Hi, all and sorry for delay! Andres, as I think creation of new type of plugin needs more well-grounded arguments. Is only false positive management is enough for it? Could you please describe more purpose of this new type of plugin?
> On Wed, Feb 9, 2011 at 1:00 PM, Taras <ox...@oxdef.info> wrote: > > Hi, all! > > > > I just want to say that I have already made simple falsePositiveManager for > > w3af. > > It has falsePositiveFile (regex patterns) option in miscSettings. Simply it > > can test URL against pattern like this: > > ... > > app = falsePositiveManager() > > app.loadFromList(self.patterns) > > ... > > self.assertFalse(app.isFalsePositive(goodTarget)) > > ... > > > > It can be used in output plugins (it is originally made for it). > > In the nearest I will add it to the trunk. > > Andres, don't you mind? > > > >> 1. What do you think about simple false-positive management in w3af? > >> For example, we can add capability to read list of regex patterns from > >> special file and test them against request before it will be reported. It > >> can be useful in automated usage > > (scan+reporting) of w3af. > > I've read through your implementation which is available here [0]. I > like the idea, but also think that we could do something better using > the framework's features. What do you think about this idea: > > * Create a new type of plugin (name to be determined) > * Create a false_positive remover plugin > * The false positive remover plugin would somehow hook itself to > every knowledge base write action (save, append methods) and based on > user defined rules, remove the false positives. > * The user defined rules could be saved as the plugin parameter, > and persisted inside the profile (this allows for easy interaction > between two w3af users that share profiles) (this would require us to > write a better wrapper for the "list type" in the GUI to allow easy > access to all user defined rules). > > After we finish this initial implementation we could write smarter > plugins that would have "business rules" like: "If there are more than > 10 SQL injection vulnerabilities in the KB, create a new vulnerability > that says "you're screwed" " , or something on those lines :P > > This subject was discussed by Tasos in one of the mailing lists I'm > subscribed to, but I don't seem to be able to find the link to it. > > [0] http://w3af.svn.sourceforge.net/viewvc/w3af?view=revision&revision=4036 > > > > > -- > > Taras <ox...@oxdef.info> > > > > ------------------------------------------------------------------------------ > > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > > Pinpoint memory and threading errors before they happen. > > Find and fix more than 250 security defects in the development cycle. > > Locate bottlenecks in serial and parallel code that limit performance. > > http://p.sf.net/sfu/intel-dev2devfeb > > _______________________________________________ > > W3af-develop mailing list > > W3af-develop@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > > > > -- Taras http://oxdef.info ---- "Software is like sex: it's better when it's free." - Linus Torvalds ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
