Harden public debug and Docker secret exposure#86
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
1 participant
/claim #55
Summary
info.phpendpoint that executedphpinfo()and could expose runtime environment variables such as AWS/S3 credentials when the Apache image serves/var/www/html.envfiles and the debug endpoint path from Docker build contextsphpinfo()and verifies the Docker ignore guardrails stay in placeValidation
rg -n phpinfo\\s*\\( admin\\web candidate\\web company\\web inspector\\web staff\\web status\\web verification\\web common\\tests\\unit\\security\\PublicDebugEndpointTest.phpreturns no public endpoint matchesphp -l common\\tests\\unit\\security\\PublicDebugEndpointTest.phpcould not be run locally because PHP is not installed in this workspace PATHScope
This is intentionally separate from the existing Civil ID upload, S3 credential rotation, IAM, CloudTrail, and third-party integration hardening PRs.