Mapping "report issue" values to expected IScanIssue values

[DanaEpp]

I believe the BCheck documentation for "report action" severity and confidence may be incorrect. Considering what is already documented in the IScanIssue interface, I believe it should be:

SEVERITY

• "High"
• "Medium"
• "Low"
• "Information"
• "False positive"

CONFIDENCE

• "Certain"
• "Firm"
• "Tentative"

Currently, both Severity and Confidence are listed as "[info|low|medium|high]" which doesn't map to any current issue rating in Burp.

The examples don't even match what the BCheck docs show, so I think it would be good to keep all docs aligned with the underlying IScanIssue interface that ends up in the Issue Activity pane anyways.

If I am incorrect in this expectation, could you please clarify what the RIGHT values are supposed to be so we can make sure we use the right severity and confidence levels in future check scripts?

[DanaEpp]

Debugging this a bit further using the "Validate" feature in the BS Code editor, I think the expectation via the editor is:

Severity: [info|low|medium|high]

Confidence: [certain|firm|tentative]

So "False Positive" is missing from severity, and the docs need to be updated to include the proper confidence levels expected.

[A-J-C]

Thanks for spotting this, we'll make sure it is updated.

[A-J-C]

This should be fixed now.