Feature/vulndb #18492
Feature/vulndb #18492
Conversation
| self._http_response_ids, | ||
| self.get_name()) | ||
| self.get_name(), | ||
| vulndb_id=10116) |
There was a problem hiding this comment.
https://github.com/vulndb/data/search?q=10116&unscoped_q=10116
What happens when the ID is not present in the vulndb? Is this error handled somewhere?
There was a problem hiding this comment.
There's no error. I don't implement here the concept of making vulndb_id required for Vuln instances. I just mentioned the concept in description, because in this PR I prepare the code for this concept. I'll be able to implement it once #18543 is merged.
There was a problem hiding this comment.
My point is, when 10116 is passed to the Vuln instance, and then XML plugin tries to write that vuln instance to disk, what happens? Will it crash because 10116 is NOT in the vulndb?
10116 is Holm-specific, that is why I'm asking.
| severity.LOW, | ||
| response.get_id(), | ||
| self.get_name(), | ||
| vulndb_id=10010, |
There was a problem hiding this comment.
Would it be possible for Holm to contribute back to the vulndb? If we do that, all the w3af users would get these detailed descriptions for the vulnerabilities.
There was a problem hiding this comment.
I brought up the discussion internally in Holm.
There was a problem hiding this comment.
And what was the resolution?
There was a problem hiding this comment.
So far there's no decision to contribute to vulndb. Holm holds off
Added
vulndb_idaccording to specification from Holm Security. Also someInfoinstances were turned intoVulninstances withINFORMATIONseverity. My concept is to makevulndb_idparam required inVuln.__init__whileInfowouldn't requirevulndb_id.