Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
Code Issues Activity

fix: replace INFO with IGNORE in zap rules (#4285)

Browse source 
* fix: replace INFO with IGNORE

replace INFO with IGNORE

* fix: update the rules

update the rules
This commit is contained in:
simeng-li 2023-08-10 17:19:40 +08:00 committed by GitHub
parent 583e2fcded
commit af2d1ebb98
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.zap/rules.conf
View file

@ -1,9 +1,14 @@
# Mark the following rules as INFO
# Mark the following rules as IGNORE
# CloudFlare will block the metadata endpoint access
90034 INFO (Cloud Metadata Potentially Exposed - Active/release)
90034 IGNORE (Cloud Metadata Potentially Exposed - Active/release)
10096 INFO (Timestamp Disclosure - Passive/release)
10063-1 INFO (Permissions Policy Header Not Set - Passive/beta)
10055-4 INFO (CSP - Wildcard Directive)
40039 INFO (Web Cache Deception)
# Not applicable to the cloud appliaction
10096 IGNORE (Timestamp Disclosure - Passive/release)
40039 IGNORE (Web Cache Deception)
# TODO
10063 IGNORE (Permissions Policy Header Not Set - Passive/beta)
# The applicationInsights endpoint will be removed
10055 IGNORE (CSP - Wildcard Directive)