♻️ Code Refactoring #600
♻️ Code Refactoring #600
Conversation
…, and streamline static analysis Signed-off-by: HAHWUL <[email protected]>
| "dalfox-esii": "<esii-dalfox>", | ||
| "dalfox-rsa-key": "-----BEGIN RSA PRIVATE KEY-----|-----END RSA PRIVATE KEY-----", | ||
| "dalfox-priv-key": "-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", | ||
| "dalfox-aws-s3": "s3\\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\\.s3\\.amazonaws.com", |
Check failure
Code scanning / CodeQL
Incomplete regular expression for hostnames
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to escape the dot before 'com' in the regular expression on line 39. This will ensure that the dot is treated as a literal character rather than a wildcard, preventing unintended matches. The best way to fix this is to use a raw string literal to avoid having to escape backslashes.
| @@ -38,3 +38,3 @@ | ||
| "dalfox-priv-key": "-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", | ||
| "dalfox-aws-s3": "s3\\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\\.s3\\.amazonaws.com", | ||
| "dalfox-aws-s3": `s3\.amazonaws\.com[/]+|[a-zA-Z0-9_-]*\.s3\.amazonaws\.com`, | ||
| "dalfox-aws-appsync-graphql": "da2-[a-z0-9]{26}", |
| "dalfox-priv-key": "-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", | ||
| "dalfox-aws-s3": "s3\\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\\.s3\\.amazonaws.com", | ||
| "dalfox-aws-appsync-graphql": "da2-[a-z0-9]{26}", | ||
| "dalfox-slack-webhook1": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", |
Check failure
Code scanning / CodeQL
Missing regular expression anchor
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to add anchors to the regular expression to ensure it matches the entire URL string and not just any part of it. Specifically, we should add the ^ anchor at the beginning and the $ anchor at the end of the regular expression.
- Update the regular expression for Slack webhook URLs to include
^at the beginning and$at the end. - This change should be made in the
builtinPatternsmap where the regular expression is defined.
| @@ -40,3 +40,3 @@ | ||
| "dalfox-aws-appsync-graphql": "da2-[a-z0-9]{26}", | ||
| "dalfox-slack-webhook1": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", | ||
| "dalfox-slack-webhook1": "^https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}$", | ||
| "dalfox-slack-webhook2": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}", |
| "dalfox-priv-key": "-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", | ||
| "dalfox-aws-s3": "s3\\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\\.s3\\.amazonaws.com", | ||
| "dalfox-aws-appsync-graphql": "da2-[a-z0-9]{26}", | ||
| "dalfox-slack-webhook1": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", |
Check failure
Code scanning / CodeQL
Incomplete regular expression for hostnames
Copilot Autofix
AI about 1 year ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
| "dalfox-aws-s3": "s3\\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\\.s3\\.amazonaws.com", | ||
| "dalfox-aws-appsync-graphql": "da2-[a-z0-9]{26}", | ||
| "dalfox-slack-webhook1": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", | ||
| "dalfox-slack-webhook2": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}", |
Check failure
Code scanning / CodeQL
Missing regular expression anchor
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to add anchors to the regular expression to ensure it matches the entire URL string and not just any part of it. Specifically, we should add the ^ anchor at the beginning and the $ anchor at the end of the regular expression.
- Modify the regular expression for the Slack webhook URL to include
^at the beginning and$at the end. - This change should be made in the
builtinPatternsmap where the regular expression is defined.
| @@ -41,3 +41,3 @@ | ||
| "dalfox-slack-webhook1": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", | ||
| "dalfox-slack-webhook2": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}", | ||
| "dalfox-slack-webhook2": "^https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}$", | ||
| "dalfox-slack-token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", |
| "dalfox-aws-s3": "s3\\.amazonaws.com[/]+|[a-zA-Z0-9_-]*\\.s3\\.amazonaws.com", | ||
| "dalfox-aws-appsync-graphql": "da2-[a-z0-9]{26}", | ||
| "dalfox-slack-webhook1": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", | ||
| "dalfox-slack-webhook2": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}", |
Check failure
Code scanning / CodeQL
Incomplete regular expression for hostnames
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to escape the dot in the regular expression to ensure that it matches only the literal dot character and not any character. This can be done by replacing the dot with \\. in the regular expression string. Additionally, using raw string literals can make the regular expression more readable and avoid the need to escape backslashes.
The specific change required is to update the regular expression for the Slack webhook URL in the builtinPatterns map to escape the dot before slack.com.
| @@ -41,3 +41,3 @@ | ||
| "dalfox-slack-webhook1": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}", | ||
| "dalfox-slack-webhook2": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}", | ||
| "dalfox-slack-webhook2": `https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}`, | ||
| "dalfox-slack-token": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", |
| {Name: "Profense Web Application Firewall (Armorlogic)", Body: "", Header: "PLBSID=|Profense"}, | ||
| {Name: "AppWall (Radware)", Body: "Unauthorized Activity Has Been Detected", Header: "X-SL-CompState"}, | ||
| {Name: "Reblaze Web Application Firewall (Reblaze)", Body: "", Header: "rbzid=|Reblaze Secure Web Gateway"}, | ||
| {Name: "ASP.NET RequestValidationMode (Microsoft)", Body: "ASP.NET has detected data in the request that is potentially dangerous|Request Validation has detected a potentially dangerous client input value|HttpRequestValidationException", Header: ""}, |
Check failure
Code scanning / CodeQL
Incomplete regular expression for hostnames
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to escape the dot in the regular expression to ensure it matches the literal character rather than any character. This can be done by replacing the dot with \.. Additionally, we can use raw string literals to avoid having to escape backslashes, making the regular expression more readable.
| @@ -57,3 +57,3 @@ | ||
| {Name: "Reblaze Web Application Firewall (Reblaze)", Body: "", Header: "rbzid=|Reblaze Secure Web Gateway"}, | ||
| {Name: "ASP.NET RequestValidationMode (Microsoft)", Body: "ASP.NET has detected data in the request that is potentially dangerous|Request Validation has detected a potentially dangerous client input value|HttpRequestValidationException", Header: ""}, | ||
| {Name: "ASP.NET RequestValidationMode (Microsoft)", Body: `ASP\.NET has detected data in the request that is potentially dangerous|Request Validation has detected a potentially dangerous client input value|HttpRequestValidationException`, Header: ""}, | ||
| {Name: "Safe3 Web Application Firewall", Body: "", Header: "Safe3"}, |
| {Name: "ASP.NET RequestValidationMode (Microsoft)", Body: "ASP.NET has detected data in the request that is potentially dangerous|Request Validation has detected a potentially dangerous client input value|HttpRequestValidationException", Header: ""}, | ||
| {Name: "Safe3 Web Application Firewall", Body: "", Header: "Safe3"}, | ||
| {Name: "Safedog Web Application Firewall (Safedog)", Body: "", Header: "WAF/2.0|safedog"}, | ||
| {Name: "SecureIIS Web Server Security (BeyondTrust)", Body: "SecureIIS.*?Web Server Protection|http://www.eeye.com/SecureIIS/|?subject=[^>]*SecureIIS Error", Header: ""}, |
Check failure
Code scanning / CodeQL
Incomplete regular expression for hostnames
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to escape the dot in the regular expression to ensure that it matches only a literal dot and not any character. This can be done by replacing the dot with \\. in the regular expression string. This change should be made in the patterns array where the regular expression is defined.
| @@ -60,3 +60,3 @@ | ||
| {Name: "Safedog Web Application Firewall (Safedog)", Body: "", Header: "WAF/2.0|safedog"}, | ||
| {Name: "SecureIIS Web Server Security (BeyondTrust)", Body: "SecureIIS.*?Web Server Protection|http://www.eeye.com/SecureIIS/|?subject=[^>]*SecureIIS Error", Header: ""}, | ||
| {Name: "SecureIIS Web Server Security (BeyondTrust)", Body: "SecureIIS.*?Web Server Protection|http://www\\.eeye\\.com/SecureIIS/|?subject=[^>]*SecureIIS Error", Header: ""}, | ||
| {Name: "SEnginx (Neusoft Corporation)", Body: "SENGINX-ROBOT-MITIGATION", Header: ""}, |
| {Name: "SonicWALL (Dell)", Body: "This request is blocked by the SonicWALL|#shd|#nsa_banner|Web Site Blocked.*?nsa_banner", Header: "SonicWALL"}, | ||
| {Name: "UTM Web Protection (Sophos)", Body: "Powered by UTM Web Protection", Header: ""}, | ||
| {Name: "Stingray Application Firewall (Riverbed / Brocade)", Body: "", Header: "X-Mapping-"}, | ||
| {Name: "CloudProxy WebSite Firewall (Sucuri)", Body: "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions?.*[email protected]", Header: "Sucuri/Cloudproxy|X-Sucuri"}, |
Check failure
Code scanning / CodeQL
Incomplete regular expression for hostnames
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to escape the dot (.) in the regular expression to ensure it matches only the literal dot character and not any character. This will make the pattern more precise and prevent unintended matches. Specifically, we need to update the regular expression in the Body field of the WAFPattern for "CloudProxy WebSite Firewall (Sucuri)" on line 67.
| @@ -66,3 +66,3 @@ | ||
| {Name: "Stingray Application Firewall (Riverbed / Brocade)", Body: "", Header: "X-Mapping-"}, | ||
| {Name: "CloudProxy WebSite Firewall (Sucuri)", Body: "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions?.*[email protected]", Header: "Sucuri/Cloudproxy|X-Sucuri"}, | ||
| {Name: "CloudProxy WebSite Firewall (Sucuri)", Body: "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions?.*?cloudproxy@sucuri\\.net", Header: "Sucuri/Cloudproxy|X-Sucuri"}, | ||
| {Name: "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)", Body: "waf.tencent-cloud.com", Header: ""}, |
| {Name: "UTM Web Protection (Sophos)", Body: "Powered by UTM Web Protection", Header: ""}, | ||
| {Name: "Stingray Application Firewall (Riverbed / Brocade)", Body: "", Header: "X-Mapping-"}, | ||
| {Name: "CloudProxy WebSite Firewall (Sucuri)", Body: "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions?.*[email protected]", Header: "Sucuri/Cloudproxy|X-Sucuri"}, | ||
| {Name: "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)", Body: "waf.tencent-cloud.com", Header: ""}, |
Check failure
Code scanning / CodeQL
Missing regular expression anchor
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to add anchors to the regular expression to ensure it matches the expected part of the input string. Specifically, we should add ^ at the beginning and $ at the end of the pattern to ensure it matches the entire string.
- Update the regular expression for the "Tencent Cloud Web Application Firewall" pattern to include anchors.
- Modify the
Bodyfield of theWAFPatternstruct for the "Tencent Cloud Web Application Firewall" entry to use the anchored pattern.
| @@ -67,3 +67,3 @@ | ||
| {Name: "CloudProxy WebSite Firewall (Sucuri)", Body: "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions?.*[email protected]", Header: "Sucuri/Cloudproxy|X-Sucuri"}, | ||
| {Name: "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)", Body: "waf.tencent-cloud.com", Header: ""}, | ||
| {Name: "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)", Body: "^waf.tencent-cloud.com$", Header: ""}, | ||
| {Name: "Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)", Body: "", Header: "st8(id|_wat|_wlf)"}, |
| {Name: "UTM Web Protection (Sophos)", Body: "Powered by UTM Web Protection", Header: ""}, | ||
| {Name: "Stingray Application Firewall (Riverbed / Brocade)", Body: "", Header: "X-Mapping-"}, | ||
| {Name: "CloudProxy WebSite Firewall (Sucuri)", Body: "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions?.*[email protected]", Header: "Sucuri/Cloudproxy|X-Sucuri"}, | ||
| {Name: "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)", Body: "waf.tencent-cloud.com", Header: ""}, |
Check failure
Code scanning / CodeQL
Incomplete regular expression for hostnames
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to escape the dots in the regular expression "waf.tencent-cloud.com" to ensure that they match literal dots rather than any character. This can be done by replacing each dot with \\.. Additionally, we can use raw string literals to avoid having to escape backslashes, making the regular expression more readable.
| @@ -67,3 +67,3 @@ | ||
| {Name: "CloudProxy WebSite Firewall (Sucuri)", Body: "Access Denied.*?Sucuri Website Firewall|Sucuri WebSite Firewall.*?Access Denied|Questions?.*[email protected]", Header: "Sucuri/Cloudproxy|X-Sucuri"}, | ||
| {Name: "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)", Body: "waf.tencent-cloud.com", Header: ""}, | ||
| {Name: "Tencent Cloud Web Application Firewall (Tencent Cloud Computing)", Body: `waf\.tencent-cloud\.com`, Header: ""}, | ||
| {Name: "Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)", Body: "", Header: "st8(id|_wat|_wlf)"}, |
…ic for reflection checks Signed-off-by: HAHWUL <[email protected]>
…or improved performance Signed-off-by: HAHWUL <[email protected]>
…larity with switch-case structure Signed-off-by: HAHWUL <[email protected]>
… alert replacement logic Signed-off-by: HAHWUL <[email protected]>
…improved readability and maintainability Signed-off-by: HAHWUL <[email protected]>
…ctions for improved clarity and maintainability Signed-off-by: HAHWUL <[email protected]>
…al logic for better clarity and maintainability; add unit tests for new functionality Signed-off-by: HAHWUL <[email protected]>
…est coverage and reliability Signed-off-by: HAHWUL <[email protected]>
Signed-off-by: HAHWUL [email protected]