Open Brain2life opened 3 years ago
Hi, can you share your rules.yaml ?
Hi @CesarGallego. So I've rechecked it again. I used the following steps:
- id: rule-001
description: Find 'admin' keyword in flow data
regex: 'admin'
severity: Medium # Allowed values: Low, Medium, High
searchIn: All # Allowed values: Response, Request, Headers, All
As you can see I'm trying to test custom rule by finding admin keyword in response data.- acurl https://mockbin.org/bin/411b4709-7021-4e09-993e-2adc3de2ed2f | sensitive-data -r rules.yaml
I got the following error:
[!!] 'list' object has no attribute 'update'
I'm using this tool in Gitlab pipelines. Find details in the image below.
Thank you.
Hi Brain all fields on rule are mandatory. You need al least the following on your rule:
There is also a little bug, will be updated on main tools ASAP.
Thanks for your help.
Issue: When trying to pass the custom ruleset to sensitive-data detector with either -r or --rules-file options it throws an error:
[!!] 'list' object has no attribute 'update'
Reproduce error:
acurl https://mockbin.org/bin/60dfe0f7-8f4e-4063-a940-7162d1ec3cc1 | sensitive-data -r rules.yaml
- id: core-001 description: Find 'password' keyword in flow data regex: '([pP][aA][sS][sS][wW][oO][rR][dD])' severity: Medium # Allowed values: Low, Medium, High searchIn: All # Allowed values: Response, Request, Headers, All
Notes: Found that function load hardcoded 'rules.yaml' file name at: https://github.com/BBVA/apicheck/blob/master/tools/sensitive-data/sensitive_data/__main__.py#L79
Maybe that is the reason for error?
Tried to change the rule filename and id name in rule file. Result is same.