-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG: Rule is matched on HTML comments #91
Comments
Hmm that's a tricky one. There's definitely a slight bug here where the HTML can't be properly parsed using the simple regex based language IOK uses and so while we could try to filter out some false positives, we'd never get all of them |
Yeah, definitely a tricky problem, not sure if it could be solved |
It appears that the implementation for the
html
modifier matches on anything found in the DOM response from URLScan which leads to rules being flagged incorrectly.In the example above both the
base64-encoded-body
&hex-encoded-body
get matched however, the latter is nested within a HTML commentThe text was updated successfully, but these errors were encountered: