## File Changed: `.github/workflows/main.yml`
Details: Potential bug introduced by removing Google Services configuration and replacing it with Firebase options.
Affected Code Snippet:
```yaml
- - name: Write google-services.json
- run: |
- echo $PRODGOOGLESERVICES > $https://github.com/Tovli/Mazilon/pull/5/files#diff-753e9b39a4087477ddaecfb57785734d7bedb99c935fd3852386f3ff9e486fa2
```
Start Line: 30
End Line: 32
-------------
Details: Potential security vulnerability introduced by writing Firebase options to a file.
Affected Code Snippet:
```yaml
+ - name: Write key store file for release signing
+ run: |
+ echo $FIREBASE_OPTIONS | base64 --decode > $https://github.com/Tovli/Mazilon/pull/5/files#diff-b834cbba067c04a1fc87e96c4f44e57276fc3a8664f420d3b0af48526b9ca1dc
```
Start Line: 33
End Line: 35
## File Changed: `.gitignore`
Rule 2: Do not overlook possible security vulnerabilities introduced by code modifications.
Details: Potential security vulnerability introduced. The Firebase credentials file is being added to .gitignore, which is generally a good practice to keep sensitive information out of version control. However, this could also mean that developers might accidentally commit this file with real credentials in the future if not properly managed.
Affected Code Snippet:
```
#firebase credentials
lib/util/Firebase/firebase_options.dart
```
Start Line: 72
End Line: 73
## File Changed: `android/app/build.gradle`
Details: Potential security vulnerability introduced by removing Firebase Authentication and Database dependencies.
Affected Code Snippet:
```gradle
dependencies {
- implementation platform('com.google.firebase:firebase-bom:32.7.3')
- implementation 'com.google.firebase:firebase-analytics'
implementation 'androidx.multidex:multidex:2.0.1'
- implementation 'com.google.firebase:firebase-auth'
- implementation 'com.google.firebase:firebase-database'
implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
-
-
-}
-
-apply plugin: 'com.google.gms.google-services'
\ No newline at end of file
+}
```
Start Line: 103
End Line: 114
## File Changed: `android/app/google-services.json`
Details: The code diff shows the removal of a configuration file containing sensitive information such as API keys, client IDs, and other Firebase configuration details. This poses a significant security vulnerability as these credentials should not be exposed or removed without proper handling.
Affected Code Snippet:
```json
{
"project_info": {
"project_number": "37967917693",
"firebase_url": "https://mezilondb-default-rtdb.europe-west1.firebasedatabase.app",
"project_id": "mezilondb",
"storage_bucket": "mezilondb.appspot.com"
},
"client": [
{
"client_info": {
"mobilesdk_app_id": "1:37967917693:android:961969071caf3fdefaf714",
"android_client_info": {
"package_name": "com.matzilon.mezilon"
}
},
"oauth_client": [
{
"client_id": "37967917693-it48o2sqpr4k55oo29o6lj36g24sakt4.apps.googleusercontent.com",
"client_type": 1,
"android_info": {
"package_name": "com.example.mezilon",
"certificate_hash": "eeda192a54b76611619cc3c5da522901e519a04b"
}
},
// ... (other client configurations)
],
"api_key": [
{
"current_key": "AIzaSyApA4kbqIF6RhP7gGM8MjI42vv3AhB_WQw"
}
],
// ... (other configurations)
}
],
"configuration_version": "1"
}
```
Start Line: 1
End Line: 99
-------------
Details: The removal of the entire configuration file could potentially introduce bugs in the application as it may rely on these Firebase settings for various functionalities.
Affected Code Snippet:
```json
{
"project_info": {
"project_number": "37967917693",
"firebase_url": "https://mezilondb-default-rtdb.europe-west1.firebasedatabase.app",
"project_id": "mezilondb",
"storage_bucket": "mezilondb.appspot.com"
},
// ... (entire file content)
}
```
Start Line: 1
End Line: 99
## File Changed: `android/build.gradle`
Details: Removing the Google Services plugin could potentially introduce security vulnerabilities if the app relies on Firebase or other Google services for authentication or data protection.
Affected Code Snippet:
```gradle
classpath 'com.google.gms:google-services:4.4.1' // Add this line
```
Start Line: 15
End Line: 15
## File Changed: `ios/Runner/GoogleService-Info.plist`
Details: This file contains sensitive information such as API keys and client IDs. Removing this file without proper handling could lead to security vulnerabilities.
Affected Code Snippet:
```xml
CLIENT_ID37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2.apps.googleusercontent.comREVERSED_CLIENT_IDcom.googleusercontent.apps.37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2API_KEYAIzaSyCXwIIsZpoafJNcIKpDrfYZpyVjSgD04VUGCM_SENDER_ID37967917693PLIST_VERSION1BUNDLE_IDcom.example.mezilonPROJECT_IDmezilondbSTORAGE_BUCKETmezilondb.appspot.comIS_ADS_ENABLEDIS_ANALYTICS_ENABLEDIS_APPINVITE_ENABLEDIS_GCM_ENABLEDIS_SIGNIN_ENABLEDGOOGLE_APP_ID1:37967917693:ios:a5eb6e7c6ecc3313faf714
```
Start Line: 1
End Line: 34
-------------
Details: The entire file is being removed, which could potentially introduce bugs if the application relies on this configuration file.
Affected Code Snippet:
```xml
CLIENT_ID37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2.apps.googleusercontent.comREVERSED_CLIENT_IDcom.googleusercontent.apps.37967917693-hpl8lgbco59fmeaohv3i5m79nl698sf2API_KEYAIzaSyCXwIIsZpoafJNcIKpDrfYZpyVjSgD04VUGCM_SENDER_ID37967917693PLIST_VERSION1BUNDLE_IDcom.example.mezilonPROJECT_IDmezilondbSTORAGE_BUCKETmezilondb.appspot.comIS_ADS_ENABLEDIS_ANALYTICS_ENABLEDIS_APPINVITE_ENABLEDIS_GCM_ENABLEDIS_SIGNIN_ENABLEDGOOGLE_APP_ID1:37967917693:ios:a5eb6e7c6ecc3313faf714
```
Start Line: 1
End Line: 34
added firebase options to CI