search

andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.58k stars 1.22k forks source link

Allow plugins to use markdown in vulnerability descriptions #2016

Open andresriancho opened 10 years ago

andresriancho commented 10 years ago

This is the information about the SSL certificate used for raft.lan site: == Certificate information == {'notAfter': 'Feb 4 12:00:00 2015 GMT', 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Utah'),), (('localityName', u'Draper'),), (('organizationName', ... Technology Corporation'),), (('commonName', u'.raft.lan'),)), 'subjectAltName': (('DNS', '.raft.lan'), ('DNS', 'raft.lan'), ('DNS', '....com'))}

First of all, the output formatting of this vulnerability can be improved by better use of spaces, translating "countryName" to "Country", etc.

Once that's done, I would like to provide the plugins with a feature to allow them to define the vulnerability descriptions using markdown/RST. Then, the GUI would render that format into HTML and show it in a text box.

oxdef commented 8 years ago

My suggestions are:

  1. Add markdown param to Info/Vuln which indicates that description is markdown formatted. Default value is False
  2. Consider value of this parameter in output plugins

In such scenario we can gradually rewrite vuln descriptions of all plugins.