Reply with /nullify to interact with me like another developer
If you'd like me to allowlist a secret, you can do so by commenting on this issue with an allowlist reason and I'll open a pull request to update the Nullify config file
For example, /nullify allowlist <secret-value> as it has been rotated
36 potential secrets found in repository
🔑 Private Key
🔒 Generic API Key
☁️ Cloud API Key
💬 Slack token
Misc.
ID: 01HX8963NQ8JCM6V66KH88XDDV
Generic API Key
First Commit Time: 2014-08-24T17:25:41Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/webapp/js/ace/worker-xquery.js#L1 #ID: 01HX8963NQ8JCM6V66GGWVA8P3
Generic API Key
First Commit Time: 2014-09-15T14:40:51Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/DOMInjection.java#L63 #ID: 01HX8963NQ8JCM6V66GJH54V76
HashiCorp Terraform password field
First Commit Time: 2014-09-15T14:40:51Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java#L84 #ID: 01HX8963NQ8JCM6V66GR5VZ412
HashiCorp Terraform password field
First Commit Time: 2014-09-15T14:40:51Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/InsecureLogin.java#L30 #ID: 01HX8963NQ8JCM6V66G4C171K3
HashiCorp Terraform password field
First Commit Time: 2015-09-16T02:24:11Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-container/src/main/java/org/owasp/webgoat/session/ECSFactory.java#L70 #ID: 01HX8963NQ8JCM6V66G8BWZFKT
HashiCorp Terraform password field
First Commit Time: 2015-09-16T02:24:11Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java#L27 #ID: 01HX8963NQ8JCM6V66FW4BCKG0
AWS
First Commit Time: 2016-11-19T14:29:05Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/.travis.yml#L20 #ID: 01HX8963NQ8JCM6V66FV23BW1D
JSON Web Token
First Commit Time: 2017-05-03T00:47:04Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L128 #ID: 01HX8963NQ8JCM6V66FVDMZDQN
JSON Web Token
First Commit Time: 2017-05-03T00:47:04Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L136 #ID: 01HX8963NQ8JCM6V66FVH6ZAGN
JSON Web Token
First Commit Time: 2017-05-03T00:47:04Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L144 #ID: 01HX8963NQ8JCM6V66FS1CQTT0
JSON Web Token
First Commit Time: 2017-05-03T00:47:04Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/test/java/org/owasp/webgoat/plugin/challenge5/VotesEndpointTest.java#L81 #ID: 01HX8963NQ8JCM6V66FQBCCB4D
HashiCorp Terraform password field
First Commit Time: 2017-05-03T12:33:58Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/plugin/SolutionConstants.java#L15 #ID: 01HX8963NQ8JCM6V66FMHM120B
JSON Web Token
First Commit Time: 2018-04-23T09:09:30Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_weak_keys#L12 #ID: 01HX8963NQ8JCM6V66FERP1MBH
Generic API Key
First Commit Time: 2018-05-21T10:41:37Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/refresh/RefreshEndpoint.java#L6 #ID: 01HX8963NQ8JCM6V66FMAAH017
Generic API Key
First Commit Time: 2018-05-21T10:41:37Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/images/logs.txt#L2 #ID: 01HX8963NQ8JCM6V66FDGRY54C
JSON Web Token
First Commit Time: 2018-05-21T10:41:37Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/plugin/refresh/RefreshEndpoint.java#L5 #ID: 01HX8963NQ8JCM6V66F4FM3Q7S
Generic API Key
First Commit Time: 2018-05-22T15:06:03Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js#L10 #ID: 01HX8963NQ8JCM6V66EVTKPNA2
JSON Web Token
First Commit Time: 2018-06-08T17:31:32Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_weak_keys#L12 #ID: 01HX8963NQ8JCM6V66EGWW1CRR
Private Key
First Commit Time: 2019-11-23T20:52:14Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/CryptoUtil.java#L44 #ID: 01HX8963NQ8JCM6V66DWC95415
Generic API Key
First Commit Time: 2021-09-23T12:04:53Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/webgoat-lessons/insecure-deserialization/src/test/java/org/owasp/webgoat/deserialization/DeserializeTest.java#L80 #ID: 01HX8963NQ8JCM6V66DE2JX9R6
HashiCorp Terraform password field
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java#L65 #ID: 01HX8963NQ8JCM6V66DFYMHAXV
HashiCorp Terraform password field
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpoint.java#L66 #ID: 01HX8963NQ8JCM6V66DJ4TMD2E
JSON Web Token
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpointTest.java#L23 #ID: 01HX8963NQ8JCM6V66DQZFA5ZX
JSON Web Token
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java#L113 #ID: 01HX8963NQ8JCM6V66DN29V0WJ
JSON Web Token
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/lessons/jwt/JWTRefreshEndpointTest.java#L74 #ID: 01HX8963NQ8JCM6V66DSPMFRTK
JSON Web Token
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java#L30 #ID: 01HX8963NQ8JCM6V66DSQMDX2A
JSON Web Token
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java#L44 #ID: 01HX8963NQ8JCM6V66DVN9PCPS
JSON Web Token
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/test/java/org/owasp/webgoat/webwolf/jwt/JWTTokenTest.java#L55 #ID: 01HX8963NQ8JCM6V66DBA0CQAE
Private Key
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java#L133 #ID: 01HX8963NQ8JCM6V66D8FX6X3G
Private Key
First Commit Time: 2023-01-04T07:07:23Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/cryptography/CryptoUtil.java#L45 #ID: 01HX8963NQ8JCM6V66D6D3W84B
Generic API Key
First Commit Time: 2023-02-22T21:55:48Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/Assignment7.java#L34 #ID: 01HX8963NQ8JCM6V66CY7D4NJ2
JSON Web Token
First Commit Time: 2023-11-14T09:01:59Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/lessons/jwt/html/JWT.html#L322 #ID: 01HX8963NQ8JCM6V66CYQVMJR7
JSON Web Token
First Commit Time: 2023-11-14T09:01:59Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/lessons/jwt/html/JWT.html#L388 #ID: 01HX8963NQ8JCM6V66CXP8N9B6
JSON Web Token
First Commit Time: 2023-11-14T17:14:48Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/robot/goat.robot#L111 #ID: 01HX8963NQ8JCM6V66CXH1GS0X
Generic API Key
First Commit Time: 2023-12-06T15:10:19Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/webgoat/static/js/jquery/jquery-ui-1.10.4.custom.min.js#L7 #ID: 01HX8963NQ8JCM6V66CVR70MDX
Generic API Key
First Commit Time: 2023-12-06T15:10:19Z
https://github.com/nalbion/WebGoat/blob/e308d7cde7f3c6f50016a7548f078fe481d5de8e/src/main/resources/webgoat/static/js/libs/jquery-ui.min.js#L13Reply with
/nullify
to interact with me like another developerIf you'd like me to allowlist a secret, you can do so by commenting on this issue with an allowlist reason and I'll open a pull request to update the Nullify config file
For example,
/nullify allowlist <secret-value> as it has been rotated