didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

PRD: Strengthen outbound exfiltration detection #263

Merged
didericis merged 10 commits from strengthen-outbound-exfil-detection into main 2026-06-25 00:15:33 -04:00
Conversation 8 Commits 10 Files Changed 13
+6
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a920203730 - Show all commits
bot_bottle/dlp_detectors.py
+6
View File
1
 @@ -222,6 +222,7 @@ def scan_known_secrets(
continue continue
# Pass 1: exact match across encoded variants (original behaviour). # Pass 1: exact match across encoded variants (original behaviour).
approved_exact = False
for variant in _encoded_variants(value): for variant in _encoded_variants(value):
pos = text.find(variant) pos = text.find(variant)
if pos >= 0: if pos >= 0:
@@ -229,6 +230,7 @@ def scan_known_secrets(
# (PRD 0062); a different encoding of the same secret is a # (PRD 0062); a different encoding of the same secret is a
# fresh block. # fresh block.
if safe_tokens is not None and variant in safe_tokens: if safe_tokens is not None and variant in safe_tokens:
approved_exact = True
continue continue
return ScanResult( return ScanResult(
severity="block", severity="block",
@@ -237,6 +239,10 @@ def scan_known_secrets(
context=_snippet(text, pos, pos + len(variant)), context=_snippet(text, pos, pos + len(variant)),
matched=variant, matched=variant,
) )
if approved_exact:
# Exact match was found and approved; projection passes would
# fire on the same value, so skip them for this secret.
continue
# Pass 2 & 3: fragmentation-resistant projection checks. # Pass 2 & 3: fragmentation-resistant projection checks.
secret_alnum = _alnum_projection(value) secret_alnum = _alnum_projection(value)