FN: SingleFile rule
IlluminatiFish opened this issue · comments
There appears to be a false negative on the SingleFile rule
Sample: https://urlscan.io/result/951ac6c6-455d-421a-96d7-42f6dfcb1744
<!DOCTYPE html> <html lang=en data-kantu=1 data-react-helmet=lang style><!--
Page saved with SingleFile
url: https://metamask.io/buy-crypto/
saved date: Wed Jul 20 2022 23:35:53 GMT+0100 (GMT+02:00)
Ah yes this is a bug in the IOK runner logic rather than the rule itself. Currently I'm implementing html|contains
conditions using the urlscan.io DOM (e.g https://urlscan.io/result/951ac6c6-455d-421a-96d7-42f6dfcb1744/dom/) which actually has gone through some headless-Chrome sanitisation which removes the comment
I think it can be changed to be more like the JS/CSS implementation (i.e. based off the HTTP requests of a given content type)
Ah yes this is a bug in the IOK runner logic rather than the rule itself. Currently I'm implementing
html|contains
conditions using the urlscan.io DOM (e.g https://urlscan.io/result/951ac6c6-455d-421a-96d7-42f6dfcb1744/dom/) which actually has gone through some headless-Chrome sanitisation which removes the commentI think it can be changed to be more like the JS/CSS implementation (i.e. based off the HTTP requests of a given content type)
Ah, I thought so as the rule seemed absolutely fine to me.
I'll just leave this open as a reminder to actually implement the fix! 😅
Rules to migrate (currently relying on this odd behavior):
- indicators/santander-951d27d.yml