search

vulndb / data

User, contributor and developer friendly vulnerability database
Other
129 stars 29 forks source link

Add support for template variables #11

Open m0sth8 opened 9 years ago

m0sth8 commented 9 years ago

I suppose it will be useful if we add support for template variables in such cases:

The line

Arachni has flagged this not as a vulnerability, but as a ...

is converted to

{{SCANNER}} has flagged this not as a vulnerability, but as a ...

What do you think?

andresriancho commented 9 years ago

:+1:

Andres @ Android El mar 28, 2015 1:14 p.m., "Slava" notifications@github.com escribió:

I suppose it will be useful if we add support for template variables in such cases:

The line

Arachni has flagged this not as a vulnerability, but as a ...

is converted to

{{SCANNER}} has flagged this not as a vulnerability, but as a ...

What do you think?

— Reply to this email directly or view it on GitHub https://github.com/vulndb/data/issues/11.

andresriancho commented 9 years ago

While we code the template+generic stuff I just replaced "Arachni" with "The tool" in all files. https://github.com/vulndb/data/commit/f3da384a193d93b68370fd07e5add2a23b74062f

andresriancho commented 9 years ago

I believe we should add more thinking to this issue before we act on it, adding the template variables might not be the best thing to do since it makes the SDKs more complex and the DB difficult to write.

We might simply ask the DB entries to be generic and that's it. Instead of FooTool was able to detect that sending request X generated Y error we can have database entries with The tool was able to detect that sending request X generated Y error, or even better so it can be used in an environment without tools: It was possible to detect that sending request X generated Y error

andresriancho commented 9 years ago

@m0sth8 , @Zapotek let me know what you guys think and I'll change the JSON files accordingly (manual changes are required, but I don't mind)

Zapotek commented 9 years ago

I think we should remove everything that follows Arachni (or The tool) from the descriptions as these things are relevant to the specific way the tool identified the issue, rather than data about the issue itself.

Tools can append that stuff to the descriptions if they so choose and provide much better context too.

Just my 2c.