Response Processing Modules: Context OBject

The context object stores information about the module's environment (scan environment or proxy) and exposes the Vega API for generating alerts and accessing the knowledgebase. The context for a response processing module is different than the context for basic modules.

6.1 Generating Alerts

    context.alert(type, request, response, properties)

This method is used to generate an alert.

Example:

    ctx.alert("vdirlist", request, response, {
               output:   response.bodyAsString,
               key:      "vdirlist:" + key,
               resource: request.requestLine.uri
            });

The type parameter corresponds to the filename, without its extension, of the XML alert that is to be used to render the alert.

The request and response parameters are the same objects as were passed to the run() function.

The final parameter is a properties object, which is defined in this example anonymously. The properties object has as properties the following key/value pairs:

output:

A segment of data to be used in the "output" section of the alert. For example: matched content from the response body.

resource:

The affected resource, to be included in the alert. This is often the URI, but it could be part of the URI.

key:

A unique string that can be used to prevent the generation of multiple alerts for the same issue. The scheme for generating such a string will depend on the characteristics of the module and is up to the module writer to design. In the below example, we generate the key from the web path. This is relatively simple, and more complex schemes to prevent duplicate alerts may be necessary (e.g. incorporating detected data from the response.):

    var key = request.requestLine.uri;
    var index = sub.indexOf('?');

    if (index >= 0) {
      key = key.substring(0, index);
    }

6.2 Storing and Retrieving Properties

Vega has an internal knowledge base where arbitrary information can be shared between modules using key/value pairs. There are several methods to store and retrieve different types of data.

Storing and retrieving Objects:

    void context.setProperty(String name, Object value)

    Object context.getProperty(String name, Object value)

Storing and retrieving Strings:

    void context.setStringProperty(String name, String value)

    String context.getStringProperty(String name, String value)

Storing and retrieving Integers:

    void context.setIntegerProperty(String name, Integer value)

    Integer context.getIntegerProperty(String name, Integer value)

A module can obtain a List of all keys in the knowledge base with this method:

    List<String> context.propertyKeys()

Home > API > Response-Processing-Context-Object

Have feedback on Vega? Our documentation? Please tell us.