Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

github_secrets.py is added #114

Open
bhavya1857 opened this issue Jun 23, 2023 · 2 comments
Open

github_secrets.py is added #114

bhavya1857 opened this issue Jun 23, 2023 · 2 comments
Assignees
Labels
gssoc23 Issues created for GSSoC 23 contributors

Comments

@bhavya1857
Copy link

Issue Description:

The problem initially was that the GITHUB_API_TOKEN and USERNAME variables were hard-coded into the github_secrets.py file. This means that anyone who had access to the file would be able to see the GitHub personal access token and username.

To fix this problem, I suggested changing the GITHUB_API_TOKEN and USERNAME variables to environment variables. This means that the GitHub personal access token and username would be stored in the environment and not in the file. This makes the code more secure because only the people who have access to the environment variables will be able to see the GitHub personal access token and username.

I also suggested adding comments to the code to explain what each line does. This makes the code easier to read and understand.

Finally, I suggested indenting the code by four spaces. This makes the code easier to read and understand. Moreover the github_secrets.py was missing

Expected Behavior:

The new changed code would get the GitHub personal access token and username from the environment, instead of hard-coding them into the file. This makes the code more secure because only the people who have access to the environment variables will be able to see the GitHub personal access token and username.

The code would also print the GitHub personal access token and username to the console. This is useful for debugging purposes.

Current Behavior:

If we don't implement the changes I suggested, then the GITHUB_API_TOKEN and USERNAME variables would still be hard-coded into the github_secrets.py file. This means that anyone who had access to the file would be able to see the GitHub personal access token and username.

This would be a security risk because anyone who could access the file could use the GitHub personal access token and username to access your GitHub account. They could then use your account to make changes to your repositories, create new repositories, or delete repositories.

In addition, if the file were to be leaked or compromised, anyone who could access it would be able to see your GitHub personal access token and username. This could be used to impersonate you on GitHub or to steal your identity.

Therefore, it is important to implement the changes I suggested to make the code more secure.

Labels:
new file added

@bhavya1857 bhavya1857 added the gssoc23 Issues created for GSSoC 23 contributors label Jun 23, 2023
@bhavya1857
Copy link
Author

i have done the PR for this already

@sahil-sagwekar2652
Copy link
Owner

link the PRs please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
gssoc23 Issues created for GSSoC 23 contributors
Projects
None yet
Development

No branches or pull requests

2 participants