Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the FetchRSS detector #2844

Merged
merged 1 commit into from
Nov 7, 2024
Merged

Update the FetchRSS detector #2844

merged 1 commit into from
Nov 7, 2024

Conversation

rgmz
Copy link
Contributor

@rgmz rgmz commented May 13, 2024
edited
Loading

Description:

The previous logic resulted in false positives if an error other than "Not authorised" was returned.

Found verified result 🐷🔑
Detector Type: Fetchrss
Decoder Type: PLAIN
Raw result: .impl.uri.rules.ResourceClassRule.accept
Commit: 0b3c625b155c993fda14f97759fcea7278ff2a8e
...

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@rgmz rgmz force-pushed the feat/fetchrss-update branch 3 times, most recently from 8b4a031 to 388ab42 Compare May 17, 2024 00:26
@rgmz rgmz force-pushed the feat/fetchrss-update branch 3 times, most recently from eb55121 to d05292f Compare May 24, 2024 21:37
@rgmz rgmz force-pushed the feat/fetchrss-update branch 2 times, most recently from 70534df to 1b4a9c1 Compare June 5, 2024 00:40
@rgmz rgmz force-pushed the feat/fetchrss-update branch 3 times, most recently from c139476 to 9cd5a46 Compare June 21, 2024 02:47
@rgmz rgmz force-pushed the feat/fetchrss-update branch 2 times, most recently from 4dfae1a to 29f8b6a Compare July 1, 2024 18:36
@rgmz rgmz force-pushed the feat/fetchrss-update branch from 29f8b6a to d94e37a Compare September 13, 2024 11:42
@rgmz rgmz force-pushed the feat/fetchrss-update branch from d94e37a to 9520fdf Compare October 13, 2024 00:00
@rgmz rgmz force-pushed the feat/fetchrss-update branch from 9520fdf to e1cf328 Compare November 3, 2024 14:25
@rgmz rgmz requested a review from a team as a code owner November 3, 2024 14:25
@rgmz rgmz force-pushed the feat/fetchrss-update branch from e1cf328 to aebfd2f Compare November 7, 2024 00:57
ahrav
ahrav approved these changes Nov 7, 2024
View reviewed changes
Copy link
Collaborator

@ahrav ahrav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for getting this updated.

pkg/detectors/fetchrss/fetchrss.go
_ = res.Body.Close()
}()

// The API seems to always return a 200 status code.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sigh, it makes me so sad when APIs don't use status codes correctly. 😢

@ahrav ahrav merged commit afe25cf into trufflesecurity:main Nov 7, 2024
13 checks passed
@rgmz rgmz deleted the feat/fetchrss-update branch November 7, 2024 16:39
@blsaccess blsaccess mentioned this pull request Nov 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahrav ahrav ahrav approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rgmz @ahrav