Skip to content

security(tests): remove hardcoded API token from test file #82

New issue
New issue
Open
Open
security(tests): remove hardcoded API token from test file#82
Labels
complexity:trivialLess than 30 minuteslang:phpPHP/Laravelpriority:highDo soontype:securitySecurity related
@Snider

Description

@Snider
Snider
opened on Feb 4, 2026

Parent audit: #36

Finding

A hardcoded API token exists in the test file, which could be a real credential committed to version control.

Location

  • src/Mod/Trees/Tests/Unit/AgentDetectionTest.php

Fix

Replace the hardcoded token with an environment variable lookup or a fake/mock token that is clearly not a real credential.

Acceptance Criteria

  • No real API tokens in test files
  • Token sourced from environment variable or replaced with an obviously fake value
  • If the token was real, it has been rotated/revoked
  • CI pipeline passes with the updated approach

Metadata

Metadata

Assignees

No one assigned

    Labels

    complexity:trivialLess than 30 minuteslang:phpPHP/Laravelpriority:highDo soontype:securitySecurity related

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions