search

wapiti-scanner / wapiti

Web vulnerability scanner written in Python3
https://github.com/wapiti-scanner/wapiti
GNU General Public License v2.0
1.15k stars 176 forks source link

Contribution to abstract the concept of Anomaly and Vulnerability #250

Open polyedre opened 2 years ago

polyedre commented 2 years ago

In the attack module, some parameters are often used together in functions. For example:

https://github.com/wapiti-scanner/wapiti/blob/436670864c08f1e771ffb03956e5806d526e2398/wapitiCore/attack/mod_xss.py#L172-L179

It seems that the two concepts of "vulnerability" and "anomaly" could benefit from being abstracted with a class. We could for example add a Vulnerability class, and a XSSVulnerability as a inherited class (an one for each vulnerability).

This could also help with the reporting, because each class could be responsible for formatting its instances into each format (txt, html, etc).

Would you be interested in seeing more contributions going this way?

devl00p commented 2 years ago

Indeed I already thought of that formatting problem but not about classes inheritance fir vulnerabilities. It seems to be a good idea and of course I'm not against such contributions :)