The Creation of FAST Extensions

Request elements description syntax

When creating a FAST extension, you need to understand the structure of the HTTP request sent to the application and that of the HTTP response received from the application to correctly describe the request elements that you need to work with using the points.

To see detailed information, proceed to this link.

The FAST extensions are created by describing all of the sections that are required for the extension to operate in the YAML file of the extension.

  • The obligatory sections:
    • meta-info — contains information about the vulnerability that is to be discovered by the extension. The structure of this section is described below.
    • detect — contains the description of the obligatory Detect phase. To see detailed information about the phase and the structure of the corresponding section, proceed to this link.
  • The optional sections (may be absent):
    • collect — contains the description of the optional Collect phase. To see detailed information about the phase and the structure of the corresponding section, proceed to this link.
    • match — contains the description of the optional Match phase. To see detailed information about the phase and the structure of the corresponding section, proceed to this link.
    • modify — contains the description of the optional Modify phase. To see detailed information about the phase and the structure of the corresponding section, proceed to this link.
    • generate — contains the description of the optional Generate phase. To see detailed information about the phase and the structure of the corresponding section, proceed to this link.

Mounting FAST extensions

For the extensions to work, the directory containing the extensions' YAML file has to be mounted to the FAST node Docker container. To see detailed information about the mounting procedure, proceed to the next chapter.

The informational meta-info section has the following structure:

meta-info:
  - title:
  - type:
  - threat:
  - description:
  • title — an optional title string that describes a vulnerability. The specified value will be shown in the list of the detected vulnerabilities on the Wallarm web interface in the “Title” column. It can be used to identify either the vulnerability or the certain extension that detected the vulnerability.

    Example.

    title: "Example vulnerability"

  • type — an obligatory parameter that describes the type of vulnerability that the extension is trying to exploit. The specified value will be shown in the “Type” column of the list of detected vulnerabilities on the Wallarm web interface. The parameter can The parameter can take one of the values which are described here.

    Example.

    type: sqli

  • threat — optional parameter that defines the vulnerability threat level. The specified value will be graphically displayed in the list of the detected vulnerabilities on the Wallarm web interface in the “Risk” column. The parameter can be assigned an integer value in a range from 1 to 100. The larger the value, the higher the threat level of the vulnerability.

    Example.

    threat: 20

    The list of the vulnerabilities found

  • description — optional string parameter that contains the description of the vulnerability that the extension detects. This information will be shown in the detailed description of the vulnerability.

    Example.

    description: "A demonstrational vulnerability"

    Detailed description of the vulnerability on the Wallarm web interface

results matching ""

    No results matching ""