Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21871

The extension security indexer should support extension features

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 16.0.0
    • Extension - Security
    • None
    • Unknown

    Description

      Currently, the extension security scanner only uses the extension id to find vulnerabilities.

      Problem is that sometime an extension might embed another (in which case the other is supposed to be indicated as extension feature) and the scanner won't search for the embedded one.

      Ideally, it should search for the id and also all the features of the extension.

      Attachments

        Activity

          People

            Unassigned Unassigned
            tmortagne Thomas Mortagne
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: