Add Sails Express.js hardcoded secrets

blacklanternsecurity / badsecrets

A library for detecting known secrets across many web frameworks

GNU General Public License v3.0

517 stars 44 forks source link

Add Sails Express.js hardcoded secrets #121

Closed cosad3s closed 8 months ago

cosad3s commented 8 months ago

See:

https://github.com/balderdashy/sails/blob/master/lib/hooks/session/index.js
https://github.com/balderdashy/sails/blob/master/test/unit/req.session.test.js
https://github.com/balderdashy/sails/blob/master/docs/concepts/Sessions/sessions.md

For production, default secret should be a MD5 generated string from Date, random 64-byte and Node.js version (https://github.com/balderdashy/sails-generate), if not changed by the maintainer.

liquidsec commented 8 months ago

Nice Find, Thanks for the PR!