search

Tovli / Mazilon

GNU Lesser General Public License v3.0
1 stars 0 forks source link

removed google services #5

Closed Tovli closed 3 weeks ago

Tovli commented 3 weeks ago

added firebase options to CI

patched-codes[bot] commented 3 weeks ago
## File Changed: `.github/workflows/main.yml` Details: Potential bug introduced by removing Google Services configuration and replacing it with Firebase options. Affected Code Snippet: ```yaml - - name: Write google-services.json - run: | - echo $PRODGOOGLESERVICES > $https://github.com/Tovli/Mazilon/pull/5/files#diff-753e9b39a4087477ddaecfb57785734d7bedb99c935fd3852386f3ff9e486fa2 ``` Start Line: 30 End Line: 32 ------------- Details: Potential security vulnerability introduced by writing Firebase options to a file. Affected Code Snippet: ```yaml + - name: Write key store file for release signing + run: | + echo $FIREBASE_OPTIONS | base64 --decode > $https://github.com/Tovli/Mazilon/pull/5/files#diff-b834cbba067c04a1fc87e96c4f44e57276fc3a8664f420d3b0af48526b9ca1dc ``` Start Line: 33 End Line: 35 ## File Changed: `.gitignore` Rule 2: Do not overlook possible security vulnerabilities introduced by code modifications. Details: Potential security vulnerability introduced. The Firebase credentials file is being added to .gitignore, which is generally a good practice to keep sensitive information out of version control. However, this could also mean that developers might accidentally commit this file with real credentials in the future if not properly managed. Affected Code Snippet: ``` #firebase credentials lib/util/Firebase/firebase_options.dart ``` Start Line: 72 End Line: 73 ## File Changed: `android/app/build.gradle` Details: Potential security vulnerability introduced by removing Firebase Authentication and Database dependencies. Affected Code Snippet: ```gradle dependencies { - implementation platform('com.google.firebase:firebase-bom:32.7.3') - implementation 'com.google.firebase:firebase-analytics' implementation 'androidx.multidex:multidex:2.0.1' - implementation 'com.google.firebase:firebase-auth' - implementation 'com.google.firebase:firebase-database' implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version" - - -} - -apply plugin: 'com.google.gms.google-services' \ No newline at end of file +} ``` Start Line: 103 End Line: 114 ## File Changed: `android/app/google-services.json` Details: The code diff shows the removal of a configuration file containing sensitive information such as API keys, client IDs, and other Firebase configuration details. This poses a significant security vulnerability as these credentials should not be exposed or removed without proper handling. Affected Code Snippet: ```json { "project_info": { "project_number": "37967917693", "firebase_url": "https://mezilondb-default-rtdb.europe-west1.firebasedatabase.app", "project_id": "mezilondb", "storage_bucket": "mezilondb.appspot.com" }, "client": [ { "client_info": { "mobilesdk_app_id": "1:37967917693:android:961969071caf3fdefaf714", "android_client_info": { "package_name": "com.matzilon.mezilon" } }, "oauth_client": [ { "client_id": "37967917693-it48o2sqpr4k55oo29o6lj36g24sakt4.apps.googleusercontent.com", "client_type": 1, "android_info": { "package_name": "com.example.mezilon", "certificate_hash": "eeda192a54b76611619cc3c5da522901e519a04b" } }, // ... (other client configurations) ], "api_key": [ { "current_key": "AIzaSyApA4kbqIF6RhP7gGM8MjI42vv3AhB_WQw" } ], // ... (other configurations) } ], "configuration_version": "1" } ``` Start Line: 1 End Line: 99 ------------- Details: The removal of the entire configuration file could potentially introduce bugs in the application as it may rely on these Firebase settings for various functionalities. Affected Code Snippet: ```json { "project_info": { "project_number": "37967917693", "firebase_url": "https://mezilondb-default-rtdb.europe-west1.firebasedatabase.app", "project_id": "mezilondb", "storage_bucket": "mezilondb.appspot.com" }, // ... (entire file content) } ``` Start Line: 1 End Line: 99 ## File Changed: `android/build.gradle` Details: Removing the Google Services plugin could potentially introduce security vulnerabilities if the app relies on Firebase or other Google services for authentication or data protection. Affected Code Snippet: ```gradle classpath 'com.google.gms:google-services:4.4.1' // Add this line ``` Start Line: 15 End Line: 15 ## File Changed: `ios/Runner/GoogleService-Info.plist` Details: This file contains sensitive information such as API keys and client IDs. Removing this file without proper handling could lead to security vulnerabilities. Affected Code Snippet: ```xml CLIENT_ID 37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2.apps.googleusercontent.com REVERSED_CLIENT_ID com.googleusercontent.apps.37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2 API_KEY AIzaSyCXwIIsZpoafJNcIKpDrfYZpyVjSgD04VU GCM_SENDER_ID 37967917693 PLIST_VERSION 1 BUNDLE_ID com.example.mezilon PROJECT_ID mezilondb STORAGE_BUCKET mezilondb.appspot.com IS_ADS_ENABLED IS_ANALYTICS_ENABLED IS_APPINVITE_ENABLED IS_GCM_ENABLED IS_SIGNIN_ENABLED GOOGLE_APP_ID 1:37967917693:ios:a5eb6e7c6ecc3313faf714 ``` Start Line: 1 End Line: 34 ------------- Details: The entire file is being removed, which could potentially introduce bugs if the application relies on this configuration file. Affected Code Snippet: ```xml CLIENT_ID 37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2.apps.googleusercontent.com REVERSED_CLIENT_ID com.googleusercontent.apps.37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2 API_KEY AIzaSyCXwIIsZpoafJNcIKpDrfYZpyVjSgD04VU GCM_SENDER_ID 37967917693 PLIST_VERSION 1 BUNDLE_ID com.example.mezilon PROJECT_ID mezilondb STORAGE_BUCKET mezilondb.appspot.com IS_ADS_ENABLED IS_ANALYTICS_ENABLED IS_APPINVITE_ENABLED IS_GCM_ENABLED IS_SIGNIN_ENABLED GOOGLE_APP_ID 1:37967917693:ios:a5eb6e7c6ecc3313faf714 ``` Start Line: 1 End Line: 34