mailing list archives
Re: NVT Description
From: "Jan-Oliver Wagner" <Jan-Oliver.Wagner () greenbone net>
Date: Fri, 25 Jan 2013 14:27:49 +0100
List-id: OpenVAS plugins <openvas-plugins.wald.intevation.org>
On Freitag, 25. Januar 2013, Sebastien Aucouturier wrote:
After Checking few plugins ,
to my mind,
summary describe what the plugin will do :
script_summary("Checks for the presence of an XSS bug in 12Planet Chat
In fact then we should call it "action" ;-)
Good definition anyway!
Overview tell the facts when vulnerability is detect:
script_tag(name:"overview", value:"The remote host contains a CGI which
is vulnerable to a cross-site scripting issue.");
Well, this is basically redundant with <summary+"yes">.
I'd rather prefer then texts like we use in _detect scripts already.
Precisely describe what is done. Maybe tag "method"?
Well, I am not settled here, but feel not happy with "overview".
The description give details about the vulnerability:
script_tag(name:"description", value:"The remote host is using 12Planet
Chat Server. There is a bug in this software which makes it vulnerable
to cross site scripting attacks. An attacker may use this bug to steal
the credentials of the legitimate users of this site.");
So, this could also be called "vulnerability" ?
Yes, that was one driving idea: ensure, there are no overlong words
in the returned results. Therfore be sure word wrapping of paragraphs
Extra blank lines to separate paragraphs are not bad, I would like
to keep this option open for the author.
ok, we can keep blank line but be strict on their consecutive number ,
like not more that 2 consecutive blank line in tags
perhaps recommend to use structured text?
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Openvas-plugins mailing list
Openvas-plugins () wald intevation org
Re: NVT Description Jan-Oliver Wagner (Jan 25)