search

microsoft / sarif-pattern-matcher

Quality domain agnostic regular expression pattern matcher that persists results to SARIF
MIT License
39 stars 18 forks source link

Remove `Octokit` dependencies and refactor the GitHub Pat validator #773

Closed yongyan-gh closed 1 year ago

yongyan-gh commented 1 year ago

Changes

LingZhou-gh commented 1 year ago 
    protected override IEnumerable<ValidationResult> IsValidStaticHelper(IDictionary<string, FlexMatch> groups)

Make sure that this SEC101_006 rule has unified implementations accross different places.

In reply to: 1603000582

Refers to: Src/Plugins/Security/SecurePlaintextSecretsValidators/SEC101_006.GitHubLegacyPatValidator.cs:15 in d52894a. [](commit_id = d52894a185ecc89fd4ea347400ea02ce1e57ec6b, deletion_comment = False)

yongyan-gh commented 1 year ago 
    protected override IEnumerable<ValidationResult> IsValidStaticHelper(IDictionary<string, FlexMatch> groups)

yes the checksum verification I think it comes from the other Microsoft sources, so I didn't add it to the public validator. @HulonJenkins what do you think?

In reply to: 1603000582

Refers to: Src/Plugins/Security/SecurePlaintextSecretsValidators/SEC101_006.GitHubLegacyPatValidator.cs:15 in d52894a. [](commit_id = d52894a185ecc89fd4ea347400ea02ce1e57ec6b, deletion_comment = False)