Open mrister opened 6 years ago
As a generic topic, posting security vulnerabilities in a public issue tracker is not a good practice.
Looking at the high ones, they look like false positives. It has the impression that it can access the SVN hidden files, but we use Git... It was tricked by the authorization response false on the svn resources
Yeah, I think there is not much to it, the scan needs to be adjusted for this warning.
I have updated the PR to exclude the SVN test as it is not really applicable. https://github.com/nearform/udaru/pull/544
The issues are:
HIGH: Source Code Disclosure - SVN Medium: Backup File Disclosure Low: X-Content-Type-Options Header Missing
See attached report for more infomation