Have a secret in .gitignore /.ssh

OWASP / wrongsecrets

Vulnerable app with examples showing how to not use secrets

https://owasp.org/www-project-wrongsecrets/

GNU Affero General Public License v3.0

1.22k stars 347 forks source link

Have a secret in .gitignore /.ssh #613

Open commjoen opened 1 year ago

commjoen commented 1 year ago

[ ] Create a branch with added secret in .gitignore and a secret in .ssh
[ ] Create the challenges for both where the secrets for both files are having their own separate challenge with encryption of the secrets to hide them from detection engines.

ArslanYM commented 1 year ago

Is this issue open ?

commjoen commented 1 year ago

Yes, @ArslanYM it is . Want to have a stab at it?

ArslanYM commented 1 year ago

Yes please. Thanks

commjoen commented 1 year ago

Welcome to the team @ArslanYM ! Please have a look at https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md for how to implement a challenge and the required tests :) . Feel free to reach out via Slack if you have any questions!

ArslanYM commented 1 year ago

Thanks @commjoen , Can you send me the slack link too.

commjoen commented 1 year ago

Need support? Contact us via OWASP Slack for which you sign up here

ArslanYM commented 1 year ago

@commjoen This will sound like a dumb question but how do I add a secret in .ssh?

commjoen commented 1 year ago

That does not sound like a dumb question at all! https://linuxize.com/post/using-the-ssh-config-file/?utm_content=cmp-true shows a nice example where the identity file mentioned would be the secret ;) .

commjoen commented 1 year ago

Hello @ArslanYM do you have any progress on this :) ?

divyanshuagarwal-23 commented 1 year ago

Hello @commjoen I will like to pick this one up I am new contributor

divyanshuagarwal-23 commented 1 year ago

Please assign this to me

commjoen commented 1 year ago

We will reassign this issue in case there is no response within a week :-)

divyanshuagarwal-23 commented 1 year ago

ok thank you, I will be available

commjoen commented 1 year ago

@divyanshuagarwal-23 can you please select an unassigned issue first ;-) ?

divyanshuagarwal-23 commented 11 months ago

sure @commjoen

ArslanYM commented 11 months ago

@commjoen Sorry for the delay. Il start working on this.

AnuRage-git commented 9 months ago

Greetings! Can I have updates regarding the state of this issue?

za commented 8 months ago

Hi @commjoen I have initiated a PR. Might need your help on how to implement the challenge though.

commjoen commented 8 months ago

@za the issue is still assigned to @ArslanYM. Please don't do this. closing your MR.

za commented 8 months ago

oh OK, I thought it's idle and no one is getting it @commjoen

commjoen commented 8 months ago

@ArslanYM are you making progress with this :) ? We are getting beyond the 3 months period listed in https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#how-to-get-your-pr-accepted .

commjoen commented 7 months ago

@za it is idle now :) good sir, are you still interested in taking on this issue good sir?

za commented 7 months ago

Hi @commjoen I'll take this issue first before proceed with devcontainer #702