search

h3xstream / burp-retire-js

Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
Apache License 2.0
200 stars 56 forks source link

Do not include file name in issue title #36

Closed FranklinYu closed 6 years ago

FranklinYu commented 6 years ago

Burp seems to merge issues with same title. Current issue structure:

The file 'jquery.min.js' includes a vulnerable version of the library 'jquery'
 - /static/js/jquery.min.js
 - /static/js/jquery.min.js
The file 'index.html' includes a vulnerable version of the library 'jquery'
 - /static/html/index.html
 - /static/html/index.html
The file 'login.html' includes a vulnerable version of the library 'jquery'
 - /static/html/login.html
 - /static/html/login.html
The file 'items.html' includes a vulnerable version of the library 'jquery'
 - /static/html/items.html
 - /static/html/items.html

Which is multiple groups of the same issue. It would be more tidy to simply say

Vulnerable version of the library 'jquery' detected
 - /static/js/jquery.min.js
 - /static/js/jquery.min.js
 - /static/html/index.html
 - /static/html/index.html
 - /static/html/login.html
 - /static/html/login.html
 - /static/html/items.html
 - /static/html/items.html

Because the file name would be available anyway.

h3xstream commented 6 years ago

This PR https://github.com/h3xstream/burp-retire-js/pull/35 will fix this. Stay tune.

h3xstream commented 6 years ago

Update for the Bapp store was requested. It should update automatically your plugin soon.

FranklinYu commented 6 years ago

I think the ScreenVersion in BappManifest.bmf should also be updated?

FranklinYu commented 6 years ago

Did I miss something? The updated version is still not available on BApp Store. The store page suggests that last update was in March.