Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore https: as false positive for slackwebhook detector #3425

Merged
merged 1 commit into from
Oct 16, 2024
Merged

Ignore https: as false positive for slackwebhook detector #3425

merged 1 commit into from
Oct 16, 2024

Conversation

kashifkhan0771
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 commented Oct 16, 2024
edited
Loading

Description:

This PR resolves the issue where unverified Slack webhook secrets were incorrectly ignored due to the presence of https: being flagged as a false positive. The updated logic ensures that https: is no longer considered a false positive, allowing Slack webhook secrets to be properly detected and processed.

Output of unverified slackwebhook:

slackwebhook-falsepostive

Ticket:

OSS-36

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@kashifkhan0771 kashifkhan0771 requested review from a team as code owners October 16, 2024 08:09
@kashifkhan0771 kashifkhan0771 changed the title Ignore https: as false postive for slackwebhook detector Ignore https: as false positive for slackwebhook detector Oct 16, 2024
@dustin-decker dustin-decker merged commit e6c43ca into trufflesecurity:main Oct 16, 2024
13 checks passed
@rosecodym
Copy link
Collaborator

Thanks for this!

rgmz
rgmz reviewed Oct 16, 2024
View reviewed changes
pkg/detectors/slackwebhook/slackwebhook.go
Comment on lines +126 to +127
// back to the default false positive checks
return detectors.IsKnownFalsePositive(string(result.Raw), detectors.DefaultFalsePositives, true)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When would this trigger? Won't the result always contain https:?

Personally, I think https: should be removed from the wordlist.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, that can be done as well. For now it was for only one detector so I went with this approach.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, the second sentence is a bit of a tangent.

I don't think the second part of the function will ever be reached.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You’re absolutely right. I’ll simplify the function in next enhancement and remove the second part as it's unnecessary in this case. Appreciate the catch!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rgmz rgmz rgmz left review comments

@dustin-decker dustin-decker dustin-decker approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kashifkhan0771 @rosecodym @dustin-decker @rgmz