Vega Module Development: Highlighting in Requests and Responses

We’ve just added a feature that helps users better understand scan results. For each alert, Vega can now more precisely pinpoint to the user where and what exactly it found.

Some background

Vega vulnerability checks are written in Javascript. Anyone can write one. These modules are run both passively and actively as Vega finds content it wants to scan.

Vega modules report findings by generating alerts. In doing so, they save the relevant HTTP request and response objects for review by the user. Within the alert is a link to view these saved HTTP messages in the message viewer (see below).

Request link in a alert

 

For the user

The module developer can now specify an interesting string within the HTTP message. When opened through the link in the alert shown above, the Vega message viewer will scroll to the matching location and highlight the substring, making it immediately apparent to the user what the module found. Screen below:

Module development: response highlighting

 

For the module developer

The API support for this is pretty simple, there are two methods that can be called from the context object:

ctx.addStringHighlight()

ctx.addRegexHighlight()

If you grab the code from our repository, we’ve added this functionality to two modules (vinfo-paths.js and vinfo-feeds.js). These examples show how simple it is:

API support

We’ll be updating all existing and new modules so that they use this feature. We’ll also be adding UI support for viewing multiple matches.

Let us know what you think.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s