From 7a4db567c1e401c61129ae37baa476304a160ac5 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Mon, 7 Aug 2023 16:00:46 -0700
Subject: [PATCH] Reduce False Positives for HTTP detection Rule (#578)
* Exclude xmlnx:xsi
* Fix typo in self-test
* Update Changelog.md
---
Changelog.md | 4 ++++
.../security/attack_surface/outbound_network.json | 15 ++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/Changelog.md b/Changelog.md
index 54dc2e5..169c5ee 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.0.17] - 2023-08-07
+### Rules
+Improve HTTP url detection rule to exclude more schema definitions.
+
## [1.0.16] - 2023-08-04
### Fixes
Fixes an issue with loading settings in the Visual Studio extension.
diff --git a/rules/default/security/attack_surface/outbound_network.json b/rules/default/security/attack_surface/outbound_network.json
index 145cdc4..9193074 100644
--- a/rules/default/security/attack_surface/outbound_network.json
+++ b/rules/default/security/attack_surface/outbound_network.json
@@ -57,6 +57,18 @@
"negate_finding": true,
"search_in": "finding-region(-1, 0)"
},
+ {
+ "pattern" :
+ {
+ "pattern": "xmlns:xsi=",
+ "type": "substring",
+ "scopes": [
+ "code"
+ ]
+ },
+ "negate_finding": true,
+ "search_in": "finding-region(-1, 0)"
+ },
{
"pattern" :
{
@@ -123,7 +135,8 @@
"",
"https://",
"this is \"https://foo.com\"",
- ""
+ "",
+ "xmlns:xsi=\"http://www.w3.org/someschema/\""
]
}
]
\ No newline at end of file