-
-
Notifications
You must be signed in to change notification settings - Fork 697
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pscanrules: Address Suspicious Comments rule JS FPs #5813
base: main
Are you sure you want to change the base?
Conversation
93a5cfd
to
031dd13
Compare
new AlertSummary( | ||
pattern.toString(), | ||
line, | ||
Alert.CONFIDENCE_LOW, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should be changing the confidence, we are still not extracting comments (e.g. "// FROM"
), and IMO we should not be saying that we are checking comments, "likely comments".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, that's fair
e40a6e1
to
a1483ab
Compare
Tweaked |
...va/org/zaproxy/zap/extension/pscanrules/InformationDisclosureSuspiciousCommentsScanRule.java
Outdated
Show resolved
Hide resolved
25d4dc4
to
abcb851
Compare
- CHANGELOG > Added fix note. - InformationDisclosureSuspiciousCommentsScanRule > Updated handling to target comments in JavaScript more specifically. - InformationDisclosureSuspiciousCommentsScanRuleUnitTest b> Updated and added tests. - Messages.properties > Updated to detail/report the findings more specifically based on the new behavior. - pscanrules.html > Correct occurrence of "add-on" (vs addon). Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
abcb851
to
ae5659e
Compare
Fixed |
Overview
Note: The regexes used for JS comments are based on https://github.com/antlr/grammars-v4/blob/c82c128d980f4ce46fb3536f87b06b45b9619922/javascript/javascript/JavaScriptLexer.g4#L49-L50
Related Issues
Checklist
./gradlew spotlessApply
for code formatting