trailofbits/twa

Formal codes for FATALs, FAILs, and MEHs

woodruffw opened this issue · 0 comments

twa should provide easily searchable numeric codes for its negative results (FATAL, FAIL, and MEH), similar to Shellcheck and other linting tools. GitHub's wiki feature could be leveraged to provide detailed explanations for each code, a la RuboCop.

For example, TWA-101 could be negative result 1 for stage 1: HTTP redirecting to HTTPS via a 302, instead of a more permanent 301.