OpenVAS: Re: NVT Description

OpenVAS mailing list archives

Re: NVT Description

From: "Jan-Oliver Wagner" <Jan-Oliver.Wagner () greenbone net>
Date: Fri, 25 Jan 2013 14:27:49 +0100
List-id: OpenVAS plugins <openvas-plugins.wald.intevation.org>

On Freitag, 25. Januar 2013, Sebastien Aucouturier wrote:

After Checking few plugins ,
to my mind,
summary describe what the plugin will do :
script_summary("Checks for the presence of an XSS bug in 12Planet Chat 
Server");


In fact then we should call it "action" ;-)
Good definition anyway!

Overview tell the facts when vulnerability is detect:
script_tag(name:"overview", value:"The remote host contains a CGI which 
is vulnerable to a cross-site scripting issue.");


Well, this is basically redundant with <summary+"yes">.

I'd rather prefer then texts like we use in _detect scripts already.
Precisely describe what is done. Maybe tag "method"?

Well, I am not settled here, but feel not happy with "overview".

The description give details about the vulnerability:
script_tag(name:"description", value:"The remote host is using 12Planet 
Chat Server. There is a bug in this software which makes it vulnerable 
to cross site scripting attacks. An attacker may use this bug to steal 
the credentials of the legitimate users of this site.");


So, this could also be called "vulnerability" ?

Yes, that was one driving idea: ensure, there are no overlong words 
anymore
in the returned results. Therfore be sure word wrapping of paragraphs 
will work.
Extra blank lines to separate paragraphs are not bad, I would like
to keep this option open for the author.


ok, we can keep blank line but be strict on their consecutive number , 
like not more that 2 consecutive blank line in tags


perhaps recommend to use structured text?

Best

Jan


-- 
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
Openvas-plugins () wald intevation org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

By Date By Thread

Current thread:

NVT Description Hani Benhabiles (Jan 24)
- Re: NVT Description Sebastien Aucouturier (Jan 24)
  - Re: NVT Description Jan-Oliver Wagner (Jan 25)
    - Re: NVT Description Sebastien Aucouturier (Jan 25)
    - Re: NVT Description Jan-Oliver Wagner (Jan 25)
    - Re: NVT Description Sebastien Aucouturier (Jan 25)
    - Re: NVT Description Jan-Oliver Wagner (Jan 25)
    - Re: NVT Description Sebastien Aucouturier (Jan 25)
    - Re: NVT Description Jan-Oliver Wagner (Jan 28)
    - Re: NVT Description Antu Sanadi (Jan 29)
    - Re: NVT Description Jan-Oliver Wagner (Jan 29)
    - Re: NVT Description Veerendra Ganiger (Jan 29)
- Re: NVT Description Jan-Oliver Wagner (Jan 25)
  - Re: NVT Description Hani Benhabiles (Jan 28)
    - Re: NVT Description Jan-Oliver Wagner (Jan 29)
    - Re: NVT Description Veerendra Ganiger (Jan 29)
    - Re: NVT Description Hani Benhabiles (Feb 05)

(Thread continues...)