search

usebruno / bruno

Opensource IDE For Exploring and Testing Api's (lightweight alternative to postman/insomnia)
https://www.usebruno.com/
MIT License
25.34k stars 1.15k forks source link

PostHog ApiKey is hardcoded #3023

Open zioalex opened 1 week ago

zioalex commented 1 week ago

I have checked the following:

Describe the bug

Looking in the code I found that you store PostHog ApiKey in code in the files: packages/bruno-app/src/providers/App/useTelemetry.js packages/bruno-app/src/components/Sidebar/GoldenEdition/index.js

Not sure if such key is still valid but surely it shouldn't be there in clear text

.bru file to reproduce the bug

No response

Screenshots/Live demo link

image

zioalex commented 1 week ago

Hi Sanjai, what do you mean that it is a public key?. Can you please explain it? It is used to send the Telemetrics to Posthog

On Wed, 4 Sept 2024, 10:22 Sanjai Kumar, @.***> wrote:

Hey @zioalex https://github.com/zioalex, thank you for being security conscious and creating this issue. However, the posthogApiKey is a public key, which means keeping the key open in the codebase is fine.

— Reply to this email directly, view it on GitHub https://github.com/usebruno/bruno/issues/3023#issuecomment-2328222988, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA3NM4CQZOUH3GOQH76FGD3ZU27MDAVCNFSM6AAAAABNTWOVR6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRYGIZDEOJYHA . You are receiving this because you were mentioned.Message ID: @.***>