Open tallandtree opened 1 month ago
Thank you for reporting the issue and for the proposed enhancement. I will add it to the next release. Did you have the chance to test your enhancements on top of the latest main branch? Does it fix your bug, or are you still having issues?
Apologies for the late response. I am back to business now, and I should be way more responsive from now on.
Hi, No problem. I've not yet had the time to test your latest version. I've planned this for the first week of September. With the reconnect I implemented, it works in any case, but I'll let you know what the results are after I've tested with your latest version again.
I use a fork of your n0s1 code to scan our (large) confluence cloud instance. Thanks for that, it is very useful.
However, I found out that not all spaces are being scanned, but I didn't get an error message or timeout. I just noticed that a test space I added was not in the report. The total scan took about 5 hours. I figured it was caused by somehow the connection being closed and the client object to become empty. I saw that you recently added error handling and did some refactoring. But the strange thing is, we didn't get errors. But I will adopt the error handling in any case. For now, I solved the issue with missing spaces by adding a self.connect() in the method 'get_data' for every batch of spaces to be collected. There might be a better way though, but for now this works.
and in get_data:
I also added a possibility to only test with one space as the total scan takes such a long time via the parameter test.
For your interest, another improvement I made for our use case, is a change to the config.yaml:
id: generic-api-key
as we got tons of false positives due to this regex finding the confluence user macro and link macro in combination with 'key'.And we added a method to skip a page if a label was set to indicate the page is a false positive, because the found secret is just meant as an example. In that case, the user can add a specific label to indicate that it is a false positive.
And in the method
get_data
:In any case, thanks for your code. Hope my comments are useful. Kind regards, Mariska