August Detlefsen

I like this idea. Developers could annotate properties of their classes and prevent them from being logged incidentally (e.g. if `MyBean.toString()` is called).

Hi @robertwatkins this is great actually. Can you post a link to your code, or the diffs you made to Webgoat to get logging to work?

@rahulaga This looks very cool. I'd be concerned about the execution speed of doing pattern matching on every log statement in high performance environments, but I would love to add...

Where does the option list come from? Is it possible to define custom regexes in configuration? I could see easily matching on an email address, credit card, SSN, etc, but...

It is a tough call. The regex is already pretty specific, so making changes could create a false negative situation. It seems like the issues you have reported so far...

I'd prefer to see the confidence rating bumped down by one (e.g. Firm -> Tentative) rather than having the rule be completely skipped. As you say, sometimes these files are...

@r3l1c7 Thanks for the addition of new rules! However it looks like your submission also removed quite a few rules as well. Can you please do a fresh pull and...

This is an example ASP.Net error message we are trying to match against: ``` System.Web.Services.Protocols.SoapException: Web Exception ---> System.Exception: ``` It will be difficult to rule out this false positive...

Note that re-running `generate_bruteforce_tests.py` does correctly remove this test, but introduces many new tests which cause `botocore.exceptions.NoAuthTokenError` to be thrown.

This is great, I'll look into it. I have been thinking of changing to a JSON format instead of tab-delimited. If you feel up to it, please send a PR.