Open leonardosahon opened 5 months ago
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
Hi @leonardosahon
if you are using composer, the implementation should work just fine.
use \Flutterwave\Flutterwave;
use \Flutterwave\Config\PackageConfig;
$myConfig = PackageConfig::setUp(
'FLWSECK_TEST-XXXXXXXXXXXXXXXXXXXXXXXXXXX-X',
'FLWPUBK_TEST-XXXXXXXXXXXXXXXXXXXXXXXXXXX-X',
'FLWSECK_XXXXXXXXXXXXXXX',
'staging'
);
Flutterwave::bootstrap($myConfig);
Unless you are calling Flutterwave::bootstrap()
again before or after it.
Hi @leonardosahon
if you are using composer, the implementation should work just fine.
use \Flutterwave\Flutterwave; use \Flutterwave\Config\PackageConfig; $myConfig = PackageConfig::setUp( 'FLWSECK_TEST-XXXXXXXXXXXXXXXXXXXXXXXXXXX-X', 'FLWPUBK_TEST-XXXXXXXXXXXXXXXXXXXXXXXXXXX-X', 'FLWSECK_XXXXXXXXXXXXXXX', 'staging' ); Flutterwave::bootstrap($myConfig);
Unless you are calling
Flutterwave::bootstrap()
again before or after it.
These are my environmental variables:
FLUTTERWAVE_PUBLIC_KEY
FLUTTERWAVE_SECRET_KEY
FLUTTERWAVE_ENCRYPTION_KEY
If you check the screenshot, immediately after here:
Flutterwave::bootstrap(
PackageConfig::setUp(
$_ENV['FLUTTERWAVE_SECRET_KEY'],
$_ENV['FLUTTERWAVE_PUBLIC_KEY'],
$_ENV['FLUTTERWAVE_ENCRYPTION_KEY'],
LayConfig::$ENV_IS_DEV ? "staging" : "production",
)
);
The next thing is new PaymentController
, which calls Flutterwave::bootstrap()
again, this time with an empty parameter, thereby rendering $config
empty, meanwhile self::$config
contains a value already.
This new call attempts to go back to the .env
file, meanwhile, the values have been supplied through the PackageConfig::setUp
already.
When a custom
env
variable is created, the bootstrap method was still trying to find the default env keys.With this new addition, if a user has used the
PackageConfig::setUp
method already to set their customenv
variables, bootstrap would not have assumeself::$config
is not set again.Version:
flutterwavedev/flutterwave-v3
:1.0.6
Error Message
This has already been done from my code.