{"id":37058150,"url":"https://github.com/brandonhenricks/cloudflare-leakedcredentials","last_synced_at":"2026-01-14T06:34:23.670Z","repository":{"id":328373311,"uuid":"1115328885","full_name":"brandonhenricks/cloudflare-leakedcredentials","owner":"brandonhenricks","description":"Minimal netstandard2.0 library that parses Cloudflare's Exposed-Credential-Check header so origin servers can detect credential exposure.","archived":false,"fork":false,"pushed_at":"2025-12-12T20:23:17.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-12-14T08:30:07.434Z","etag":null,"topics":["cloudflare","csharp","security"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brandonhenricks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-12T17:29:22.000Z","updated_at":"2025-12-12T20:23:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/brandonhenricks/cloudflare-leakedcredentials","commit_stats":null,"previous_names":["brandonhenricks/cloudflare-leakedcredentials"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/brandonhenricks/cloudflare-leakedcredentials","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhenricks%2Fcloudflare-leakedcredentials","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhenricks%2Fcloudflare-leakedcredentials/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhenricks%2Fcloudflare-leakedcredentials/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhenricks%2Fcloudflare-leakedcredentials/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brandonhenricks","download_url":"https://codeload.github.com/brandonhenricks/cloudflare-leakedcredentials/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhenricks%2Fcloudflare-leakedcredentials/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28412211,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudflare","csharp","security"],"created_at":"2026-01-14T06:34:23.077Z","updated_at":"2026-01-14T06:34:23.655Z","avatar_url":"https://github.com/brandonhenricks.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cloudflare.LeakedCredentials\n\n[![CI](https://github.com/brandonhenricks/cloudflare-leakedcredentials/actions/workflows/ci.yml/badge.svg)](https://github.com/brandonhenricks/cloudflare-leakedcredentials/actions/workflows/ci.yml)\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n[![NuGet](https://img.shields.io/nuget/v/Cloudflare.LeakedCredentials.svg)](https://www.nuget.org/packages/Cloudflare.LeakedCredentials)\n\nA minimal [netstandard2.0](https://learn.microsoft.com/dotnet/standard/net-standard) library that parses Cloudflare's `Exposed-Credential-Check` response header so origin servers can detect credential exposure without pulling in framework dependencies.\n\n## Purpose\n1. Keep framework dependencies out of the security signal by exposing only a single, functional entry point (`ExposedCredentialCheck.Parse`).\n2. Require callers to provide a `Func\u003cstring, string?\u003e` header accessor so the library works with ASP.NET, HttpClient, middleware pipelines, or any custom HTTP stack.\n\n## Contents\n- [Purpose](#purpose)\n- [Getting started](#getting-started)\n- [Usage](#usage)\n- [API contract](#api-contract)\n- [Best practices](#best-practices)\n- [Testing \u0026 validation](#testing--validation)\n- [NuGet package](#nuget-package)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Getting started\n1. Consume the published NuGet package using `dotnet add package Cloudflare.LeakedCredentials` or build from source with `dotnet build Cloudflare.LeakedCredentials.sln` (netstandard2.0 only).\n2. Provide a header getter delegate when calling `Parse` so you retain control of how headers are fetched.\n\n```csharp\nvar result = ExposedCredentialCheck.Parse(context.Request.Headers.Get);\nif (result == ExposedCredentialCheckResult.Exposed)\n{\n\t\t// trigger additional logging, alerting, or rejection logic\n}\n```\n\n## API contract\n- `ExposedCredentialCheck.Parse(Func\u003cstring, string?\u003e getHeader)`\n\t- Emits `ExposedCredentialCheckResult.None` for missing/null/empty headers.\n\t- Uses `Enum.IsDefined()` plus a positive value check so only known exposure states are surfaced.\n\t- Throws `ArgumentNullException` if the delegate is null to keep contracts strict.\n\n## Best practices\n- Keep header access centralized inside middleware, filters, or helpers before passing a delegate into this library; it simplifies testing and throttling.\n- Treat every result that is not `None` as actionable—`PotentiallyExposed` still warrants monitoring or rate limiting.\n- Wrap log and metric instrumentation around the exposure result so it can feed dashboards without leaking secrets.\n- Preserve netstandard2.0 compatibility: avoid framework-specific APIs in wrappers so this package stays portable.\n- Respect null-safety guarantees by never calling `Parse` with a null delegate and by validating header values before acting on them.\n\n## Testing \u0026 validation\n- Keep builds fast with `dotnet build Cloudflare.LeakedCredentials.sln`.\n- The tests live under `tests/Cloudflare.LeakedCredentials.Tests/`; add coverage-sensitive scenarios there and expose internals via `InternalsVisibleTo` when needed.\n- Use `dotnet test` in CI to exercise the `ExposedCredentialCheck` parsing logic across all states.\n\n## NuGet package\n- The repository already publishes the `Cloudflare.LeakedCredentials` NuGet package targeting netstandard2.0.\n- Consume it with `dotnet add package Cloudflare.LeakedCredentials` and keep your package reference updated from nuget.org.\n- Package publishing follows the standard `dotnet pack` / `dotnet nuget push` flow and should only be run by authorized maintainers.\n## Resiliency notes\n- The library keeps the enum validation strict (using `Enum.IsDefined` and positive value checks) so unknown headers fall back to `None` rather than failing the request.\n- Header parsing is intentionally synchronous and stateless—provide thread-safe delegates when sampling headers from shared contexts.\n\n## Next steps\n- Run `dotnet test Cloudflare.LeakedCredentials.sln` locally and in CI to validate the parsing coverage you just added.\n- When bumping the package, update `Directory.Build.props` metadata and align `Directory.Packages.props` versions with any new dependencies.\n- Draft release notes that explain which Cloudflare response states are surfaced so downstream teams can react appropriately.\n\n## Contributing\n- Open issues for bug reports or feature ideas.\n- Keep future API changes backward-compatible with `ExposedCredentialCheck.Parse`.\n\n## License\nSee the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrandonhenricks%2Fcloudflare-leakedcredentials","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrandonhenricks%2Fcloudflare-leakedcredentials","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrandonhenricks%2Fcloudflare-leakedcredentials/lists"}