Jun 28 2023, 04:51 PM
QUOTE(FLampard @ Jun 28 2023, 02:51 PM)
i m using third party software to monitor my FE app
but the linter (imposed by my architect) keep flagging my client_token and application_id as "leaks"
i double check with the vendor already, its not a leak, its meant to be fed into the FE app and nothing wrong about exposing it at FE.
i put it in an env file. didnt help, linter still bising.
what can i do so that linter wont flag it as error?
i can put it in the backend then get the FE to call that API , but its retarded, overengineering and doesnt improve security. hacker can still call the API and get the token anyway
Config the linter or your code to ignore it lah. Depends on what linter you use. but the linter (imposed by my architect) keep flagging my client_token and application_id as "leaks"
i double check with the vendor already, its not a leak, its meant to be fed into the FE app and nothing wrong about exposing it at FE.
i put it in an env file. didnt help, linter still bising.
what can i do so that linter wont flag it as error?
i can put it in the backend then get the FE to call that API , but its retarded, overengineering and doesnt improve security. hacker can still call the API and get the token anyway
e.g. I use //nolint:all for my Go code where appropriate.
https://golangci-lint.run/usage/false-positives/
e.g. #2, trivy, add .trivyignore appropriately: https://aquasecurity.github.io/trivy/v0.42/...tion/filtering/
etc, etc.
This post has been edited by angch: Jun 28 2023, 04:55 PM
Quote
0.0131sec
0.60
6 queries
GZIP Disabled