Use Lua Tables for Simpler VulnReport Handling

Question

Use Lua Tables for Simpler VulnReport Handling

knassar702 opened this issue 2 years ago · 0 comments

Currently, VulnReport/CveReport classes are being used to handle vulnerability reports
However, the current implementation is lengthy and can be simplified using Lua tables
The proposed solution is to use Lua tables instead of the VulnReport class to make the code simpler and easier to read.

Instead of the following code:

-- INSTEAD OF

    VulnReport:setName("SQL Injection")
    VulnReport:setDescription("https://owasp.org/www-community/attacks/SQL_Injection")
    VulnReport:setRisk("high")
    VulnReport:setUrl(url)
    VulnReport:setParam(parameter)
    VulnReport:setAttack(payload)
    VulnReport:setEvidence(matching_error)

We can use the following code:

Reports:add_vuln{
name = "SQL Injection",
description = "https://owasp.org/www-community/attacks/SQL_Injection",
risk = "high",
url = url,
param = param,
attack = attack,
evidence = evidence}