search

wechulisimiyu / leave-no-medic-behind

The Leave No Medic Behind Initiative Charity Run is a fundraising project by the Association of Medical Students of the University of Nairobi (AMSUN) to meet the financial needs of underprivileged students in the School of Medicine.
https://lnmb-run.org/
MIT License
6 stars 4 forks source link

Potential security threat #2

Closed barakadanny closed 1 year ago

barakadanny commented 1 year ago

Security issue

The access token generation function for the Safaricom API in src/middleware/generateAccessToken.js seems to be functional, but there are a few improvements that could be made to enhance its security.

Expected Behavior

The function should validate the inputs for the Safaricom API credentials, 

     process.env.SAFARICOM_CONSUMER_KEY

and 

     process.env.SAFARICOM_CONSUMER_SECRET

both should be validated before they are used. This will help to prevent potential security vulnerabilities such as injecting malicious code.

Current Behavior

The inputs for the Safaricom API credentials are not being validated

Failure Information (for bugs)

Steps to Reproduce

  1. Call the accessToken function
  2. Observe the behaviour of the inputs from the Safaricom API credentials
wechulisimiyu commented 1 year ago

Thank you chief. Will look into that @barakadanny