-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[URI] Do not attempt multiple verification attempts if host is non-resolvable #3656
base: main
Are you sure you want to change the base?
Conversation
a9b65f5
to
9c2590c
Compare
|
||
hostNotFoundCache = simple.NewCache[struct{}]() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this would benefit from being centralized and shared by all detectors. A domain that's found to not exist for Azure Container Registry, Azure OpenAI, JDBC (below), etc. is applicable to any other detector.
Found unverified result 🐷🔑❓
Verification issue: lookup your_server.database.windows.net: no such host
Detector Type: JDBC
Decoder Type: PLAIN
Raw result: jdbc:sqlserver://your_server.database.windows.net:1433;
Commit: aa081336863641da6061a892c7304f9823b4e8d6
Commit_source: refs/remotes/origin/pull/2/head (hidden ref)
Email: Brian Gianforcaro <[email protected]>
File: Java/sample_java.java
Line: 11
Link: https://github.com/Azure/azure-sql-database-samples/blob/aa081336863641da6061a892c7304f9823b4e8d6/Java/sample_java.java#L11
Repository: https://github.com/Azure/azure-sql-database-samples.git
Timestamp: 2015-09-28 17:26:38 +0000
) | ||
|
||
// Keywords are used for efficiently pre-filtering chunks. | ||
// Use identifiers in the secret preferably, or the provider name. | ||
func (s Scanner) Keywords() []string { | ||
return []string{"http"} | ||
return []string{"http://", "https://"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As far as I can tell, http://
and https://
are more correct and efficient keywords.
var _ detectors.CustomFalsePositiveChecker = (*Scanner)(nil) | ||
var _ interface { | ||
detectors.Detector | ||
detectors.CustomFalsePositiveChecker |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any reason why we ignore all false positives for this detector with custom logic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect there were too many results being filtered by the wordlist, so someone decided to do this workaround instead of removing the problematic entries.
See #3246
ecc2700
to
4a0f5c2
Compare
4a0f5c2
to
ce72986
Compare
ce72986
to
57620fe
Compare
Description:
The URI detector currently makes an indiscriminate number of HTTP requests to domains, regardless of whether they actually exist. This results in wasted network bandwidth and logs spammed with things like below.
In addition to de-duplicating matches, this updates the URI detector to track hosts that are not found and skip verification.
Checklist:
make test-community
)?make lint
this requires golangci-lint)?