kirklatslalom / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

No findings? #30

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.At the test client, create some test documents.
2.At the server, create a New Regex expression /(secret|confidential)/i and use 
existing AMEX regex.
3.Create a New Profile (Windows - Agent) 
4.Create a New Scan with the profile.

What is the expected output? What do you see instead?
I expect OpenDLP to find the sensitive documents. There were no findings 
instead.

What version of the product are you using? On what operating system?
OpenDLP 0.4.1 in Virtual Box
Windows XP SP3 in Virtual Box  

Please provide any additional information below.
See attached.

Original issue reported on code.google.com by babymagi...@gmail.com on 21 Aug 2011 at 6:13

Attachments:

GoogleCodeExporter commented 9 years ago
Hello,

Can you email the test files and the exact regular expressions you used to me? 
Thanks.

Original comment by andrew.O...@gmail.com on 21 Aug 2011 at 2:09

GoogleCodeExporter commented 9 years ago
Hi Andrew,

Thanks for your quick response. As attached ZIP contains all the test files. 
They were randomly created, nothing special. 
The regex selected and used were the default "AMEX" regex that came with 
OpenDLP and another which I created as follows: 
Name: SensitiveDocuments 
Regex: /(secret|confidential)/i

I look forward to hear from you.

Thanks once again for your help.

Cheers

Original comment by babymagi...@gmail.com on 22 Aug 2011 at 12:27

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks for sending the files.  I'll go file-by-file to answer why things 
weren't found:

Test1.xlsx: OpenDLP currently does not support case insensitive searches. I 
would have also tried the same Perl-like regex string and expected it to work, 
but I am using the PCRE.org C library, so I have to pass a special flag to 
treat the regex as a case insensitive search. I will make an option in a future 
release that will let you specify whether a regex is case sensitive or 
insensitive. In the meantime, you could write your regex the long way with 
something like "[Cc][Oo][Nn][Ff][Ii][Dd][Ee][Nn][Tt][Ii][Aa][Ll]". I realize 
this is not optimal, especially when searching for non-static words, so I'll 
work on the regex case sensitivity option soon.

cc test.docx: OpenDLP's built-in regex does not account for dash characters. It 
expects an AMEX string to be 15 consecutive numbers.

Secret.docx and Test2.docx: I didn't see any AMEX or "confidential" strings in 
these files when I opened them and when I looked at the file's XML files.

test4.zip: This is a double zip file, and OpenDLP currently does not do ZIP 
recursion. I do plan to implement this in a future release.

Thanks for the idea on adding an option for case sensitivity to regexes. I'll 
be sure to include it in a future release.

Original comment by andrew.O...@gmail.com on 22 Aug 2011 at 4:21

GoogleCodeExporter commented 9 years ago
Thanks for the detailed analysis! 
Anyway, I am glad to be of help to you in any way. :) I am not a developer but 
I like to start somewhere. Do let me know if you need any help in the code at 
all.  

Original comment by babymagi...@gmail.com on 22 Aug 2011 at 10:41

GoogleCodeExporter commented 9 years ago
Hi Andrew,
  Is there a procedure for performing case insensitive searches, other than the [Aa][Bb][Oo][Ee]\?

Thank you,
Matt.

Original comment by slashdot...@gmail.com on 9 Jan 2014 at 9:18