UNPKG

sitecheck

Version:

Open Source web application security scanner

github.com/gbaudhuin/sitecheck

gbaudhuin/sitecheck

32 lines (25 loc) 3.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<html> <head> </head> <body style="background: transparent;"> <script src="scripts/docstrap.lib.js"></script> <script src="scripts/lunr.min.js"></script> <script src="scripts/fulltext-search.js"></script> <script type="text/x-docstrap-searchdb"> {"classes.list.html":{"id":"classes.list.html","title":"Classes","body":" Documentation Classes Check Classes Classes Check × Search results Close Documentation generated by JSDoc 3.4.3 on November 24th 2016, 6:58:58 pm using the DocStrap template. "},"index.html":{"id":"index.html","title":"Index","body":" Documentation Classes Check sitecheckOpen source web application security scanner. × Search results Close Documentation generated by JSDoc 3.4.3 on November 24th 2016, 6:58:58 pm using the DocStrap template. "},"Check.html":{"id":"Check.html","title":"Class: Check","body":" Documentation Classes Check Class: Check Check Base class of checks new Check() Constructor Methods raiseIssue(ref, positionIdentifier, errorContent, maybeFalsePositive) Helper function used by checks to raise an issue. Parameters: Name Type Description ref String An arbitrary string that identifies the kind of Issue. Usually the xml name. The string must be unique among checks. Reference is used to link the instance with an IssueInfo. positionIdentifier String A string that describes the location of the issue. e.g : line number, url, html fragment, etc. positionIdentifier should be as precise as possible for 2 reasons : this valus is used in Issue.Id construction and must help discriminate two issues that happen at two different places but that cannot be differenciated otherwise help user as much as possible to quickly localize the problem in his/her website server or source code A good positionIdentifier is also as much long-lasting and stable as possible. e.g : in a web page, id of an html tag is often more stable than a line number. errorContent String The proof of the issue. Most problems are detected in website content either obtained passively or from crafted requests made by checks. ErrorContent should contain the piece of content that &quot;convinced&quot; the check of the issue. This is the proof that will be given to the user to help him/her understand and solve the issue. ErrorContent is also helpful to help user detect false positives. maybeFalsePositive Boolean Some issues may be false positives. Checks must set this value to true if any doubt exists or if any objection may be found by the user, whatever his/her context. Only checks that are 100% sure to be true positives in any case should set this value to false. × Search results Close Documentation generated by JSDoc 3.4.3 on November 24th 2016, 6:58:58 pm using the DocStrap template. "}} </script> <script type="text/javascript"> $(document).ready(function() { Searcher.init(); }); $(window).on("message", function(msg) { var msgData = msg.originalEvent.data; if (msgData.msgid != "docstrap.quicksearch.start") { return; } var results = Searcher.search(msgData.searchTerms); window.parent.postMessage({"results": results, "msgid": "docstrap.quicksearch.done"}, "*"); }); </script> </body> </html>