tooryx
commented
1 week ago Hey @joernNNN,
Thank you for willing to contribute. We are currently not interested in such a detector, but please continue to submit other ideas.
~tooryx
Closed joernNNN closed 1 week ago
tooryx
commented
1 week ago Hey @joernNNN,
Thank you for willing to contribute. We are currently not interested in such a detector, but please continue to submit other ideas.
~tooryx
joernNNN
commented
1 week ago I'm inquisitive because you have this on your list here: https://github.com/google/tsunami-security-scanner-plugins/blob/3661feda1f87a6786c96bddba6694f6a7677d4a5/google/README.md?plain=1#L53 and here: https://bughunters.google.com/about/rules/open-source/5067456626688000/tsunami-patch-rewards-program-rules#vulnerability-detectors Furthermore, it is like ArgoCD and it is an AI PRP. however, thank you for accepting my other request. I'm also interested in writing a tsunami plugin for the exposed code server.
tooryx
commented
1 week ago Indeed, but we already have one implementation internally and we did not publish it yet.
~tooryx
Hello everyone, I hope you're all doing well.
I'm excited that I'll be writing some new plugins for Google Tsunami! This is a great opportunity, and I can't wait to get started on this project. :))
Based on my preliminary research, GoCD doesn't have any authentication by default it is confirmed in two ways:
docker run -d -p8153:8153 gocd/gocd-server:v24.1.0My thought is that this can be confirmed with of band call with the help of the tsunami callback server.