You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Found scanning Apple's WebInspectorUI (AttackMap 0.3.1).
2 of 3 ReDoS hits were in vendored third-party libraries under UserInterface/External/ (CodeMirror, three.js) — not Apple's own code. The
per-file weakness passes (crypto, web-hardening, novel-vuln) run on vendored /
minified code, producing noise about bugs in dependencies the project doesn't
maintain.
The taint engine already skips node_modules, but nothing skips External/, vendor/, third_party/, or *.min.js.
Found scanning Apple's WebInspectorUI (AttackMap 0.3.1).
2 of 3 ReDoS hits were in vendored third-party libraries under
UserInterface/External/(CodeMirror, three.js) — not Apple's own code. Theper-file weakness passes (crypto, web-hardening, novel-vuln) run on vendored /
minified code, producing noise about bugs in dependencies the project doesn't
maintain.
The taint engine already skips
node_modules, but nothing skipsExternal/,vendor/,third_party/, or*.min.js.Fix
is_vendored_file()tosrcpaths.py(node_modules, vendor, vendored,third_party/third-party, external/externals, bower_components,
*.min.js),honoring
ATTACKMAP_INCLUDE_VENDORED.and extend the taint indexer's skip-dirs.