Feature : Documentation #71
Comments
For time being I've separated Data Leak and API test, so currently they're interpreted individually. Yes, telephone number could be leading to failure of Data leak test. I'll be make necessary changes for data leak tests for be reflected in overall API test results. |
|
May be add as well a filter on the reporting HTML file i am still not clear on what this kind of output means Test Name: we need to have further details on what STATUS_CODE_FILTER means |
HTML report is kinda buggy at the moment and I'm not planning to update it any time soon. There are several challenges while handling HTML reports such as sanitizing and formatting data correctly which can be tricky and If I miss something it can lead to security issues.
OFFAT/src/offat/tester/post_test_processor.py Line 183 in ce7086c I've clarified the usage of PR: #77 |
|
Closing issue due to inactivity. |
Documentation would requires more details for instance i got
1st lines indicate leak found ; yes but what can of leak ? , still the test passed successfully
2nd lines says Failed , but not a clear answer about why
having a 200 not clear why it is mentionned as suspicious ?
according to what i understood the datalleak is a parsing of sensitive data such as telephone as part of the returned payload ?
i got in mine for instance date, jwtToken, PhoneNumberIN, PhoneNumberUS
is that correct understanding ?
it is important to document here what the tooling is doing
The text was updated successfully, but these errors were encountered: