Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suggestion: don't match on "suspicious links" in comments? #9

Closed
christophetd opened this issue Jul 4, 2022 · 0 comments
Closed

suggestion: don't match on "suspicious links" in comments? #9

christophetd opened this issue Jul 4, 2022 · 0 comments

Comments

@christophetd
Copy link
Contributor

e.g.

Scanning pip
{'secrets': {}, 'shady-links': {'/var/folders/_j/rxmxz87j51q5mzmk79qs0qs00000gp/T/tmp0lq4d1hz/pip-22.1.2/pip-22.1.2/src/pip/_internal/network/session.py': ['Detected an unsafe link to SECURE_ORIGINS: List[SecureOrigin] = [\n    # protocol, hostname, port\n    # Taken from Chrome\'s list of secure origins (See: http://bit.ly/1qrySKC)\n    ("https", "*", "*"),\n    ("*", "localhost", "*"),\n    ("*", "127.0.0.0/8", "*"),\n    ("*", "::1/128", "*"),\n    ("file", "*", None),\n    # ssh is always secure.\n    ("ssh", "*", "*"),\n].', 'Detected an unsafe link to [\n    # protocol, hostname, port\n    # Taken from Chrome\'s list of secure origins (See: http://bit.ly/1qrySKC)\n    ("https", "*", "*"),\n    ("*", "localhost", "*"),\n    ("*", "127.0.0.0/8", "*"),\n    ("*", "::1/128", "*"),\n    ("file", "*", None),\n    # ssh is always secure.\n    ("ssh", "*", "*"),\n].'], '/var/folders/_j/rxmxz87j51q5mzmk79qs0qs00000gp/T/tmp0lq4d1hz/pip-22.1.2/pip-22.1.2/src/pip/_vendor/tenacity/wait.py': ['Detected an unsafe link to """Random wait with exponentially widening window.\n\n    An exponential backoff strategy used to mediate contention between multiple\n    uncoordinated processes for a shared resource in distributed systems. This\n    is the sense in which "exponential backoff" is meant in e.g. Ethernet\n    networking, and corresponds to the "Full Jitter" algorithm described in\n    this blog post:\n\n    https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/\n\n    Each retry occurs at a random time in a geometrically expanding interval.\n    It allows for a custom multiplier and an ability to restrict the upper\n    limit of the random interval to some maximum value.\n\n    Example::\n\n        wait_random_exponential(multiplier=0.5,  # initial window 0.5s\n                                max=60)          # max 60s timeout\n\n    When waiting for an unavailable resource to become available again, as\n    opposed to trying to resolve contention for a shared resource, the\n    wait_exponential strategy (which uses a fixed interval) may be preferable.\n\n    """.']}, 'post-systeminfo': {}, 'download-executable': {}, 'base64-strings': {}, 'code-execution': {}, 'cmd-overwrite': {}, 'typosquatting': None}
enelli added a commit that referenced this issue Jul 5, 2022
@enelli
fix: Closes #9
bfc8956
@enelli enelli closed this as completed Jul 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

9-suggestion-dont-match-on-suspicious-links-in-comments DataDog/guarddog
2 participants
@christophetd @enelli