{"_id":"5697879d8560a60d00e2c2b4","user":"553aac0436d0100d004b35a5","category":{"_id":"569784c469393517000c8315","__v":3,"pages":["569785f869393517000c8319","5697879d8560a60d00e2c2b4","5697888bd231880d00676eaf"],"project":"553aa3050074c80d00621c33","version":"553aa3050074c80d00621c36","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-01-14T11:21:40.670Z","from_sync":false,"order":3,"slug":"edit-skf-content","title":"Add or edit SKF content"},"project":"553aa3050074c80d00621c33","__v":1,"version":{"_id":"553aa3050074c80d00621c36","__v":5,"project":"553aa3050074c80d00621c33","createdAt":"2015-04-24T20:09:41.956Z","releaseDate":"2015-04-24T20:09:41.955Z","categories":["553aa3060074c80d00621c37","554dd8d10f31e40d0028e7a2","554ddd802432590d00bd511a","569784c469393517000c8315","569784ce3503e40d0061f40e"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-01-14T11:33:49.983Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":999,"body":"In order to add new knowledge base items to the s.k.f you have to know the build structure of the knowledge base items.\n\nLet's break them up into peaces:\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/5d7osI7S0GUBdAbCtzVc_AddKBitems.png\",\n        \"AddKBitems.png\",\n        \"709\",\n        \"39\",\n        \"#078406\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"Red:    Identifier, this number must increment.\\nBlue:   Separators, must be used exactly as seen in example, otherwise the checklist engine fails\\nYellow: Checklist type\\nGreen:  Knowledge base item name, cannot contain special chars like (&><'\\\") \",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nNow whenever we open this file we can find a small layout for styling. This styling is also used for dividing the 'description' and 'solution' parts:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"File upload injection      <-- Title as seen in your checklist head\\n-------\\n\\n**Description:**    <-- Description separator, also ads a bold styling\\n\\nUploaded files represent a significant risk to applications. The first step in \\tmany attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step................\\n\\n**Solution:**      <-- Solution separator, also ads a bold styling\\n\\nUploaded files always needs to be placed outside the document root of the web-server. You should also check the user-input(filename) for having the right allowed extensions such as .jpg, .png etc.................\",\n      \"language\": \"markdown\"\n    }\n  ]\n}\n[/block]\nn the description part we give an extended description about the attackers attack vector as wel as in what ways this wil be harming your system.\n\nIn the solution we tell how to mitigate and what things you must take into consideration whenever you put these mitigations into practice.","excerpt":"","slug":"knowledgebase","type":"basic","title":"Knowledgebase"}
In order to add new knowledge base items to the s.k.f you have to know the build structure of the knowledge base items. Let's break them up into peaces: [block:image] { "images": [ { "image": [ "https://files.readme.io/5d7osI7S0GUBdAbCtzVc_AddKBitems.png", "AddKBitems.png", "709", "39", "#078406", "" ] } ] } [/block] [block:code] { "codes": [ { "code": "Red: Identifier, this number must increment.\nBlue: Separators, must be used exactly as seen in example, otherwise the checklist engine fails\nYellow: Checklist type\nGreen: Knowledge base item name, cannot contain special chars like (&><'\") ", "language": "text" } ] } [/block] Now whenever we open this file we can find a small layout for styling. This styling is also used for dividing the 'description' and 'solution' parts: [block:code] { "codes": [ { "code": "File upload injection <-- Title as seen in your checklist head\n-------\n\n**Description:** <-- Description separator, also ads a bold styling\n\nUploaded files represent a significant risk to applications. The first step in \tmany attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step................\n\n**Solution:** <-- Solution separator, also ads a bold styling\n\nUploaded files always needs to be placed outside the document root of the web-server. You should also check the user-input(filename) for having the right allowed extensions such as .jpg, .png etc.................", "language": "markdown" } ] } [/block] n the description part we give an extended description about the attackers attack vector as wel as in what ways this wil be harming your system. In the solution we tell how to mitigate and what things you must take into consideration whenever you put these mitigations into practice.