mailing list archives
Re: NVT Description
From: Sebastien Aucouturier <s.aucouturier () itrust fr>
Date: Fri, 25 Jan 2013 13:16:38 +0100
List-id: OpenVAS plugins <openvas-plugins.wald.intevation.org>
What would be the difference between "overview" and "summary".
I fear that too many similar term will confuse NVT developers and
to either inconsistent use or copy-over behaviour (same content for
If we are unable to specify a clear advice for what to write into
the fields, this indicates we need to simplify ;-)
i agree, 'things that can't be describe must be simplify'
After Checking few plugins ,
to my mind,
summary describe what the plugin will do :
script_summary("Checks for the presence of an XSS bug in 12Planet Chat
Overview tell the facts when vulnerability is detect:
script_tag(name:"overview", value:"The remote host contains a CGI which
is vulnerable to a cross-site scripting issue.");
The description give details about the vulnerability:
script_tag(name:"description", value:"The remote host is using 12Planet
Chat Server. There is a bug in this software which makes it vulnerable
to cross site scripting attacks. An attacker may use this bug to steal
the credentials of the legitimate users of this site.");
But this brings me to a very important idea on howwe could manage the
transition where we stay compatible with old NVTs and still only
maintain one feed (one file per NVT):
How about (following the example above):
script_tag(name:"description", value:"The remote host is using
12Planet Chat Server. There is
a bug in this software which makes it vulnerable to cross site
attacks. An attacker may use this bug to steal the credentials of the
legitimate users of this site.");
and leave the script_desc() content untouched?
In other words: We create sensible tags out of the current
including a "descripion" and add them as tags while keeping the
script_desc() as is.
This would create redundancy in terms of Meta-data.
It would _not_ create redundancy in code, because we can do some
variables and use the in two ways, once for the new tags and once
for the traditional script_desc().
At the time, OpenVAS-6 is retired, we can drop the script_desc()
What do you think?
no problem with that, i am in.
idea is also to remove extra blank line between 'chapter' and let
reporting tools cut line as their own.
do you agree ?
Yes, that was one driving idea: ensure, there are no overlong words
in the returned results. Therfore be sure word wrapping of paragraphs
Extra blank lines to separate paragraphs are not bad, I would like
to keep this option open for the author.
ok, we can keep blank line but be strict on their consecutive number ,
like not more that 2 consecutive blank line in tags
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud
| Sébastien AUCOUTURIER | Responsable R&D
| ITrust | 55 L'Occitane 31670 LABEGE
| Email: s.aucouturier () itrust fr
| Fixe Sdt. 05.67.34.67.80
| IT Security Services & SaaS Editor
Openvas-plugins mailing list
Openvas-plugins () wald intevation org
Re: NVT Description Jan-Oliver Wagner (Jan 25)