Felipe Zipitría
Felipe Zipitría
I mean, we are very careful trying to get only some words (that's why we have lists of words). The regular expression you created there it is only going to...
Common sense is not tests. Tests are proofs. Let's see what we can do, but without numbers it is very difficult to make an informed decision...
Do you have numbers for the discussion? Otherwise, how are you going to support it?
QQ: what do we think ARGS has? Because I see possible a lot of text coming to that variable, and that is how you get your FPs.
Looks like this rule (932290) is a good candidate for testing with our friendly cloud provider. I'll start the communication and we can get real numbers and make an informed...
Sadly we didn't had any response yet on this one. I'll try to include more people next.
ping @nanchen114
@franbuehler Any news on this one?
@Xhoenix Can we do better than `@rx \b([^\s]+)\s*=` in that rule?
@tvdijen Fix #3863 should prevent to match base64 encoded strings, preventing these kind of FPs.