Github_org update validate_org function #1852
Comments
|
Also it occurs to me that git repos raised by the code_repository module bypass validation checks so we could end up downloading out of scope repos. I think the other regexs could do this as well with the exception of postman repos as the postman_download module does in-scope check then |
Hmm, scope distance should keep those repos reasonably close. Typically if a code repo is discovered via a link on a webpage etc, it's interesting even if it's not in scope. Unless it's producing a lot of junk, I don't think we should need to validate every one. Although if our goal is to discover in-scope users/orgs, consuming code_repository (or more specifically SOCIAL) could be a good way to do that, especially if the ORG_STUB doesn't match the username. Are we already doing this with GitHub? |
|
Yeh github_org is consuming the SOCIAL events and validating if they are in scope or not I was thinking of the full CODE_REPOSITORY url which there is no validation for currently. But as you say it's only a few events |
Description
Now that a Yara helper has been created to extract in-scope hostnames from strings can the validate function in github_org be modified to use this helper instead
The text was updated successfully, but these errors were encountered: