Feature(#614): Challenge38 - Git notes challenge #903
Conversation
|
@commjoen Weirdly Trufflehog and git secrets isnt picking the secrets in Git notes up. Do you know if this should be possible? It's hard to figure out definitively: Ive tried:
It seems they are all looking in the committed files instead of the commits themselves. |
src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge34.java
Outdated
Show resolved
Hide resolved
src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge34.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
See the comments! Love the setup, but a few things need to change I guess (maybe sync the fork with this one?). I also cannot find teh notes at the commit. did you push all the notes like described in https://stackoverflow.com/questions/18268986/git-how-to-push-messages-added-by-git-notes-to-the-central-git-server ?
RemakingEden
force-pushed
the
git-notes-challenge
branch
from
20124e9
to
dec60e0
Compare
|
@commjoen Okay so git notes have now been pushed. Unfortunately it seems they are very hard to work with. It is not possible to see them in Github and they dont automatically get fetched. You need to use the |
There was a problem hiding this comment.
Hi @RemakingEden , thank you for the updates! can you please add the required unit test after applying the suggestions? See https://github.com/OWASP/wrongsecrets/blob/master/CONTRIBUTING.md#step-3-adding-test-file for more details.
|
This is on hold due to some questions around how heavily Git Notes is used. |
|
Elligible for |
commjoen
changed the title
commjoen
added
hacktoberfest-accepted
and removed
blocked
What kind of changes does this PR include?
Description
This is a challenge to teach users about leaking secrets via git notes.
Relations
Closes #614
https://blog.gitguardian.com/leaking-secrets-on-github-what-to-do/
Checklist: