Pro: Claims to use machine-learning, nice webinterface, finds SQLi, XSS and path traversal.
Con: Output is really hard to parse, there are even SQLis in Pages that don't even use SQL or a database at all. Other results let me believe that there is in fact machine learing in use, as example, it considers the default answer as of / as "intresting".
In the wake of #105, we should add automatic tests for XSS in the obvious places.
We could do this with the integration tests in
adhocracy_buildout/src/adhocracy/adhocracy/test/use_cases
, but running them is nontrivial.