敏感信息的逻辑错误,无法过滤非html、json、xml的response
ddpang opened this issue · 1 comments
ddpang commented
openrasp/plugins/official/plugin.js
Line 3119 in 7beabf7
应该把逻辑与改为逻辑或
逻辑与的问题:content-type为application/javascript时,无法直接return clean
我们预想的结果应该是:正则匹配失败时return clean,正则匹配成功不return clean
CaledoniaProject commented
这个确实有问题,可以提交个PR