Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug][devLake config UI] GitHub PAT leaks in API #8215

Open
2 of 3 tasks
oliviertassinari opened this issue Nov 24, 2024 · 4 comments
Open
2 of 3 tasks

[Bug][devLake config UI] GitHub PAT leaks in API #8215

oliviertassinari opened this issue Nov 24, 2024 · 4 comments
Labels
component/config-ui This issue or PR relates to config-ui severity/p0 This bug blocks key user journey and function type/bug This issue is a bug

Comments

@oliviertassinari
Copy link

oliviertassinari commented Nov 24, 2024

Search before asking

  • I had searched in the issues and found no similar issues.

What happened

Open http://localhost:4000/api/plugins/github/connections/1/scopes?page=1&pageSize=10&blueprints=true, and you can see the GitHub access token.

What do you expect to happen

Similar issue as #7821 but for GitLab on the same endpoint.
Similar issue as #2800 but for GitHub on a different endpoint.

How to reproduce

  1. Setup
  2. Open the above URL

Anything else

No response

Version

v1.0.2-beta4

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct

@oliviertassinari oliviertassinari added the type/bug This issue is a bug label Nov 24, 2024
@dosubot dosubot bot added component/config-ui This issue or PR relates to config-ui severity/p0 This bug blocks key user journey and function labels Nov 24, 2024
@klesh
Copy link
Contributor

klesh commented Nov 26, 2024

Hi, @oliviertassinari Can you be more specific? where can it be seem?

@oliviertassinari
Copy link
Author

oliviertassinari commented Nov 26, 2024

I have updated the URL, it was wrong. When I open the link, I get:

SCR-20241126-uaxs

A side note, with @michelengelen we noticed that when using v1.0.2-beta5, the dashboard version display is broken:

SCR-20241126-ubce

@klesh
Copy link
Contributor

klesh commented Nov 27, 2024

@oliviertassinari Can you file another issue for the version displaying problem, thanks.

@oliviertassinari
Copy link
Author

Sure #8226.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component/config-ui This issue or PR relates to config-ui severity/p0 This bug blocks key user journey and function type/bug This issue is a bug
Projects
None yet
Development

No branches or pull requests

2 participants