-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change --b64-entropy-score
and --hex-entropy-score
to --entropy-sensitivity
#265
Comments
I strongly advocate keeping them combined as one thing. They are effectively linked by the underlying math and the difference between them is due solely to the size of the representation character set. To my mind, wanting to use different settings for each representation is like standing in the surf at the beach and thinking "this water is too cold for my left foot and too warm for my right foot". ;-) |
Fixes #265 Provide more comprehensible alternative for tuning entropy checking. This is applied consistently across all target character sets, and stated in a way that is slightly easier to understand ("higher means more likely to flag a given string"). The older `--b64-entropy-score` and `--hex-entropy-score` options are marked as deprecated but retained for backwards compatibility (and they override `--sensitivity` if used together with it).
Fixes #265 Provide more comprehensible alternative for tuning entropy checking. This is applied consistently across all target character sets, and stated in a way that is slightly easier to understand ("higher means more likely to flag a given string"). The older `--b64-entropy-score` and `--hex-entropy-score` options are marked as deprecated but retained for backwards compatibility (and they override `--sensitivity` if used together with it).
Fixes #265 Provide more comprehensible alternative for tuning entropy checking. This is applied consistently across all target character sets, and stated in a way that is slightly easier to understand ("higher means more likely to flag a given string"). The older `--b64-entropy-score` and `--hex-entropy-score` options are marked as deprecated but retained for backwards compatibility (and they override `--sensitivity` if used together with it).
Fixes #265 Provide more comprehensible alternative for tuning entropy checking. This is applied consistently across all target character sets, and stated in a way that is slightly easier to understand ("higher means more likely to flag a given string"). The older `--b64-entropy-score` and `--hex-entropy-score` options are marked as deprecated but retained for backwards compatibility (and they override `--sensitivity` if used together with it).
* Add --sensitivity option Fixes #265 Provide more comprehensible alternative for tuning entropy checking. This is applied consistently across all target character sets, and stated in a way that is slightly easier to understand ("higher means more likely to flag a given string"). The older `--b64-entropy-score` and `--hex-entropy-score` options are marked as deprecated but retained for backwards compatibility (and they override `--sensitivity` if used together with it). * Change option name Use `--entropy-sensitivity` instead of `--sensitivity` * Wordsmithing * Wordsmithing again * Rebase to eliminate merge conflicts * linter fixups * Documentation fixups ...in response to review comments * Expose magic numbers as properties ...and use them instead of private members * Fix managed merge handling * Remove entropy scoring members Do everything from scratch instead of storing explicitly. This is a PITA because you can't combine `@property` and `@lru_cache()` and skipping the caching would be a killer. * Review feedback tuneups * Consolidate common code for entropy limit back into a single method, and rework properties related to it so they are cleaner. * Invert sensitivity scale; adjust math and doc to match. It's still weird but aligns more closely to the underlying entropy metric. * Fix change log Co-authored-by: Scott Bailey <scott.bailey@godaddy.com>
Fixed in #272 |
Feature Request
Is your feature request related to a problem? Please describe.
The
--b64-entropy-score
and--hex-entropy-score
arguments, while useful, can be very confusing. Even knowing the internals of tartufo like I do, I can't say with complete confidence what the default values represent, nor how they were arrived at.Describe the solution you'd like
As described by @rbailey-godaddy in #223 (comment), it would be far more useful and intuitive to have a
--entropy-sensitivity
argument, ranging from 1-100. It would require a bit more calculation on the part of tartufo, but would then be much more understandable for users.The one thing I'm unsure of is, should this be split out into
--b64-entropy-sensitivity
and--hex-entropy-sensitivity
, or keep them combined as one?The text was updated successfully, but these errors were encountered: