Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve ESC4/5 checks with Effective Access instead of dumb checks #124

Open
TrimarcJake opened this issue Mar 3, 2024 · 0 comments
Open

Improve ESC4/5 checks with Effective Access instead of dumb checks #124

TrimarcJake opened this issue Mar 3, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@TrimarcJake
Copy link
Owner

ESC4 and ESC5 should report issues based on effective access instead of just filtering out Deny ACEs. Filtering Denys cuts down on false positives but doesn't provide a picture of true risk.

To be clear, risky Allows should still be removed when a corresponding Deny exists, but the actual risk presented is less than an Allow without a superseding Deny.
@TrimarcJake TrimarcJake added the enhancement New feature or request label Mar 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TrimarcJake