-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove secret location from report when scanning confluence #33
Comments
The But I agree, it gives no value, not for Confluence and not for Discord. Most of the time it is enough to get the page that contains the secret, and the secret itself. |
Hi Baruch,
This is indeed the location of the secret within the content it scanned, which in our case is confluence. The point was not to remove from the report message altogether because it will be useful for a folder or file scan. The point was to remove the location from the report if the scanned plugin was confluence because in a web page that has no lines the location is useless.
Mónica Casanova
Software Developer, Checkmarx<https://checkmarx.com/>
M +351<tel:+16504309607> 914147368
***@***.******@***.***> | www.checkmarx.com<http://www.checkmarx.com/>
[signature_275598028]
From: Baruch Odem (Rothkoff) ***@***.***>
Sent: Monday, May 1, 2023 2:16 PM
To: Checkmarx/2ms ***@***.***>
Cc: Monica Casanova ***@***.***>; Assign ***@***.***>
Subject: Re: [Checkmarx/2ms] Remove secret location from report when scanning confluence (Issue #33)
The Location is the secret.StartColumn and secret.EndColumn, so it is related to the secret and not to Confluence.
But I agree, it gives no value.
I suggest changing it to the secret.StartLine.
—
Reply to this email directly, view it on GitHub<#33 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A2CIRWAS74ZC6LKGSLRRNKLXD6ZQZANCNFSM6AAAAAAWOYUPUI>.
You are receiving this because you were assigned.Message ID: ***@***.***>
|
@cx-monicac Sorry, for now, I removed the We need to think about how to control the visibility of the location field, since when we calculate it, we are not in the context of any plugin, but in the context of the secrets, which is implemented generically for all the plugins. |
Yes, I agree, thanks!
Mónica Casanova
Software Developer, Checkmarx<https://checkmarx.com/>
M +351<tel:+16504309607> 914147368
***@***.******@***.***> | www.checkmarx.com<http://www.checkmarx.com/>
[signature_275598028]
From: Baruch Odem (Rothkoff) ***@***.***>
Sent: Tuesday, May 2, 2023 10:41 AM
To: Checkmarx/2ms ***@***.***>
Cc: Monica Casanova ***@***.***>; Mention ***@***.***>
Subject: Re: [Checkmarx/2ms] Remove secret location from report when scanning confluence (Issue #33)
@cx-monicac<https://github.com/cx-monicac> Sorry, for now, I removed the Location (#58<#58>), since it is not relevant for both Confluence and Discord.
We need to think about how to control the visibility of the location field, since when we calculate it, we are not in the context of any plugin, but in the context of the secrets, which is implemented generically for all the plugins.
—
Reply to this email directly, view it on GitHub<#33 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A2CIRWAWAYF7NNCSR3NJDELXEDJDBANCNFSM6AAAAAAWOYUPUI>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
No description provided.
The text was updated successfully, but these errors were encountered: