Delete GoogleService-Info.plist from example project #2295
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AnthonyDadeWT
requested review from
pdenert,
piotruela and
mateuszwojtczak
as code owners
|
To view this pull requests documentation preview, visit the following URL: Documentation is deployed and generated using docs.page. |
github-actions
bot
added
the
package: patrol
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I raised this issue and the discord and got feedback from @mateuszwojtczak
My project runs security scans on our Flutter app binaries and we had a critical violation due to the file:
ios/.symlinks/patrol/example/ios/Runner/GoogleService-Info.plist
The security scan detected sensitive information (in this case it thought it was a credit card #) in this file, and is probably related to the API key or GCM_SENDER_ID values.
GoogleService-Info.plist is a Firebase configuration file that contains secrets/API keys. This file is usually not version controlled to keep these values private. Due to this, I don't think this file belongs here, and having this present could also cause the same security violation for others using Patrol that also scan their app(s).
Read more in the discord thread where I brought this up:
https://discord.com/channels/1167030497612922931/1270048825569972394