SVG path in React component is detected and constants as hard coded credentials #58

pindamonhangaba · 2021-08-20T12:00:24Z

Describe the bug

When running on a react project, svg files with a path and constants with "authorize" (?) in the name are marked as "High"

Expected behavior

SVG's are not credentials

Screenshots

juris · 2021-12-02T11:46:21Z

Having about the same issue. Moreover, excluding svg files does not help.

Insider launch

docker run --rm -v $(pwd):/target-project insidersec/insider -v -tech javascript -target /target-project -exclude client/public/res/* -exclude test/*

Output

...
CVSS 7
Severity 
Class pencil.svg (0:0)
VulnerabilityID d3fcec32a5bdfc4891b31b00d27d9d0c
Description Credentials must not be stored in the code, an attacker could decompile the application and obtain the credential.
ClassMessage client/public/res/icons/streamline/pencil.svg (0:0)
Recomendation There are ‘Secrets Management’ solutions that can be used to store secrets.
...

pindamonhangaba added bug Something isn't working help wanted Extra attention is needed labels Aug 20, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SVG path in React component is detected and constants as hard coded credentials #58

SVG path in React component is detected and constants as hard coded credentials #58

pindamonhangaba commented Aug 20, 2021

juris commented Dec 2, 2021 •

edited

Loading

SVG path in React component is detected and constants as hard coded credentials #58

SVG path in React component is detected and constants as hard coded credentials #58

Comments

pindamonhangaba commented Aug 20, 2021

juris commented Dec 2, 2021 • edited Loading

juris commented Dec 2, 2021 •

edited

Loading