hardExclusions top-level constant

List<String> const hardExclusions

Hard exclusion patterns — automatically exclude findings matching these.

Implementation

const List<String> hardExclusions = [
  'Denial of Service (DOS) vulnerabilities or resource exhaustion attacks',
  'Secrets or credentials stored on disk if they are otherwise secured',
  'Rate limiting concerns or service overload scenarios',
  'Memory consumption or CPU exhaustion issues',
  'Lack of input validation on non-security-critical fields without proven '
      'security impact',
  'Input sanitization concerns for GitHub Action workflows unless clearly '
      'triggerable via untrusted input',
  'A lack of hardening measures — only flag concrete vulnerabilities',
  'Race conditions or timing attacks that are theoretical rather than practical',
  'Vulnerabilities related to outdated third-party libraries',
  'Memory safety issues in Rust or other memory-safe languages',
  'Files that are only unit tests or only used as part of running tests',
  'Log spoofing concerns — outputting unsanitized user input to logs is not '
      'a vulnerability',
  'SSRF vulnerabilities that only control the path (must control host or protocol)',
  'Including user-controlled content in AI system prompts',
  'Regex injection — injecting untrusted content into a regex',
  'Regex DOS concerns',
  'Insecure documentation — no findings in markdown files',
  'A lack of audit logs',
];