Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive: "system (" #150

Open
friggingee opened this issue Sep 30, 2024 · 1 comment
Open

False positive: "system (" #150

friggingee opened this issue Sep 30, 2024 · 1 comment

Comments

@friggingee
Copy link

What is this feature about (expected vs actual behaviour)?

Input: "move test to productive system (November)"

Expected: "move test to productive system (November)", i.e. no change

Actual: "" (empty string, all content is being filtered)

How can I reproduce it?

Run just "system (" against the tool and it will filter albeit no danger comes from this string without more dangerous context

Does it take minutes, hours or days to fix?

hours

Any additional information?

None at the moment
@friggingee
Copy link
Author

Turns out, our integration was buggy AND this is an actual false positive.

The tool doesn't consider context and flags this as XSS which isn't correct. But I'm not sure if this is within the scope of this tool to consider context.

@friggingee friggingee reopened this Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@friggingee