horusec: False Positive

What happened:

I used with my laravel(php) project, and the tool said that my password is hardcoded, but is a validation rule

What you expected to happen: That this not happens How to reproduce it (as minimally and precisely as possible): Create a laravel project, and a validation rule with password is required.

Anything else we need to know?: The error and the file

Captura de tela de 2021-03-27 21-40-56 Captura de tela de 2021-03-27 21-40-23

Environment:

  • Horusec version (use horusec version): 1.10.1
  • Operating System: ubuntu 20.04
  • Network plugin / Tool and version (if this is a network-related / tool bug): laravel (php) 8.0
  • Others:

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 1
  • Comments: 21 (10 by maintainers)

Most upvoted comments

Thank you, I’ll try.

+1
IgorDePaula on Apr 5, 2021

Hi, @IgorDePaula! Sorry for the delay.

We are continually working to reduce the number of false positives and consequently bring a more accurate analysis. Your feedback will be of great help to us improve!

Until we fix it, you may be using the false positive option from our CLI.

Here is a link to the documentation:

https://horusec.io/docs/cli/resources/#1-configuration-file

An example of setting a false positive in horusec-config.json file:

{
    "horusecCliFalsePositiveHashes": [
            "ReferenceHash"
    ]
}

Thanks for the feedback!!

+1
nathanmartinszup on Apr 5, 2021
Read more comments on GitHub
← beagle: eq doesn't work
horusec: Horusec is not reading my config-file.json →