Done
Pinned fields
Click on the next to a field label to start pinning.
Details
Assignee
Alban AuzeillAlban AuzeillReporter
Gaëtan FerryGaëtan Ferry(Deactivated)Labels
Components
Fix versions
Priority
Normal
Details
Details
Assignee
Alban Auzeill
Alban Auzeill
Reporter
Gaëtan Ferry
Gaëtan Ferry(Deactivated)
Labels
Components
Fix versions
Priority
NormalSentry
Sentry
Sentry
Created May 24, 2023 at 12:38 PM
Updated October 16, 2024 at 2:17 PM
Resolved July 7, 2023 at 1:04 PM
What
This ticket has been created as part of the False Negative review of the WebGoat.NET benchmark.
The current implementation for S4507 only support some settings of the android manifest. However, other XML configuration files exist for other kinds of projects that we also want to support. As an example,
web.configfiles, as seen in ASP.NET applications, can also declare development settings.This ticket aims at supporting the
customErrorssetting.Detection logic
Find a
customErrorselement with amodeattribute set toOff.This should correspond to the following XPath query:
.//customErrors[@mode="Off"]All files whose name is
web.debug.config- case insensitive - should be excluded from the detection.Example code
RSPEC
Once implemented, please merge the following RSPEC PR:
Note
This change should remove 1 false negative from the aforementioned benchmark:
"S4507","WebGoat.Net:Web.config",53