Yasca v1.2 is in development…
Sunday, January 4th, 2009I’m busy working on the next minor release of Yasca, and I’ve got something that I think you’ll like. Ignore lists.
Suppose you have some code that you think a particular plug-in doesn’t scan some of your code accurately. If you don’t want to clutter up your report with those results, you only have three choices at the moment: disable the plugin by either removing it from the plug-in directory (./plugins by default), prefixing the name with an underscore (i.e. rename badplugin.php to _badplugin.php), or using the -px command line parameter to ignore that particular plugin (i.e. yasca -px badplugin).
In version 1.2, I’ve added the concept of an ignore list. From the HTML output (HTMLGroupReport), you’ll have a new anchor available that will toggle whether that particular finding is ignored or not.
After you’ve clicked off all of the findings you want to ignore, you can click on the “save ignore list” link at the top, which will show the XML. Save the XML as a file, and include it when running Yasca next (i.e. yasca --ignore-file ./ignore.xml).
I’m working on making this a bit more user-friendly. If you have any ideas, please drop me a line.