During a security scan using Twistlock, we have detected testing PEM file located in the following directory within the github.com/gin-gonic/gin module:
/testdata/certificate/key.pem
This file is being flagged as a vulnerability due to its potential sensitivity and inclusion of private keys/certificates. Per security best practices, sensitive files such as private keys should not be included in public repositories, even for testing purposes.
I kindly request that you remove all testing and potentially sensitive files from these directories to prevent any security risks. This would also help ensure compliance with security scanning tools and best practices.
Thank you for your attention to this matter. We appreciate your effort in maintaining the security and integrity of this library.
Comment From: megajon
I've been using gin for my own projects for some time now and I'm looking to get some hands on experience with open source and this seems like good issue to start with. I'd like to try and tackle it if I can.