Package burp.api.montoya.scanner.audit.issues

Interface AuditIssue

public interface AuditIssue
This interface is used to retrieve details of audit issues. Extensions can obtain details of issues by registering an AuditIssueHandler. Extensions can also add custom audit issues by registering an ScanCheck or calling SiteMap.add(AuditIssue), and providing their own implementations of this interface. Note that issue descriptions and other text generated by extensions are subject to an HTML whitelist that allows only formatting tags and simple hyperlinks.

  • Method Details

    • name

      String name()
      Name of this issue type.
      Returns:
      The name of this issue type (e.g. "SQL injection").

    • detail

      String detail()
      This method returns detailed information about this specific instance of the issue.
      Returns:
      Detailed information about this specific instance of the issue, or null if none applies. A limited set of HTML tags may be used.

    • remediation

      String remediation()
      This method returns detailed information about the remediation for this specific instance of the issue.
      Returns:
      Detailed information about the remediation for this specific instance of the issue, or null if none applies. A limited set of HTML tags may be used.

    • httpService

      HttpService httpService()
      HTTP service for which the issue was generated.
      Returns:
      The HTTP service for which the issue was generated.

    • baseUrl

      String baseUrl()
      Base URL for which this issue was generated.
      Returns:
      The base URL for which this issue was generated.

    • severity

      AuditIssueSeverity severity()
      Issue severity level.
      Returns:
      The AuditIssueSeverity level.

    • confidence

      AuditIssueConfidence confidence()
      Issue confidence level.
      Returns:
      The AuditIssueConfidence level.

    • requestResponses

      List<HttpRequestResponse> requestResponses()
      HTTP request/response messages that caused the issue to be generated.
      Returns:
      The list of HttpRequestResponse objects on the basis of which the issue was generated.

    • collaboratorInteractions

      List<Interaction> collaboratorInteractions()
      Collaborator interactions that caused the issue to be generated.
      Returns:
      The list of Burp Collaborator Interaction objects that caused the issue to be generated. If there are no interactions, this will be empty.

    • definition

      AuditIssueDefinition definition()
      Definition for this issue.
      Returns:
      The AuditIssueDefinition for this issue.

    • auditIssue

      static AuditIssue auditIssue(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, HttpRequestResponse... requestResponses)
      This method can be used to create a default implementation of an audit issue for a URL.
      Parameters:
      name - The name of the issue type.
      detail - The detailed information about the issue.
      remediation - The detailed information about the remediation for the issue.
      baseUrl - The base URL for which the issue is generated.
      severity - The AuditIssueSeverity level.
      confidence - The AuditIssueConfidence level.
      background - The background description for the type of issue.
      remediationBackground - The background description of the remediation for this type of issue.
      typicalSeverity - The typical AuditIssueSeverity level.
      requestResponses - The HttpRequestResponse objects on the basis of which the issue is generated.
      Returns:
      The audit issue for the URL.

    • auditIssue

      static AuditIssue auditIssue(String name, String detail, String remediation, String baseUrl, AuditIssueSeverity severity, AuditIssueConfidence confidence, String background, String remediationBackground, AuditIssueSeverity typicalSeverity, List<HttpRequestResponse> requestResponses)
      This method can be used to create a default implementation of an audit issue for a URL.
      Parameters:
      name - The name of the issue type.
      detail - The detailed information about the issue.
      remediation - The detailed information about the remediation for the issue.
      baseUrl - The base URL for which the issue is generated.
      severity - The AuditIssueSeverity level.
      confidence - The AuditIssueConfidence level.
      background - The background description for the type of issue.
      remediationBackground - The background description of the remediation for this type of issue.
      typicalSeverity - The typical AuditIssueSeverity level.
      requestResponses - The list of HttpRequestResponse objects on the basis of which the issue is generated.
      Returns:
      The audit issue for the URL.