Bug Description
links generated to secrets identified through github secrets scanning appear to be of the form https://github.com/<org-or-user>/<repo>/<file_path>. this produces broken links that will 404.
Steps to Reproduce
identify a risk sourced from github secrets scanning.
navigate to proof-of-exploit
click on the link and observe that it is not found.
scan the repo locally using NP and identify the secret, noting the commit hash
add /blob/<commit> between the repo and file path to the link provided by chariot
observe the link working
Expected Behavior
i think the correct format for the links should be https://github.com/<org-or-user>/<repo>/blob/<commit_id>/<file_path>
Screenshots
Additional Information
note that the commit id is important - this will allow us to reach files that may have been removed from the current version but that are still accessible in commit history and may contain secrets.
Bug Description links generated to secrets identified through github secrets scanning appear to be of the form
https://github.com/<org-or-user>/<repo>/<file_path>
. this produces broken links that will 404.Steps to Reproduce
/blob/<commit>
between the repo and file path to the link provided by chariotExpected Behavior i think the correct format for the links should be
https://github.com/<org-or-user>/<repo>/blob/<commit_id>/<file_path>
Screenshots
Additional Information note that the commit id is important - this will allow us to reach files that may have been removed from the current version but that are still accessible in commit history and may contain secrets.