We’ve just added a feature that helps users better understand scan results. For each alert, Vega can now more precisely pinpoint to the user where and what exactly it found.
Some background
Vega vulnerability checks are written in Javascript. Anyone can write one. These modules are run both passively and actively as Vega finds content it wants to scan.
Vega modules report findings by generating alerts. In doing so, they save the relevant HTTP request and response objects for review by the user. Within the alert is a link to view these saved HTTP messages in the message viewer (see below).
Request link in a alert
For the user
The module developer can now specify an interesting string within the HTTP message. When opened through the link in the alert shown above, the Vega message viewer will scroll to the matching location and highlight the substring, making it immediately apparent to the user what the module found. Screen below:
Module development: response highlighting
For the module developer
The API support for this is pretty simple, there are two methods that can be called from the context object:
ctx.addStringHighlight()
ctx.addRegexHighlight()
If you grab the code from our repository, we’ve added this functionality to two modules (vinfo-paths.js and vinfo-feeds.js). These examples show how simple it is:
API support
We’ll be updating all existing and new modules so that they use this feature. We’ll also be adding UI support for viewing multiple matches.
Let us know what you think.
