Remove secret location from report when scanning confluence

[cx-monicac]

No description provided.

[baruchiro]

The Location is the secret.StartColumn and secret.EndColumn, so it is related to the secret and not to Confluence.

But I agree, it gives no value, not for Confluence and not for Discord. Most of the time it is enough to get the page that contains the secret, and the secret itself.

[cx-monicac]

Hi Baruch, This is indeed the location of the secret within the content it scanned, which in our case is confluence. The point was not to remove from the report message altogether because it will be useful for a folder or file scan. The point was to remove the location from the report if the scanned plugin was confluence because in a web page that has no lines the location is useless. Mónica Casanova Software Developer, Checkmarx<https://checkmarx.com/> M +351<tel:+16504309607> 914147368 ***@***.******@***.***> | www.checkmarx.com<http://www.checkmarx.com/> [signature_275598028] From: Baruch Odem (Rothkoff) ***@***.***> Sent: Monday, May 1, 2023 2:16 PM To: Checkmarx/2ms ***@***.***> Cc: Monica Casanova ***@***.***>; Assign ***@***.***> Subject: Re: [Checkmarx/2ms] Remove secret location from report when scanning confluence (Issue #33) The Location is the secret.StartColumn and secret.EndColumn, so it is related to the secret and not to Confluence. But I agree, it gives no value. I suggest changing it to the secret.StartLine. — Reply to this email directly, view it on GitHub<#33 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A2CIRWAS74ZC6LKGSLRRNKLXD6ZQZANCNFSM6AAAAAAWOYUPUI>. You are receiving this because you were assigned.Message ID: ***@***.***>

[baruchiro]

@cx-monicac Sorry, for now, I removed the Location (#58), since it is not relevant for both Confluence and Discord.

We need to think about how to control the visibility of the location field, since when we calculate it, we are not in the context of any plugin, but in the context of the secrets, which is implemented generically for all the plugins.

[cx-monicac]

Yes, I agree, thanks! Mónica Casanova Software Developer, Checkmarx<https://checkmarx.com/> M +351<tel:+16504309607> 914147368 ***@***.******@***.***> | www.checkmarx.com<http://www.checkmarx.com/> [signature_275598028] From: Baruch Odem (Rothkoff) ***@***.***> Sent: Tuesday, May 2, 2023 10:41 AM To: Checkmarx/2ms ***@***.***> Cc: Monica Casanova ***@***.***>; Mention ***@***.***> Subject: Re: [Checkmarx/2ms] Remove secret location from report when scanning confluence (Issue #33) @cx-monicac<https://github.com/cx-monicac> Sorry, for now, I removed the Location (#58<#58>), since it is not relevant for both Confluence and Discord. We need to think about how to control the visibility of the location field, since when we calculate it, we are not in the context of any plugin, but in the context of the secrets, which is implemented generically for all the plugins. — Reply to this email directly, view it on GitHub<#33 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A2CIRWAWAYF7NNCSR3NJDELXEDJDBANCNFSM6AAAAAAWOYUPUI>. You are receiving this because you were mentioned.Message ID: ***@***.***>