yulailailailai
commented
6 months ago Hello, thank you for discovering the bug. We have modified the Aliyun access key in DAST shooting range /sensitive/BS00104 to comply with the specifications
Closed osxtest closed 6 months ago
yulailailailai
commented
6 months ago Hello, thank you for discovering the bug. We have modified the Aliyun access key in DAST shooting range /sensitive/BS00104 to comply with the specifications
Hi, I think that
LTAeLQ1K2EaTgNkkin BS00104Controller.java is not the standard format of Aliyun access key. Therefore, I'm unsure if this should be considered as an access key leakage.https://github.com/alipay/ant-application-security-testing-benchmark/blob/885cde0d8b6c860c3eabbb241e2e6544804a494b/dast-java/src/main/java/com/alipay/antbenchmark/controller/bs/BS00104Controller.java#L26
However, the scorecard for BS00104 categorizes this as a vulnerability.
https://github.com/alipay/ant-application-security-testing-benchmark/blob/885cde0d8b6c860c3eabbb241e2e6544804a494b/dast-java/src/main/resources/scorecard/BS00104.yaml#L4
Could you please clarify which one is the expected behavior? Thank you.