Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes to Docusign rule to reduce false positives. #1083

Merged
merged 4 commits into from
Dec 5, 2023
Merged

Changes to Docusign rule to reduce false positives. #1083

merged 4 commits into from
Dec 5, 2023

Conversation

aslefhewqiwbepqwefbpqsciwueh
Copy link
Contributor

Hi,

This rule was causing false positives with docusign marketing emails. I suggest two changes.

Check all the links for docusign domain instead of any:

and all(body.links,
          not strings.ilike(.href_url.domain.root_domain, "docusign.*")
  )

Check the sender is not Docusign itself:

and not strings.like(sender.email.domain.root_domain, "docusign.com")

Many thanks!

morriscode
morriscode approved these changes Dec 5, 2023
View reviewed changes
Copy link
Member

@morriscode morriscode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @aslefhewqiwbepqwefbpqsciwueh
Looks great, much appreciated!

@morriscode morriscode merged commit 7a48130 into sublime-security:main Dec 5, 2023
3 checks passed
@aslefhewqiwbepqwefbpqsciwueh
Copy link
Contributor Author

Many thanks! 🙏

morriscode added a commit that referenced this pull request Dec 5, 2023
@morriscode
Revert "Changes to Docusign rule to reduce false positives. (#1083)"
371d089 
This reverts commit 7a48130.
@morriscode morriscode mentioned this pull request Dec 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morriscode morriscode morriscode approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aslefhewqiwbepqwefbpqsciwueh @morriscode