An error occurred while fetching the assigned iteration of the selected issue.
Secrets detection picks up example password in URL used in docs
The following was picked up by secrets detection analyzer... It might make sense to rule out invalid characters that can't be a URL in the URL rule.
Here's an example with instructions for using a GitLab API:
{
...
"id": "asdfdasfasd",
"category": "secret_detection",
"name": "Password in URL",
"message": "Password in URL detected; please remove and revoke it if this is a leak.",
"description": "Password in URL",
"cve": "README.md:asdfdasdfas:Password in URL",
"severity": "Critical",
"confidence": "Unknown",
"raw_source_code_extract": "https:///<name-of-your-token>:<your-actual-token>@gitlab.com/api/v4/projects/111111/packages/sample/sample",
...
}
And another for GitHub.com initially reported in #342539:
{
"version": "14.0.0",
"vulnerabilities": [
{
"id": "<sha>",
"category": "secret_detection",
"name": "Password in URL",
"message": "Password in URL detected; please remove and revoke it if this is a leak.",
"description": "Password in URL",
"cve": "README.md:<sha> in URL",
"severity": "Critical",
"confidence": "Unknown",
"raw_source_code_extract": "https://<user>:<token>@github.com/<user>/<repo>` .",
"scanner": {
"id": "gitleaks",
"name": "Gitleaks"
},
"location": {
"file": "README.md",
"commit": {
"date": "0001-01-01T00:00:00Z",
"sha": "0000000"
},
"start_line": 2412,
"end_line": 2412
},
"identifiers": [
{
"type": "gitleaks_rule_id",
"name": "Gitleaks rule ID Password in URL",
"value": "Password in URL"
}
]
}
]
}