Package burp.api.montoya.scanner.audit.issues

Interface AuditIssue

public interface AuditIssue

This interface is used to retrieve details of audit issues. Extensions can obtain details of issues by registering an AuditIssueHandler. Extensions can also add custom audit issues by registering an ScanCheck or calling SiteMap.add(AuditIssue), and providing their own implementations of this interface. Note that issue descriptions and other text generated by extensions are subject to an HTML whitelist that allows only formatting tags and simple hyperlinks.

Method Summary

Modifier and Type	Method	Description
static AuditIssue	auditIssue(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, HttpRequestResponse... requestResponses)	This method can be used to create a default implementation of an audit issue for a URL.
static AuditIssue	auditIssue(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, List<HttpRequestResponse> requestResponses)	This method can be used to create a default implementation of an audit issue for a URL.
String	baseUrl()	Base URL for which this issue was generated.
List<Interaction>	collaboratorInteractions()	Collaborator interactions that caused the issue to be generated.
AuditIssueConfidence	confidence()	Issue confidence level.
AuditIssueDefinition	definition()	Definition for this issue.
String	detail()	This method returns detailed information about this specific instance of the issue.
HttpService	httpService()	HTTP service for which the issue was generated.
String	name()	Name of this issue type.
String	remediation()	This method returns detailed information about the remediation for this specific instance of the issue.
List<HttpRequestResponse>	requestResponses()	HTTP request/response messages that caused the issue to be generated.
AuditIssueSeverity	severity()	Issue severity level.

Method Details

name

String name()

Name of this issue type.

Returns:

The name of this issue type (e.g. "SQL injection").

detail

String detail()

This method returns detailed information about this specific instance of the issue.

Returns:

Detailed information about this specific instance of the issue, or null if none applies. A limited set of HTML tags may be used.

remediation

String remediation()

This method returns detailed information about the remediation for this specific instance of the issue.

Returns:

Detailed information about the remediation for this specific instance of the issue, or null if none applies. A limited set of HTML tags may be used.

httpService

HttpService httpService()

HTTP service for which the issue was generated.

Returns:

The HTTP service for which the issue was generated.

baseUrl

String baseUrl()

Base URL for which this issue was generated.

Returns:

The base URL for which this issue was generated.

severity

AuditIssueSeverity severity()

Issue severity level.

Returns:

The AuditIssueSeverity level.

confidence

AuditIssueConfidence confidence()

Issue confidence level.

Returns:

The AuditIssueConfidence level.

requestResponses

List<HttpRequestResponse> requestResponses()

HTTP request/response messages that caused the issue to be generated.

Returns:

The list of HttpRequestResponse objects on the basis of which the issue was generated.

collaboratorInteractions

List<Interaction> collaboratorInteractions()

Collaborator interactions that caused the issue to be generated.

Returns:

The list of Burp Collaborator Interaction objects that caused the issue to be generated. If there are no interactions, this will be empty.

definition

AuditIssueDefinition definition()

Definition for this issue.

Returns:

The AuditIssueDefinition for this issue.

auditIssue

static AuditIssue auditIssue(String name,
 String detail,
 String remediation,
 String baseUrl,
 AuditIssueSeverity severity,
 AuditIssueConfidence confidence,
 String background,
 String remediationBackground,
 AuditIssueSeverity typicalSeverity,
 HttpRequestResponse... requestResponses)

This method can be used to create a default implementation of an audit issue for a URL.

Parameters:

name - The name of the issue type.

detail - The detailed information about the issue.

remediation - The detailed information about the remediation for the issue.

baseUrl - The base URL for which the issue is generated.

severity - The AuditIssueSeverity level.

confidence - The AuditIssueConfidence level.

background - The background description for the type of issue.

remediationBackground - The background description of the remediation for this type of issue.

typicalSeverity - The typical AuditIssueSeverity level.

requestResponses - The HttpRequestResponse objects on the basis of which the issue is generated.

Returns:

The audit issue for the URL.

auditIssue

static AuditIssue auditIssue(String name,
 String detail,
 String remediation,
 String baseUrl,
 AuditIssueSeverity severity,
 AuditIssueConfidence confidence,
 String background,
 String remediationBackground,
 AuditIssueSeverity typicalSeverity,
 List<HttpRequestResponse> requestResponses)

This method can be used to create a default implementation of an audit issue for a URL.

Parameters:

name - The name of the issue type.

detail - The detailed information about the issue.

remediation - The detailed information about the remediation for the issue.

baseUrl - The base URL for which the issue is generated.

severity - The AuditIssueSeverity level.

confidence - The AuditIssueConfidence level.

background - The background description for the type of issue.

remediationBackground - The background description of the remediation for this type of issue.

typicalSeverity - The typical AuditIssueSeverity level.

requestResponses - The list of HttpRequestResponse objects on the basis of which the issue is generated.

Returns:

The audit issue for the URL.