Multilingual vulnerability template #11
Assignees
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description and why
Pentesters from english-speaking countries are maybe the only ones that doesn't need this feature.
But in other countries you will need to have a findings library in both English and your native language and some countries also have 2, 3 or more official languages.
Very often, in non-english speaking countries, you need to write pentest report in several languages so having a Multilingual vulnerability database is critical for them.
Implementation
It needs a change of the SQL tables.
Instead of having something like
You would have
Workaround
A common bad workaround is to add a lang prefix in the title of the vulnerability.
Like
[EN] SQL injectionand[FR] Injection SQL.This is terrible for multiple reasons.
When having multiple languages, only field containing text or sentences need to be translated, all other fields like the CVSS vector, CVE, vulnerability ID, etc. don't need to be translated and can be stored only once in the database.
Also when you edit the vuln in one language if they are not linked you often forgot to update the vuln in other other languages too.
It also impossible to filter by language if you have fuzzy search.
And for report you can't ask for vuln.fr.description or vuln.en.description depending on your french or english template.
Demo
It's a bit long and hard to explain in details.
I invite your to deploy and test PwnDoc (https://github.com/pwndoc/pwndoc) which is the only pentest report platform I know to have a mutli-lang vuln DB. It's easy to deploy with docker-compose so it won't take long to try it.
The text was updated successfully, but these errors were encountered: