On Freitag, 25. Januar 2013, Sebastien Aucouturier wrote:
> After Checking few plugins ,
> to my mind,
> summary describe what the plugin will do :
> script_summary("Checks for the presence of an XSS bug in 12Planet Chat
> Server");
In fact then we should call it "action" ;-)
Good definition anyway!
> Overview tell the facts when vulnerability is detect:
> script_tag(name:"overview", value:"The remote host contains a CGI which
> is vulnerable to a cross-site scripting issue.");
Well, this is basically redundant with <summary+"yes">.
I'd rather prefer then texts like we use in _detect scripts already.
Precisely describe what is done. Maybe tag "method"?
Well, I am not settled here, but feel not happy with "overview".
> The description give details about the vulnerability:
> script_tag(name:"description", value:"The remote host is using 12Planet
> Chat Server. There is a bug in this software which makes it vulnerable
> to cross site scripting attacks. An attacker may use this bug to steal
> the credentials of the legitimate users of this site.");
So, this could also be called "vulnerability" ?
> > Yes, that was one driving idea: ensure, there are no overlong words
> > anymore
> > in the returned results. Therfore be sure word wrapping of paragraphs
> > will work.
> > Extra blank lines to separate paragraphs are not bad, I would like
> > to keep this option open for the author.
>
> ok, we can keep blank line but be strict on their consecutive number ,
> like not more that 2 consecutive blank line in tags
perhaps recommend to use structured text?
Best
Jan
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
