for github. That just looks for anything assigning to a variable called (or presumably ending with) password, regardless of whether it's a constant or not... It tripped on some python library code (long story on why that ended up committed in the repo instead of using requirements.txt) that was passing a variable called 'password' to a named parameter called 'password' (so password=password as far as the regex was concerned). At least that made it trivial to tell that it was a false positive...
I'd hope it was only intended to fire on config files, but since it's blindly running on code with no regards to "is the input to the assignment a constant," this thing's just a noise and busywork generator more than anything else...
=> More informations about this toot | More toots from becomethewaifu@tech.lgbt
@becomethewaifu@tech.lgbt me, defeating this on accident because I decided to use $pwd or $p
=> More informations about this toot | More toots from puppygirlhornypost2@transfem.social This content has been proxied by September (3851b).Proxy Information
text/gemini