Skip to content

Fix hardcoded credentials in tests #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michaelstingl merged 1 commit into from
Mar 16, 2025
Merged

Fix hardcoded credentials in tests #7

michaelstingl merged 1 commit into from
Mar 16, 2025

Conversation

@michaelstingl
Copy link
Owner

@michaelstingl michaelstingl commented Mar 16, 2025
edited
Loading

Fix hardcoded credentials in tests

Problem

CodeQL security scanning identified hardcoded credentials in test files, which could potentially lead to security vulnerabilities if real tokens were accidentally committed.

Solution

  • Replace all instances of hardcoded mock-token with EXAMPLE_TEST_TOKEN
  • This makes it clear that these are example values for testing purposes only
  • The token values are only used in test files, not production code

Changes

  • Updated 3 instances of token values in ApiService-test.ts
  • Added clearer comments to indicate test-only credentials

Security Impact

This change addresses 2 open CodeQL security warnings about hardcoded credentials in test files.

@michaelstingl michaelstingl mentioned this pull request Mar 16, 2025
Closed
@github-actions
Copy link

github-actions bot commented Mar 16, 2025

Coverage after merging fix/hardcoded-test-credentials-clean into main will be

63.03%

Coverage Report
FileStmtsBranchesFuncsLinesUncovered Lines
config
   app.config.ts70%50%100%100%101, 133, 133–134, 134, 85–86, 97, 99
services
   AuthService.ts44.02%36.67%57.14%46.48%109–115, 126–127, 190, 208, 219, 227, 229–231, 234–238, 241, 241, 241, 241, 241, 241–242, 246–247, 254, 254, 254–256, 259, 261, 267, 270, 273, 276, 283, 286, 289, 292, 295, 295, 295–297, 301–303, 306, 309, 309, 309–310, 312–313, 313, 313, 316, 316, 316, 318, 318, 318–322, 322, 322–325, 325, 325–328, 331, 336, 336, 336, 338–339, 341, 341, 341, 341, 341, 343, 343, 343–344, 348, 350, 350, 350, 350, 350, 352–353, 357–358, 362–363, 57–60, 71
   OidcService.ts48.21%36.59%60%54.55%130–133, 138, 138, 15, 155–156, 176, 176, 176–177, 181, 181, 181–183, 186, 186, 186–188, 190, 190–191, 191, 195, 200, 200, 200–201, 205, 205, 205–206, 209, 211, 211, 211, 213–214, 214, 220, 24–25, 34–35, 53–54, 57, 66, 84–87
   WebFingerService.ts89.33%76.92%80%97.73%104–105, 14, 24, 31, 38, 59
services/api
   ApiService.ts75.58%63.64%70%81.48%100, 133, 137, 172, 174, 200, 200, 200–202, 204, 204, 209, 212–213, 227, 86, 93
   HttpUtil.ts59.24%50.54%84.62%62.88%102–103, 103, 103, 106, 106, 106–107, 110, 114, 114, 114–117, 155, 165, 18, 193, 198, 198–199, 203, 222, 305, 31, 312, 34–35, 354, 354, 354–355, 355, 355, 357, 357, 357–359, 36, 362, 362, 362–363, 365, 365, 365–367, 369, 369, 369–370, 373, 39, 396, 410, 42–43, 435–438, 446, 450, 473–475, 51, 59, 59, 59–60, 60, 60–62, 62, 62–63, 63, 63, 65–67, 69, 71, 75, 79, 82, 85, 92, 96, 96

@michaelstingl michaelstingl merged commit 68aedbc into main Mar 16, 2025
4 checks passed
@michaelstingl michaelstingl deleted the fix/hardcoded-test-credentials-clean branch March 16, 2025 22:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@michaelstingl