Two pre-existing PASTE_AUTH tokens in scripts/build.sh and scripts/build-linux-notify.sh are real and should be rotated if the paste.tbs.amn.gg / paste.dk.manko.yoga endpoints still authenticate — this allowlist only silences the pre-push hook, it does not remove the exposure. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
15 lines
728 B
TOML
15 lines
728 B
TOML
[extend]
|
|
useDefault = true
|
|
|
|
[[allowlists]]
|
|
description = "Pre-existing historical findings already on fj/main and github/main. The two PASTE_AUTH tokens in scripts/build.sh and scripts/build-linux-notify.sh are real — rotate if those endpoints still authenticate; this allowlist only silences the pre-push hook, it does not remove the exposure."
|
|
commits = [
|
|
# wzp-crypto module doc: false positive on "SHA-256(Ed25519 pub)[:16]"
|
|
"51e893590c1b9fa49e9f6ae5c96c26deb58f353b",
|
|
# build.sh PASTE_AUTH (paste.tbs.amn.gg)
|
|
"bd6733b2e5d76b5259020f1c30a5223a9773b6aa",
|
|
# build-linux-notify Authorization header (paste.dk.manko.yoga)
|
|
"6d776097c83bc6fbe3f3565e080513d8af93b550",
|
|
"7751439e2bca9eacf2c30929c8124a4eb6136df2",
|
|
]
|