Security Alert: Sensitive Information Detected in Public Repository

[vyastj]

Hello ad-dc,

Our security tools have identified a few in the public repository ad-dc/omniauth-appdirect. Details are as follows:

🚨 [HIGH] Keyword 'token' found in app_direct.rb at line 6 https://raw.githubusercontent.com/ad-dc/omniauth-appdirect/master/lib/omniauth/strategies/app_direct.rb
🚨 [HIGH] Keyword 'session' found in app_direct.rb at line 6 https://raw.githubusercontent.com/ad-dc/omniauth-appdirect/master/lib/omniauth/strategies/app_direct.rb

Could you please review these findings and, if feasible, change the repository's visibility from public to private to prevent potential exposure of sensitive AppDirect information?

[peteonrails]

Looks like a false positive to me. Am I missing something?

[vyastj]

Yes, this is indeed a false positive. However, could we make this repository private to prevent any potential AppDirect-related information disclosure?