v1.75.0 #184
Merged
v1.75.0 #184
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ing by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. - Added Slack Access Map support with granular permissions in the tree view.
sync with main
…ing by fingerprint, and implemented bidirectional navigation between Findings and Access Map nodes. - Added Slack Access Map support with granular permissions in the tree view.
… and emit a single aggregated report after multi-repository scans to preserve full output content in files.
… and emit a single aggregated report after multi-repository scans to preserve full output content in files.
… and emit a single aggregated report after multi-repository scans to preserve full output content in files.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces version 1.75.0 with enhancements to the Access Map feature, HTML reporting improvements, and new secret detection rules.
Changes:
- Enhanced Access Map with fingerprint display and bidirectional navigation between Findings and Access Map nodes
- Added Slack Access Map support with OAuth scope-based permission classification
- Improved HTML report with separate Findings and Access Map report generation options, scope filtering, and enhanced detail views
- Added new detection rules for Apollo, Clay, CodeRabbit, Customer.io, Instantly, and Vast.ai
- Modified multi-repository scanning to emit a single aggregated report when output file is specified
Reviewed changes
Copilot reviewed 32 out of 32 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/validation/httpvalidation.rs | Reformatted multi-line assert statement for better readability |
| src/scanner/validation.rs | Added fingerprint parameter to all access map recording methods and added Slack support |
| src/scanner/runner.rs | Conditional report generation to skip per-repo reports when output file specified |
| src/reporter.rs | Added fingerprint field to AccessMapEntry |
| src/cli/commands/view.rs | Added comment for embedded viewer assets rebuild trigger |
| src/cli/commands/access_map.rs | Added Slack provider enum variant |
| src/access_map/slack.rs | New Slack access mapping implementation with OAuth scope analysis |
| src/access_map/report.rs | Added Slack logo and fingerprint field to HTML report |
| src/access_map/graph.rs | Removed unused graph visualization module |
| src/access_map/*.rs (multiple) | Added fingerprint: None to all AccessMapResult initializations |
| docs/access-map-viewer/index.html | Enhanced UI with fingerprint display, bidirectional navigation, separate report downloads, and improved finding details |
| docs/access-map-viewer/app.js | Added fingerprint to access map normalization and finding search |
| data/rules/*.yml (multiple) | New rules for Vast.ai, Customer.io, CodeRabbit, Clay, Apollo, Instantly and improvements to existing rules |
| README.md | Removed reference to "Lineage and Evolution" section |
| Cargo.toml | Version bump to 1.75.0 |
| CHANGELOG.md | Added v1.75.0 changelog entry |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
src/access_map/report.rs
Outdated
| const sev = document.createElement('span'); | ||
| sev.textContent = `Severity: ${model.severity || 'unknown'}`; | ||
| sev.textContent = `Severity: ${model.severity || 'unknown'}`; |
There was a problem hiding this comment.
Duplicate line that sets the same textContent value. This line appears twice consecutively (lines 917-918), which is redundant and should be removed.
Suggested change
| sev.textContent = `Severity: ${model.severity || 'unknown'}`; |
data/rules/azurestorage.yml
Outdated
| ([a-z0-9]{3,24})(?:\b|[^a-z0-9]) | ||
| | | ||
| # D) Explicit KV labels near 'azure storage/account name' with tight separators | ||
| (?i:Account[_.-]?Name|Storage[_.-]?(?:Name))(?:.|\s){0,32}?\b([A-Z0-9]{3,32})\b|([A-A0-9]{3,32})(?i:\.blob\.core\.windows\.net) |
There was a problem hiding this comment.
Invalid character range '[A-A0-9]' in regex pattern. The range 'A-A' is redundant and should likely be 'A-Z0-9' to match uppercase letters and digits.
Suggested change
| (?i:Account[_.-]?Name|Storage[_.-]?(?:Name))(?:.|\s){0,32}?\b([A-Z0-9]{3,32})\b|([A-A0-9]{3,32})(?i:\.blob\.core\.windows\.net) | |
| (?i:Account[_.-]?Name|Storage[_.-]?(?:Name))(?:.|\s){0,32}?\b([A-Z0-9]{3,32})\b|([A-Z0-9]{3,32})(?i:\.blob\.core\.windows\.net) |
| pattern_requirements: | ||
| min_digits: 2 | ||
| min_uppercase: 1 | ||
| min_lowercase: 1 |
There was a problem hiding this comment.
The pattern requirement specifies min_lowercase: 1, but the pattern '[A-Z0-9_-]{22}' only matches uppercase letters, digits, underscores, and hyphens. This requirement cannot be satisfied by the pattern.
… and emit a single aggregated report after multi-repository scans to preserve full output content in files.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
===
This PR introduces version 1.75.0 with enhancements to the Access Map feature, HTML reporting improvements, and new secret detection rules.
Changes: