Interface AuditIssue
public interface AuditIssue
This interface is used to retrieve details of audit issues. Extensions can
obtain details of issues by registering an
AuditIssueHandler
.
Extensions can also add custom audit issues by registering an
ScanCheck
or calling SiteMap.add(AuditIssue)
,
and providing their own implementations of this interface. Note that issue
descriptions and other text generated by extensions are subject to an HTML
whitelist that allows only formatting tags and simple hyperlinks.-
Method Summary
Modifier and TypeMethodDescriptionstatic AuditIssue
auditIssue
(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, HttpRequestResponse... requestResponses) This method can be used to create a default implementation of an audit issue for a URL.static AuditIssue
auditIssue
(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, List<HttpRequestResponse> requestResponses) This method can be used to create a default implementation of an audit issue for a URL.baseUrl()
Base URL for which this issue was generated.Collaborator interactions that caused the issue to be generated.Issue confidence level.Definition for this issue.detail()
This method returns detailed information about this specific instance of the issue.HTTP service for which the issue was generated.name()
Name of this issue type.This method returns detailed information about the remediation for this specific instance of the issue.HTTP request/response messages that caused the issue to be generated.severity()
Issue severity level.
-
Method Details
-
name
String name()Name of this issue type.- Returns:
- The name of this issue type (e.g. "SQL injection").
-
detail
String detail()This method returns detailed information about this specific instance of the issue.- Returns:
- Detailed information about this specific instance of the issue,
or
null
if none applies. A limited set of HTML tags may be used.
-
remediation
String remediation()This method returns detailed information about the remediation for this specific instance of the issue.- Returns:
- Detailed information about the remediation for this specific
instance of the issue, or
null
if none applies. A limited set of HTML tags may be used.
-
httpService
HttpService httpService()HTTP service for which the issue was generated.- Returns:
- The HTTP service for which the issue was generated.
-
baseUrl
String baseUrl()Base URL for which this issue was generated.- Returns:
- The base URL for which this issue was generated.
-
severity
AuditIssueSeverity severity()Issue severity level.- Returns:
- The
AuditIssueSeverity
level.
-
confidence
AuditIssueConfidence confidence()Issue confidence level.- Returns:
- The
AuditIssueConfidence
level.
-
requestResponses
List<HttpRequestResponse> requestResponses()HTTP request/response messages that caused the issue to be generated.- Returns:
- The list of
HttpRequestResponse
objects on the basis of which the issue was generated.
-
collaboratorInteractions
List<Interaction> collaboratorInteractions()Collaborator interactions that caused the issue to be generated.- Returns:
- The list of Burp Collaborator
Interaction
objects that caused the issue to be generated. If there are no interactions, this will be empty.
-
definition
AuditIssueDefinition definition()Definition for this issue.- Returns:
- The
AuditIssueDefinition
for this issue.
-
auditIssue
static AuditIssue auditIssue(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, HttpRequestResponse... requestResponses) This method can be used to create a default implementation of an audit issue for a URL.- Parameters:
name
- The name of the issue type.detail
- The detailed information about the issue.remediation
- The detailed information about the remediation for the issue.baseUrl
- The base URL for which the issue is generated.severity
- TheAuditIssueSeverity
level.confidence
- TheAuditIssueConfidence
level.background
- The background description for the type of issue.remediationBackground
- The background description of the remediation for this type of issue.typicalSeverity
- The typicalAuditIssueSeverity
level.requestResponses
- TheHttpRequestResponse
objects on the basis of which the issue is generated.- Returns:
- The audit issue for the URL.
-
auditIssue
static AuditIssue auditIssue(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, List<HttpRequestResponse> requestResponses) This method can be used to create a default implementation of an audit issue for a URL.- Parameters:
name
- The name of the issue type.detail
- The detailed information about the issue.remediation
- The detailed information about the remediation for the issue.baseUrl
- The base URL for which the issue is generated.severity
- TheAuditIssueSeverity
level.confidence
- TheAuditIssueConfidence
level.background
- The background description for the type of issue.remediationBackground
- The background description of the remediation for this type of issue.typicalSeverity
- The typicalAuditIssueSeverity
level.requestResponses
- The list ofHttpRequestResponse
objects on the basis of which the issue is generated.- Returns:
- The audit issue for the URL.
-