Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A Google Cloud API key has been found hard-coded in the codebase. Storing sensitive credentials like API keys directly in code makes them easy to extract and misuse.
Impact#
If an attacker gains access to this API key, they could use your Google Cloud resources, incur unexpected costs, access sensitive data, or disrupt services. This could lead to data breaches, service downtime, and financial loss for your organization.