Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add GH Action to warn devs about sentryAuthToken changes #3683

Open
krystofwoldrich opened this issue Mar 18, 2024 · 3 comments
Open

Add GH Action to warn devs about sentryAuthToken changes #3683

krystofwoldrich opened this issue Mar 18, 2024 · 3 comments

Comments

@krystofwoldrich
Copy link
Member

Description

To prevent GHSA-68c2-4mpx-qh95 in the future, we can add a GitHub Action which will add a warning to a PR when changes related to handling sentry auth token are included.

Impl can be a simple string search for sentryAuthToken, SENTRY_AUTH_TOKEN, and similar.

@krystofwoldrich
Copy link
Member Author

This warning should not be triggered for changes in GH actions yml files.

@krystofwoldrich krystofwoldrich moved this from Needs Discussion to Backlog in Mobile & Cross Platform SDK Mar 22, 2024
@lucas-zimerman lucas-zimerman moved this from Backlog to In Progress in Mobile & Cross Platform SDK Jun 28, 2024
@lucas-zimerman lucas-zimerman moved this from In Progress to Backlog in Mobile & Cross Platform SDK Jun 28, 2024
@lucas-zimerman
Copy link
Collaborator

This may be closed once getsentry/.github#134 is fixed

@krystofwoldrich
Copy link
Member Author

This GH Issue is about adding a warning like getsentry/sentry-cocoa#4091 (comment)

Screenshot 2024-07-12 at 15 24 11

For example changes in https://github.com/getsentry/sentry-react-native/blob/9d86532d68474e40b8d0c346799236ab466c0cb7/plugin/src/withSentry.ts related to the authToken variable should trigger such a warning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Backlog
Development

No branches or pull requests

2 participants