You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello.
I am using Bchecks to find sensitive information in the response, such as "token".
The Bchecks I wrote always generate false positives when testing the login function. Because logging into the server will definitely return the user's token information. I would like to ask if Bchecks can count the number of times regular matches are made, for example, in Example 1, when two tokens are found, the problem is reported
{ "industry_name": "a", "token": "xxxx", }
I am now checking if there are "login" characters in the requested URL to reduce false positives, but this is always missing. If there is a better way, please let me know. Thank you very much.
The text was updated successfully, but these errors were encountered:
Hello.
I am using Bchecks to find sensitive information in the response, such as "token".
The Bchecks I wrote always generate false positives when testing the login function. Because logging into the server will definitely return the user's token information. I would like to ask if Bchecks can count the number of times regular matches are made, for example, in Example 1, when two tokens are found, the problem is reported
Example 1 【need report】
{ "data": [{ "industry_name": "a", "token": "xxxx", }, { "industry_name": "b", "token": "xxxxxx", }] }
No report example
{ "industry_name": "a", "token": "xxxx", }
I am now checking if there are "login" characters in the requested URL to reduce false positives, but this is always missing. If there is a better way, please let me know. Thank you very much.
The text was updated successfully, but these errors were encountered: