You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I may be missing it, but I was unable to find documentation that describes which directories are excluded and why. I came across this behavior after realizing that packages installed into a build/ directory were not being scanned by GuardDog.
If GuardDog intentionally excludes these directories, is there currently a mechanism to notify users that some paths were skipped during analysis? For example, in a workflow where a user builds a zipapp into a build/ directory and then attempts to scan that directory, they may not realize that it is excluded by default.
Related to this, I was also wondering whether this behavior could have security implications. Specifically, could a malicious actor take advantage of known excluded directories to hide unwanted or malicious code?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi there, I noticed that certain directories appear to be excluded by default:
guarddog/guarddog/analyzer/analyzer.py
Line 53 in 5ca1d2e
I may be missing it, but I was unable to find documentation that describes which directories are excluded and why. I came across this behavior after realizing that packages installed into a
build/directory were not being scanned by GuardDog.If GuardDog intentionally excludes these directories, is there currently a mechanism to notify users that some paths were skipped during analysis? For example, in a workflow where a user builds a
zipappinto abuild/directory and then attempts to scan that directory, they may not realize that it is excluded by default.Related to this, I was also wondering whether this behavior could have security implications. Specifically, could a malicious actor take advantage of known excluded directories to hide unwanted or malicious code?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions