DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Secrets

Secrets

Made by DeepSource
Use Analyzer

Hardcoded Dropbox credentials in source code SCT-1058

Secrets
Critical

Leaking Dropbox credentials in source code can lead to unauthorized access to Dropbox resources, exposing sensitive data and potentially leading to data breaches and financial loss.

It is highly recommended to never hardcode Dropbox credentials in the source code. Instead, use a secure secrets management solution to store and retrieve the credentials during runtime. This approach ensures that the credentials are not exposed and can be easily managed and rotated as needed.

Bad practice

import dropbox

TOKEN = "YOUR_DROPBOX_TOKEN"

dbx = dropbox.Dropbox(TOKEN)
file = '/path/to/file.txt'

with open(file, 'rb') as f:
    dbx.files_upload(f.read(), file)

Recommended

import dropbox
import os

TOKEN = os.getenv('DROPBOX_TOKEN')

dbx = dropbox.Dropbox(TOKEN)
file = '/path/to/file.txt'

with open(file, 'rb') as f:
    dbx.files_upload(f.read(), file)