fabacab
commented
7 years ago Sure. Are you asking me to update this PR in that way?
Closed fabacab closed 7 years ago
fabacab
commented
7 years ago Sure. Are you asking me to update this PR in that way?
Plazmaz
commented
7 years ago Nah, just noting it. You can update your PR or keep it, I'm sure @techgaun won't mind either way 😉
techgaun
commented
7 years ago Thanks @meitar and @Plazmaz .. its just better to have better dorks with low false positives.. if the fix suggested by @Plazmaz reduces false positives, it would be good to have it updated.
Plazmaz
commented
7 years ago @techgaun with my private project, I implemented some basic heuristics to avoid false positives by searching for "negative patterns" such as "xxxxxx". Unfortunately it would take a lot of refactoring to allow this system to work using this technique. However, it might be worth looking at some other dorks and adding tidbits to reduce false positives.
techgaun
commented
7 years ago @Plazmaz yup I agree. I need to gather some time to revamp this project but I am lacking of time these days.
If anyone wants to step in to lead the development I am more than happy to share this repo
Plazmaz
commented
7 years ago @techgaun unfortunately I'm also short on time. Perhaps you could put something in the readme asking for contributors.
fabacab
commented
7 years ago If you revise it to "extension:json googleusercontent client_secret NOT xxxxxxxxxxxx", it will return less false positives.
Do you know how to use GitHub's advanced search operators to do this? The above search modification, that is, just adding NOT xxxxxxxxxxxx to the existing query, does not reduce the search result set when I try it. I have also looked at GitHub's Advanced Code Search page but cannot find an option listed there for excluding specific strings from code search results.
Thanks in advance for your advice.
Plazmaz
commented
7 years ago Yes it does. https://i.imgur.com/sujpoER.png It's not many results that it excludes though.
fabacab
commented
7 years ago Yes it does. https://i.imgur.com/sujpoER.png
Where are you seeing that? Again, I reiterate that this does not appear on the Github Advanced Code Search page (here's an archive.is snapshot).
Plazmaz
commented
7 years ago Under the cheat sheet
fabacab
commented
7 years ago Under the cheat sheet
What is "the cheat sheet"? Is it too much to ask of you to just paste a link?
Plazmaz
commented
7 years ago There's no link that I can find, just on the search page
fabacab
commented
7 years ago Ah, I found it. The "link" is:
fabacab
commented
7 years ago Okay, running thevsearch again with NOT xxxxxxx appended today takes me from 7,490 results without this clause to 7,487 with it. It removes three results. @techgaun Is that still worth adding to the pull request?
techgaun
commented
7 years ago sounds good. thanks for checking that. merging as-is
If you revise it to "extension:json googleusercontent client_secret NOT xxxxxxxxxxxx", it will return less false positives.