Create a Scope Definition

Creating and Saving

To use the scope analysis feature, you must first create scope definitions. To create a scope definition in FireEyes go to the Settings tab, scroll down to Analysis scope definitions.

Analysis scope definitions section of the Settings tab

Note

Scope definitions will automatically be saved to the WorldSpace Project that is currently active in FireEyes. To switch Projects, select the Switch button in the FireEyes toolbar.

IMPORTANT!

In order for scope definitions to correctly take into account the entire web page in WorldSpace (including document title and other <head> elements, for example), it is important to define a Template scope definition for the whole page (XPath = /html), as well as Content scope definition for the entire body of the page (XPath = /html/body). (This is not necessary if the scope definitions are used only in FireEyes.)

Required Scope Definitions for WorldSpace Scans
Category XPath
Template 1 /html
Content 1 /html/body

To enter a template scope definition for the whole page, give it a name ("Template - All" is shown in the example below), set the Category to "Template 1" and the Xpath to "/html".

screenshot of adding a new scope definition for the whole page

Select the "Save" button, then click on the "Add" icon (a green square with a white plus). This will create a new row.

screenshot of the add icon

To create a content scope definition for the body of the document, give it a name ("Content - All" is shown in the example below), set the Category to "Content 1" and the Xpath to "/html/body".

Screenshot of adding a scope definition for the entire body of the web page

Name

For each scope definition, choose a Name this is clear and informative so that others on the Project will know what the Scope is for.

Example: Enter "Template - All" or "Header" or "Footer" or "Main menu" or other meaningful name.

Category

Categories are like buckets you can use for sorting elements. The Categories can be used to test groups of scope definitions, so it is a good idea to use the same Category name for templates that logically appear together on the site.

The Category names - Content 1-4 and Template 1-4 - are not editable. The use of Content 1 and Template 1 are sufficient for most projects. If a Project contains different template sets, you should assign different Content or Template numbers to them. Similarly, if there are multiple team creating scope definitions for a single Project, you may want to assign one team Content 1 / Template 1, another team Content 2 / Template 2, and so on.

As noted above, in order for scope definitions to work correctly in a WorldSpace scan, it is important to define a Content scope definition for the whole page, as well as Template scope definitions. To create a Content scope definition for the entire page, after entering a Name ("Content") and selecting a Category ("Category 1"), skip the remaining steps and simply select the Save. This will save a scope definition with the default XPath of "/html/body".

Entering a name and selecting a category for a new scope definition

XPath and Frame XPath

Via Mouse

Select the Pick XPath button to enable the XPath selector. Click the web page in the area you wish to define (e.g. header). The DOM node of the region clicked will be selected and highlighted in the browser. The XPath and robust XPath field, as well as the Frame XPath field (if the region is in a frame) will be populated with the DOM node region xPath data. Use the More general XPath (represented in FireEyes as a left arrow) and the More specific XPath (represented in FireEyes as a right arrow) buttons to select a broader or more specific XPath.

Entering a name and selecting a category for a new scope definition

Via Keyboard

The XPath can also be entered via keyboard by entering the XPath directly into the XPath edit box. To do so, you need to know the id of the element you want to evaluate. For example:

  • /section[@id='content'] identifies a section tag with an id of "content": <section id="content">
  • /div[@id='header-panel'] identifies a div with an id of "header-panel": <div id="header-panel">
  • /div[@id='right-column'] identifies a div with an id of "right-column": <div id="right-column">
  • /html/body/section/div[2]/div[3] identifies an item without an id: the third div inside the second div inside the section tag inside the body of the html

Note:

Make sure the id of the element you want is not used more than once on the page. This will prevent FireEyes from correctly identifying the desired element.

URL Pattern

The scope definition can be narrowed further by adding a URL Pattern. This can be useful if a website contains a part or parts, such as a shopping area or a secure member services area, that use a different template set than the main portion of the site.

Define a string of text that must appear in the URL of the page before it invokes the use of the scope definition. This string of text must come immediately after the domain name in the page address. The URL pattern uses a wildcard match. In other words, "/products" would match "/products" as well as any string of text that comes after it.

Entering a URL pattern for a new scope definition

Save

Select the Save this button. This will upload the scope definition to the WorldSpace server and make it available to all members of the project through WorldSpace or FireEyes.

Scope Definition Action Buttons

When a scope definition has been saved, the Action buttons change to: View, Edit, Inspect, Delete (a red box with a white minus sign), and Add (a green box with a white plus sign).

  • View: Highlights the element on the website view
  • Edit: Edit the scope definition features
  • Inspect: Displays the Firebug HTML tab
  • Delete (red box with white minus sign): Delete the scope definition
  • Add (green box with white plus sign): Add another scope definition

Action buttons for a scope definition