Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Level to numeric field #2560

Open
elarlang opened this issue Jan 30, 2025 · 5 comments
Open

Level to numeric field #2560

elarlang opened this issue Jan 30, 2025 · 5 comments
Labels
_5.0 - draft This should be discussed once a 5.0 draft has been prepared.

Comments

@elarlang
Copy link
Collaborator

Proposal to make level to numeric field was already in #1022 and agreed in #1022 (comment) and #1022 (comment).

The topic was raised again in #2555

@elarlang
Copy link
Collaborator Author

ping @tghosth - can I move on with that?

Most likely it breaks export scripts, but I don't think it is a problem at the moment.

It affects quite many scripts from my side so I would like to move on to new format.

@tghosth
Copy link
Collaborator

tghosth commented Jan 30, 2025

can we wait until we are ready for the releveling? or would you prefer to change the format without releveling and then change the levels afterwards?

@elarlang
Copy link
Collaborator Author

Just a hint - for releveling it is easier to change number than put correct amount of check signs to correct place.

I can see it as independent task that can be done in any moment, but for every scripts that need to work in the future it is better that this change is done.

@tghosth
Copy link
Collaborator

tghosth commented Jan 31, 2025

Example

Before

# Description L1 L2 L3 CWE
5.2.1 [MODIFIED] Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized using a well-known and secure HTML sanitization library or framework feature. 116

After

# Description L CWE
5.2.1 [MODIFIED] Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized using a well-known and secure HTML sanitization library or framework feature. 1 116

@elarlang
Copy link
Collaborator Author

elarlang commented Jan 31, 2025

To be more precise on the final product, we will drop also CWE column (#1481). Instead of "L" I prefer to use "Level".

After-after

# Description Level
5.2.1 [MODIFIED] Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized using a well-known and secure HTML sanitization library or framework feature. 1

@tghosth tghosth added the _5.0 - draft This should be discussed once a 5.0 draft has been prepared. label Feb 2, 2025
elarlang pushed a commit to elarlang/ASVS that referenced this issue Feb 2, 2025
tghosth pushed a commit that referenced this issue Feb 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
_5.0 - draft This should be discussed once a 5.0 draft has been prepared.
Projects
None yet
Development

No branches or pull requests

2 participants