Email Address Pattern Found
sureshhcl opened this issue · 1 comments
sureshhcl commented
Stratos Version
4.4.0
Frontend Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- npm run start
- Other (please specify below)
Backend (Jet Stream) Deployment type
- Cloud Foundry Application (cf push)
- Kubernetes, using a helm chart
- Docker, single container deploying all components
- Other (please specify below)
Expected behaviour
AppScan DAST scan shouldn't show Email Address
Actual behaviour
AppScan DAST scan shows Email Address Pattern Found
Steps to reproduce the behavior
AppScan DAST scans for Stratos URL https://ui.169.53.186.50.nip.io. The response contains an e-mail address that may be private
Log output covering before error and any error statements
...roject(t){let e=t;return e.endsWith(".git")&&(e=e.substr(0,e.length-4)),e.toLowerCase().startsWith("git@github.com:")?
e.substr(15):e.toLowerCase().startsWith("https://github.com/")?e.substr(19):""}getMeta(t){const ...
...
...
...support/knowledgecenter/SSBHDK/"),n.Tb(),n.Tb(),n.Ub(6,"app-metadata�item",2),n.Ub(7,"a",3),n.Pc(8,"support@ibm.com"),n.Tb(),n.Tb(),n.Tb())},directives:[Wn.a,Hn.a],styles:["mat�card[_ngcontent-%COMP%]{margin-bottom:...
Detailed Description
Remove e-mail addresses from the website
Context
Possible Implementation
Config your server to use the "X-Content-Type-Options" header with "nosniff" value
richard-cox commented
Do you think git@github.com is a private address? support@ibm.com is nothing to do with this project... Please be careful when creating issues using automated tools to first read what it produces and then apply some context.