This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Orizon Project XML

From OWASP
Revision as of 10:38, 29 April 2008 by Thesp0nge (talk | contribs)

Jump to: navigation, search

The Orizon check XML schema

A check contained in a safe coding recipe, follows this schema:

<check 

  id=check identifier code 
  severity=[info | warning | error] 
  impact=[low | medium | high | critical | panic ]
  description=a short description for this check
  positive_fail=[yes | no]

> 

  [method_check | class_check | attribute_check | compare_check | variable_check | source_check]

</check>

... some ideas ...

Security checks can be divided in:

  • design_check
  • keyword_check
  • execution_check

where:

  • design_check, about source file design (how many class are contained in a source? how many methods? what is the scope of the method A?):

<design 

   subj=[class|field|attribute]
   name=the subject name when appliable
   verb=[contains|count|has_scope]
   value=the value being checked

/>

<design 

   subj="class"
   verb=[extends|implements]
   value=the value being checked

/>

  • keyword_check, about keyword specific checks

<keyword 

   name=keyword name

/>

  • execution_check: extra care must be taken for parameter in this desing...

<exec 

   caller_class=a class name
   caller_method=a method name

/>

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Orizon_Project_XML&oldid=28575"