►
From YouTube: Bitwise (ish) flags in security reports
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
this
is
a
bit
of
a
weird
one,
so
I'm
just
doing
a
video
source
of
sure
how
it
works
and
why
it
works.
This
might
change
variants
up
into
confusing,
but
here
we
are
so
the
problem
we
had
with
this
is
that
we
needed
to
know
how
many
critical
high
and
other
vulnerabilities
there
were
and
generate
a
string
based
on
that,
and
previously
we
had
this
giant
horrible
nested
if-else
mess
that
was
just
so
hard
to
pass.
A
So
we've
managed
to
change
it
so
that
ignoring
this
about
the
top
four
now
I'll
get
to
that,
we
can
just
use
a
switch
statement
on
these
options
and
say
have
a
case
of
critical.
So
it's
there's
only
critical
and
a
case
of
high,
so
this
one
says
it's
only
high
and
then,
when
we
start
getting
into
more
complicated
ones,
we
can
just
say
like
critical
plus
high.
Is
this
critical
plus
other?
We
say
this
critical
and
high
and
other
is
this?
So
we
can,
we
can
just
add
new
cases
as
new
things
come
in.
A
So
if
we
have
I
don't
know,
we
start
looking
for
medium
vulnerabilities
as
well.
It's
a
lot
easier
to
add
these
in
and
not
have
to
do.
If
else,
then,
if
else,
if
else,
if
else,
if
else
and
then
nested
for
attorney
it's
a
complete
mess,
so
the
way
this
works,
it's
kind
of
it's
like
a
variation
on
bitwise
flags.
A
A
If
you
don't
know
what
bitwise
is,
don't
worry
I'm
about
to
explain
so
the
idea
is
we
assign
values
to
a
critical
high
and
other,
and
then,
if
we
have
critical
vulnerabilities,
then
we
add
the
critical
value
to
this
options
variable
if
we
have
high
ones,
then
we
add
this
high
and
if
we
have
other
ones,
then
we
add
this
other
and
what
that
does
is
it.
It
turns
options
into
a
number
that
we
can.
A
Then
it's
it's
unique,
depending
on
what's
actually
selected
so,
rather
than
just
point
I
I've
kind
of
done
like
a
little
spreadsheet
thing
that
shows
you
saw
if
we
have
critical
vulnerabilities,
we
add
a
one,
so
options
becomes
one.
If
we
have
hi,
we
added
two.
So
options
then
becomes
three
and
if
we
have
other,
we
are
a
force.
So
options
then
becomes
seven
and
because
I've
picked
one
two
and
four-
and
these
are
the
sort
of
binary
I,
don't
know
how
to
describe
it
but
binary
digits.
A
Essentially,
this
options
number
can
be
unpicked,
so
we
know
based
on
what
this
number
is,
which
options
have
been
selected
so
say
the
number
is
five.
You
can
only
get
to
a
five
by
adding
other
two
critical
there's,
there's
no
other
way
of
getting
a
five.
You
can't
do
four
plus
two
is
too
high.
You
can't
do
one
plus
two
plus,
you
know
you
get
the
point
and
every
single
number,
because
we're
using
this
binary
thing
is
totally
unique.
A
So
what
we
then
do
in
this
switch
statement
is
we
just
say
case
critical
and
that's
map
into
this
same
constant
up
here.
So
we're
saying:
if
options
is
equal
to
one,
then
we
must
only
have
critical
vulnerabilities.
If
options
is
equal
to
high,
which
is
two,
then
we
must
only
have
500
bilities,
because
that's
the
only
way
the
options
could
be
the
number
two
and
then
we
get
further
down,
and
we
say
if
the
case
is
critical,
plus
high,
so
one
plus
two.
A
This
is
a
fairly
common
pattern
in
computer
science,
but
obviously
it's
a
little
different,
because
normally
you
would
use
bitwise
operators
like
this
and
we
would
have
if
flag,
C
and
like
be
your
flexi
and
and
things
like
that.
I'd
recommend
reading
this
for
more
information.
But
it
start
to
look
I
mean
you
see
these
characters
get
confusing
pretty
quickly
in
JavaScript,
so
that
this
is
doing
essentially
the
same
thing.
A
It's
just
not
exactly
the
same
thing
so
yeah
and
and
for
example,
if
we
were
to
add
a
tall
law
of
one
abilities,
we'd
have
to
double
that
for
again.
So
that
would
be
eight
and
then
we
can
start
to
add
the
law
of
one
release
in
here
and
and
we
can
switch
based
on
them
as
well.
So
it's
really
nice
and
it
extends
pretty
nicely.