Hi, A batch of minor plugin tweaks: Make them check generix_xss_mask key 11960, 12093, 10836, 12112 bodyonly:1 11743, 11949, 11958 bug fix - code appeared broken 11411 Now a couple thoughts and questions... 1) I'm keen to get better URLs out of plugins that report them, e.g. 10815. I was thinking to create a function in http_func.inc, something like generate_url(port, path) - that will use http/https as appropriate, etc. The big issue is whether to use the host name or the IP address. I guess what you really want is to use the host name when this does uniquely resolve to the IP address, but to use the IP address otherwise. I don't think a NASL plugin can figure this, but how about making nessusd set a kb flag that indicates this? For backwards compatibility, we can just use the host name (as we currently do) when the flag is not present. 2) Any news on the idea that plugin descriptions could contain tags like $1, $2 - and these would be substituted for data passed to a security_* function? It would be really helpful for me to be able to get this information in a structured way. Take it easy, Paul -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul@private web: www.westpoint.ltd.uk
This archive was generated by hypermail 2b30 : Tue Apr 27 2004 - 05:52:06 PDT