Updated the project to run with Android Studio Otter. #386

pawarprasad37 · 2025-11-26T10:09:23Z

No description provided.

pawarprasad37 · 2025-11-26T10:13:36Z

app/src/main/java/com/razorpay/sampleapp/java/PaymentActivity.java

+        EditText etApiKey = findViewById(R.id.et_api_key);
+        EditText etCustomOptions = findViewById(R.id.et_custom_options);
+
+        etApiKey.setText("rzp_live_ILgsfZCZoFIKMb");


@vivekshindhe need clarity on whether we share our merchant key publicly or not.

semgrep-code-razorpay · 2025-11-26T10:14:43Z

app/src/main/java/com/razorpay/sampleapp/kotlin/PaymentActivity.kt

+        val etApiKey = findViewById<EditText>(R.id.et_api_key)
+        val etCustomOptions = findViewById<EditText>(R.id.et_custom_options)
+
+        etApiKey.setText("rzp_live_ILgsfZCZoFIKMb")


Hardcoded sensitive data leaked

Semgrep has detected a leak of sensitive data in this code. This secret data could be used by internal or external malicious actors. We highly recommend you change, reset, or rotate the sensitive data.

A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.

_{🔴 Fix or ignore this finding to merge your pull request.}
_{Ignore this finding from string}

semgrep-code-razorpay · 2025-11-26T10:14:43Z

app/src/main/java/com/razorpay/sampleapp/java/PaymentActivity.java

+        EditText etApiKey = findViewById(R.id.et_api_key);
+        EditText etCustomOptions = findViewById(R.id.et_custom_options);
+
+        etApiKey.setText("rzp_live_ILgsfZCZoFIKMb");


Hardcoded sensitive data leaked

Semgrep has detected a leak of sensitive data in this code. This secret data could be used by internal or external malicious actors. We highly recommend you change, reset, or rotate the sensitive data.

A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy.

_{🔴 Fix or ignore this finding to merge your pull request.}
_{Ignore this finding from string}

pawarprasad37 added 2 commits November 25, 2025 12:49

Updated the project to run with Android Studio Otter.

d08cb77

Changed a payload key to reflect latest changes.

8f6382e

pawarprasad37 commented Nov 26, 2025

View reviewed changes

semgrep-code-razorpay bot reviewed Nov 26, 2025

View reviewed changes

vivekshindhe approved these changes Dec 5, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Updated the project to run with Android Studio Otter. #386

Updated the project to run with Android Studio Otter. #386

pawarprasad37 commented Nov 26, 2025

Uh oh!

pawarprasad37 Nov 26, 2025

Uh oh!

semgrep-code-razorpay bot Nov 26, 2025

Uh oh!

semgrep-code-razorpay bot Nov 26, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Updated the project to run with Android Studio Otter. #386

Are you sure you want to change the base?

Updated the project to run with Android Studio Otter. #386

Conversation

pawarprasad37 commented Nov 26, 2025

Uh oh!

pawarprasad37 Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

semgrep-code-razorpay bot Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

semgrep-code-razorpay bot Nov 26, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants