Url detection#611
Conversation
| "MessageArguments": { "dataKind": "social security number" } | ||
| }, | ||
| { | ||
| "Id": "SEC102/003", |
| { | ||
| "Id": "SEC102/003", | ||
| "Name": "ReviewPotentiallySensitiveData/Url", | ||
| "FileNameAllowRegex": "(?i)(\\.cs|\\.cpp|\\.ini|\\.js|\\.ps1)$", |
There was a problem hiding this comment.
@michaelcfanning Is this comment with respect to the URL analysis or the certificate analysis?
| # SPAM configuration | ||
| .spam/ | ||
| *.sarif No newline at end of file | ||
| .sarif/ No newline at end of file |
| "artifacts": [ | ||
| { | ||
| "location": { | ||
| "uri": "src/Plugins/Tests.Security/TestData/ReviewPotentiallySensitiveData/Inputs/SEC102_001.EmailAddress_with_email_addresses.txt", |
| { | ||
| "ValidatorsAssemblyName": "Security.dll", | ||
| "SharedStringsFileName": "Security.SharedStrings.txt", | ||
|
|
There was a problem hiding this comment.
nit: remove this empty line #Resolved
this looks strange. In reply to: 1105351716 Refers to: Src/Plugins/Security/SEC102_001.EmailAddressValidator.cs:22 in 35b0fc7. [](commit_id = 35b0fc7, deletion_comment = False) |
| @@ -0,0 +1,24 @@ | |||
| { | |||
There was a problem hiding this comment.
something is wrong. we should see results in the SARIF #Closed
There was a problem hiding this comment.
Wrong extension on test file! Good catch, thank you.
|
@michaelcfanning @eddynaka I am trying to understand this: I see the test files in place (expected inputs and outputs), but I don't see any files which drive the tests to use this new test data. Will the existing testing setup pick these up automatically? In reply to: 1106972516 |
|
I'd neglected to git add a file, sorry! In reply to: 1106972516 |
you can remove this entire file In reply to: 1109053602 Refers to: Src/Plugins/Tests.Security/TestData/ReviewPotentiallySensitiveData/ExpectedOutputs/SEC102_002.SocialSecurityNumber_with_social_security_numbers.sarif:1 in b9278ea. [](commit_id = b9278ea, deletion_comment = False) |
| https://msn.com/test | ||
| https://msn.com/test/ | ||
| https://msn.com/test?foo=bar | ||
| https://msn.com/test?foo=bar#bookmark No newline at end of file |
There was a problem hiding this comment.
In the tests, I cannot see this.
There was a problem hiding this comment.
that's by design, this is a bookmark, i.e., the fragment doesn't change the finding.
hm, the baselining gesture in my non-clean build env re-added them, thanks. In reply to: 1109053602 Refers to: Src/Plugins/Tests.Security/TestData/ReviewPotentiallySensitiveData/ExpectedOutputs/SEC102_002.SocialSecurityNumber_with_social_security_numbers.sarif:1 in b9278ea. [](commit_id = b9278ea, deletion_comment = False) |
Changes
Add a simple URL analysis that's currently constrained to a small subset of code files. We could consider expanding this and adding a dynamic validator (that can do things like provide a broken link detection).
@suvamM