Reduce False Positives for HTTP detection Rule (#578)

* Exclude xmlnx:xsi * Fix typo in self-test * Update Changelog.md
microsoft · Aug 7, 2023 · 7a4db56 · 7a4db56
1 parent e3d6c3b
commit 7a4db56
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/Changelog.md b/Changelog.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.17] - 2023-08-07
+### Rules
+Improve HTTP url detection rule to exclude more schema definitions.
+
 ## [1.0.16] - 2023-08-04
 ### Fixes
 Fixes an issue with loading settings in the Visual Studio extension.

diff --git a/rules/default/security/attack_surface/outbound_network.json b/rules/default/security/attack_surface/outbound_network.json
@@ -57,6 +57,18 @@
                 "negate_finding": true,
                 "search_in": "finding-region(-1, 0)"
             },
+            {
+                "pattern" : 
+                {
+                    "pattern": "xmlns:xsi=",
+                    "type": "substring",
+                    "scopes": [
+                        "code"
+                    ]
+                },
+                "negate_finding": true,
+                "search_in": "finding-region(-1, 0)"
+            },
             {
                 "pattern" :
                 {
@@ -123,7 +135,8 @@
             "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">",
             "https://",
             "this is \"https://foo.com\"",
-            "<SCRIPT SRC=\"//BLAH\"></SCRIPT>"
+            "<SCRIPT SRC=\"//BLAH\"></SCRIPT>",
+            "xmlns:xsi=\"http://www.w3.org/someschema/\""
         ]
     }
 ]