From 1d7a4b6f1ddfa18cf72eb976101cbde83b53db2d Mon Sep 17 00:00:00 2001 From: GAURAV singh Date: Thu, 25 Jun 2026 01:07:42 +0530 Subject: [PATCH 1/2] SECURITY: add hardcoded secret bug --- src/auth.js | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 src/auth.js diff --git a/src/auth.js b/src/auth.js new file mode 100644 index 0000000..d826afb --- /dev/null +++ b/src/auth.js @@ -0,0 +1,7 @@ +const API_KEY = "sk-hardcoded-secret-12345"; + +function fetchUserData(userId) { + return fetch(`https://api.example.com/users/${userId}`, { + headers: { "Authorization": `Bearer ${API_KEY}` } + }); +} From db1aa7038ea9a0192fd8933e85e077870468d5e9 Mon Sep 17 00:00:00 2001 From: GAURAV singh Date: Thu, 25 Jun 2026 01:17:58 +0530 Subject: [PATCH 2/2] Apply AI-generated fixes - src/auth.js: Replaced hardcoded API key with an environment variable for improved security. --- src/auth.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/auth.js b/src/auth.js index d826afb..620fed3 100644 --- a/src/auth.js +++ b/src/auth.js @@ -1,4 +1,4 @@ -const API_KEY = "sk-hardcoded-secret-12345"; +const API_KEY = process.env.API_KEY; function fetchUserData(userId) { return fetch(`https://api.example.com/users/${userId}`, {