bf-tomnomnom
commented
1 year ago There is accidentally a very minor fix to remove some false positives in AWS secret detection in this PR too. My bad 🤦
Closed bf-tomnomnom closed 1 year ago
bf-tomnomnom
commented
1 year ago There is accidentally a very minor fix to remove some false positives in AWS secret detection in this PR too. My bad 🤦
As per Issue #6, we currently miss many paths when those paths lack a known file extension etc.
This change attempts to remedy this with a pretty simple check: if a string begins with a forward slash (after passing previous checks for not containing other special characters), it's now considered to be a path.
I was hesitant to make this change at first, but I did an analysis of the JS from several hundred web pages and found that the false-positive rate is generally quite low (around 1%) when compared to the potentially very large number of new paths discovered (almost double what was previously found)