CesarGallego
commented
3 years ago Hi, can you share your rules.yaml ?
Open Brain2life opened 3 years ago
CesarGallego
commented
3 years ago Hi, can you share your rules.yaml ?
Brain2life
commented
3 years ago Hi @CesarGallego. So I've rechecked it again. I used the following steps:
- id: rule-001
description: Find 'admin' keyword in flow data
regex: 'admin'
severity: Medium # Allowed values: Low, Medium, High
searchIn: All # Allowed values: Response, Request, Headers, All
As you can see I'm trying to test custom rule by finding admin keyword in response data.- acurl https://mockbin.org/bin/411b4709-7021-4e09-993e-2adc3de2ed2f | sensitive-data -r rules.yaml
I got the following error:
[!!] 'list' object has no attribute 'update'I'm using this tool in Gitlab pipelines. Find details in the image below.
Thank you.
CesarGallego
commented
3 years ago Hi Brain all fields on rule are mandatory. You need al least the following on your rule:
There is also a little bug, will be updated on main tools ASAP.
Thanks for your help.
Issue: When trying to pass the custom ruleset to sensitive-data detector with either -r or --rules-file options it throws an error:
[!!] 'list' object has no attribute 'update'Reproduce error:
acurl https://mockbin.org/bin/60dfe0f7-8f4e-4063-a940-7162d1ec3cc1 | sensitive-data -r rules.yaml- id: core-001 description: Find 'password' keyword in flow data regex: '([pP][aA][sS][sS][wW][oO][rR][dD])' severity: Medium # Allowed values: Low, Medium, High searchIn: All # Allowed values: Response, Request, Headers, AllNotes: Found that function load hardcoded 'rules.yaml' file name at: https://github.com/BBVA/apicheck/blob/master/tools/sensitive-data/sensitive_data/__main__.py#L79
Maybe that is the reason for error?
Tried to change the rule filename and id name in rule file. Result is same.