You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Aug 10, 2025. It is now read-only.
When running the Axe Scanner, it sometimes checks a URL that is a file, and the file automatically downloads. This is an issue because it could be a potential security risk and could quickly overwhelm the host. Currently, the tool does not identify these types of URLs as files and attempts to scan them as if they were regular URLs.
Proposed Solution
To prevent file downloads, we should modify the Axe scanning tool to identify URLs that are files and skip the scan. We should also mark these URLs as files in the results.problem_urls table, or another location, so they can be avoided in the future and logged for future analysis.
Acceptance Criteria
URLs that are files are identified and skipped during the scan
URLs that are identified as files are marked as such in the results.problem_urls table, or similar
Results should not include any files that were skipped during the scan
Additional Information
The attached images are screenshots of the scan directory after running the Axe Scanner. They show examples of files that were downloaded during the scan. Specifically, the second screenshot shows that the tool downloaded a file named anthrax.rtf from an official US government website. Fun...
Problem Description
When running the Axe Scanner, it sometimes checks a URL that is a file, and the file automatically downloads. This is an issue because it could be a potential security risk and could quickly overwhelm the host. Currently, the tool does not identify these types of URLs as files and attempts to scan them as if they were regular URLs.
Proposed Solution
To prevent file downloads, we should modify the Axe scanning tool to identify URLs that are files and skip the scan. We should also mark these URLs as files in the
results.problem_urlstable, or another location, so they can be avoided in the future and logged for future analysis.Acceptance Criteria
results.problem_urlstable, or similarAdditional Information
The attached images are screenshots of the
scandirectory after running the Axe Scanner. They show examples of files that were downloaded during the scan. Specifically, the second screenshot shows that the tool downloaded a file namedanthrax.rtffrom an official US government website. Fun...Hello FBI! 👋🏻