-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding slack workflow #585
Conversation
@@ -463,6 +463,12 @@ | |||
"ContentsRegex": "$SEC101/047.CratesApiKey", | |||
"MessageArguments": { "secretKind": "Crates API key" } | |||
}, | |||
{ | |||
"Id": "SEC101/048", | |||
"Name": "DoNotExposePlaintextSecrets/SlackWorkflow", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Credentials = id + password, for example.
Token/ApiKey = you use that to authenticate.
For others, such as workflows/webhooks, we don't have a specific pattern.
Now, should we change all to 'Token', when we discussed about this, we were relying on the term used by the secret.
For example, we found a Nuget api key and not a nuget token.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we actually converged on 'Key' elsewhere unless there was a better term.
In any case, what name do we want here? SlackWorkflowKey?
|
||
case HttpStatusCode.NotFound: | ||
{ | ||
message = "The specified Slack webhook could not be found."; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, forgot to update.
will do once u finish this review!
thanks!
@@ -15,6 +15,9 @@ | |||
|
|||
namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security.Validators | |||
{ | |||
/// <summary> | |||
/// Testing SEC101/005.SlackTokenValidator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, I think SlackApiKey is actually the right rule name.
|
||
namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security | ||
{ | ||
public class SlackWorkflowValidator : DynamicValidatorBase |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, SlackWorkflowKey looks right.
@@ -16,6 +16,9 @@ | |||
|
|||
namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security.Validators | |||
{ | |||
/// <summary> | |||
/// Testing SEC101/020.DropboxAccessTokenValidator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -18,7 +18,7 @@ | |||
namespace Microsoft.CodeAnalysis.Sarif.PatternMatcher.Plugins.Security.Validators | |||
{ | |||
/// <summary> | |||
/// Testing SEC101/026.AkamaiCredentialsValidatorTests | |||
/// Testing SEC101/015.AkamaiCredentialsValidator |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
i'm following ur guidance to make everything in the same format, it will facilitate in the future :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🕐
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes
For significant contributions please make sure you have completed the following items:
ReleaseHistory.md
updated for non-trivial changes