Package burp.api.montoya.scanner.audit.issues

Interface AuditIssue

  • public interface AuditIssue
    This interface is used to retrieve details of audit issues. Extensions can obtain details of issues by registering an AuditIssueHandler. Extensions can also add custom audit issues by registering an ScanCheck or calling SiteMap.add(AuditIssue), and providing their own implementations of this interface. Note that issue descriptions and other text generated by extensions are subject to an HTML whitelist that allows only formatting tags and simple hyperlinks.

    • Method Detail

      • auditIssue

        static AuditIssue auditIssue​(java.lang.String name,
                             java.lang.String detail,
                             java.lang.String remediation,
                             java.lang.String baseUrl,
                             AuditIssueSeverity severity,
                             AuditIssueConfidence confidence,
                             java.lang.String background,
                             java.lang.String remediationBackground,
                             AuditIssueSeverity typicalSeverity,
                             MarkedHttpRequestResponse... requestResponses)
        This method can be used to create a default implementation of an audit issue for a URL.
        Parameters:
        name - The name of the issue type.
        detail - The detailed information about the issue.
        remediation - The detailed information about the remediation for the issue.
        baseUrl - The base URL for which the issue is generated.
        severity - The AuditIssueSeverity level.
        confidence - The AuditIssueConfidence level.
        background - The background description for the type of issue.
        remediationBackground - The background description of the remediation for this type of issue.
        typicalSeverity - The typical AuditIssueSeverity level.
        requestResponses - The HttpRequestResponse objects on the basis of which the issue is generated.
        Returns:
        The audit issue for the URL.

      • auditIssue

        static AuditIssue auditIssue​(java.lang.String name,
                             java.lang.String detail,
                             java.lang.String remediation,
                             java.lang.String baseUrl,
                             AuditIssueSeverity severity,
                             AuditIssueConfidence confidence,
                             java.lang.String background,
                             java.lang.String remediationBackground,
                             AuditIssueSeverity typicalSeverity,
                             java.util.List<MarkedHttpRequestResponse> requestResponses)
        This method can be used to create a default implementation of an audit issue for a URL.
        Parameters:
        name - The name of the issue type.
        detail - The detailed information about the issue.
        remediation - The detailed information about the remediation for the issue.
        baseUrl - The base URL for which the issue is generated.
        severity - The AuditIssueSeverity level.
        confidence - The AuditIssueConfidence level.
        background - The background description for the type of issue.
        remediationBackground - The background description of the remediation for this type of issue.
        typicalSeverity - The typical AuditIssueSeverity level.
        requestResponses - The list of HttpRequestResponse objects on the basis of which the issue is generated.
        Returns:
        The audit issue for the URL.

      • name

        java.lang.String name()
        This method returns the name of this issue type.
        Returns:
        The name of this issue type (e.g. "SQL injection").

      • detail

        java.lang.String detail()
        This method returns detailed information about this specific instance of the issue.
        Returns:
        Detailed information about this specific instance of the issue, or null if none applies. A limited set of HTML tags may be used.

      • remediation

        java.lang.String remediation()
        This method returns detailed information about the remediation for this specific instance of the issue.
        Returns:
        Detailed information about the remediation for this specific instance of the issue, or null if none applies. A limited set of HTML tags may be used.

      • httpService

        HttpService httpService()
        This method returns the HTTP service for which the issue was generated.
        Returns:
        The HTTP service for which the issue was generated.

      • baseUrl

        java.lang.String baseUrl()
        This method returns the base URL for which this issue was generated.
        Returns:
        The base URL for which this issue was generated.

      • requestResponses

        java.util.List<MarkedHttpRequestResponse> requestResponses()
        This method returns the HTTP request/response messages that caused the issue to be generated.
        Returns:
        The list of MarkedHttpRequestResponse objects on the basis of which the issue was generated.