Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

在HugoNexT主题中集成twikoo本地文件提交触发Github安全拒绝 #793

Open
elkan1788 opened this issue Feb 28, 2025 · 1 comment
Open

在HugoNexT主题中集成twikoo本地文件提交触发Github安全拒绝 #793

elkan1788 opened this issue Feb 28, 2025 · 1 comment

Comments

@elkan1788
Copy link

HugoNexT已经支持Twikoo评论组件,同时为支持本地部署就把Twikoo组件代码添加到主题仓库,结果提交代码到远程仓库时,触发了安全告警,提示已经包含了安全信息,请作者帮忙分析下看看,谢谢。

Enumerating objects: 83, done.
Counting objects: 100% (67/67), done.
Delta compression using up to 8 threads
Compressing objects: 100% (34/34), done.
Writing objects: 100% (37/37), 161.68 KiB | 641.00 KiB/s, done.
Total 37 (delta 18), reused 0 (delta 0), pack-reused 0 (from 0)
remote: Resolving deltas: 100% (18/18), completed with 11 local objects.
remote: error: GH013: Repository rule violations found for refs/heads/develop.
remote: 
remote: - GITHUB PUSH PROTECTION
remote:   —————————————————————————————————————————
remote:     Resolve the following violations before pushing again
remote:
remote:     - Push cannot contain secrets
remote:
remote:
remote:      (?) Learn how to resolve a blocked push
remote:      https://docs.github.com/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#resolving-a-blocked-push
remote:
remote:
remote:       —— Tencent Cloud Secret ID ———————————————————————————
remote:        locations:
remote:          - commit: e9a76bf650396527cbb46300cd9e154044bc326c
remote:            path: static/js/3rd/twikoo/1.6.41/twikoo.all.min.js:2
remote:
remote:        (?) To push, remove secret from commit(s) or follow this URL to allow the secret.
remote:        https://github.com/hugo-next/hugo-theme-next/security/secret-scanning/unblock-secret/xxxxx      
remote:
remote:
remote:
To github.com:hugo-next/hugo-theme-next.git
 ! [remote rejected] develop -> develop (push declined due to repository rule violations)
error: failed to push some refs to 'github.com:hugo-next/hugo-theme-next.git'
@elkan1788 elkan1788 mentioned this issue Feb 28, 2025
Merged
@imaegoo
Copy link
Member

imaegoo commented Feb 28, 2025

这是个误报,原因是:

twikoo/src/client/view/components/TkAdminConfig.vue

Lines 95 to 96 in 266d8e1

{ key: 'QCLOUD_SECRET_ID', desc: t('ADMIN_CONFIG_ITEM_QCLOUD_SECRET_ID'), ph: `${t('ADMIN_CONFIG_EXAMPLE')}AKIDBgZDdnbTw9D4ey9qPkrkwtb2Do9EwIHw`, value: '' },
{ key: 'QCLOUD_SECRET_KEY', desc: t('ADMIN_CONFIG_ITEM_QCLOUD_SECRET_KEY'), ph: `${t('ADMIN_CONFIG_EXAMPLE')}XrkOnvKWS7WeXbP1QZT76rPgtpWx73D7`, value: '', secret: true },

这一行代码包含了一个腾讯云 secret id 的示例,实际上这是一个无效的 secret id。允许即可:

remote:        (?) To push, remove secret from commit(s) or follow this URL to allow the secret.
remote:        https://github.com/hugo-next/hugo-theme-next/security/secret-scanning/unblock-secret/xxxxx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elkan1788 @imaegoo