buzzfeed / sso

sso, aka S.S.Octopus, aka octoboi, is a single sign-on solution for securing internal services

MIT License

3.07k stars 187 forks source link

sso_proxy: Add comment marking private key as test data #260

Closed itwasntandy closed 4 years ago

itwasntandy commented 4 years ago

Problem

Despite this key being stored in a testdata directory, we've received a number of reports highlighting that a private key is present in the SSO Repo.

Solution

PEM format means anything outside of the --- BEGIN PRIVATE KEY--- and `-- END PRIVATE KEY ---`` block will be ignored, so it's safe to add a descriptive comment explaining that yes, this really is test data and its intentionally public!

codecov[bot] commented 4 years ago

Codecov Report

Merging #260 into master will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #260   +/-   ##
=======================================
  Coverage   62.14%   62.14%           
=======================================
  Files          53       53           
  Lines        4169     4169           
=======================================
  Hits         2591     2591           
  Misses       1391     1391           
  Partials      187      187