From f3b86c5ed8bc116b144d1c7ee953e4c97004e008 Mon Sep 17 00:00:00 2001
From: kazet <krzysztof.zajac@cert.pl>
Date: Thu, 9 Nov 2023 10:51:22 +0100
Subject: [PATCH] Less false positives for var_dump (#629)

---
 artemis/reporting/modules/bruter/classifier.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/artemis/reporting/modules/bruter/classifier.py b/artemis/reporting/modules/bruter/classifier.py
index 2afe49b4c..c70bb2d4e 100644
--- a/artemis/reporting/modules/bruter/classifier.py
+++ b/artemis/reporting/modules/bruter/classifier.py
@@ -22,6 +22,11 @@ def is_password_file(found_url: FoundURL) -> bool:
 
 
 def is_php_var_dump(found_url: FoundURL) -> bool:
+    if "/INSTALL" in found_url.url:
+        # Some installation documentation files have fragments that have been mistaken
+        # for var_dumps - let's skip them.
+        return False
+
     if " => " in found_url.content_prefix and (
         "array (" in found_url.content_prefix
         or "array(" in found_url.content_prefix