Merge pull request #68 from radicallyopensecurity/shortcode-suggestion
suggest findingCode when starting Pentest Report
This commit is contained in:
Patricia Piolon
GitHub
@@ -42,6 +42,7 @@
|
||||
<xs:sequence>
|
||||
<xs:element ref="full_name"/>
|
||||
<xs:element ref="short_name"/>
|
||||
<xs:element ref="short_code" minOccurs="0"/>
|
||||
</xs:sequence>
|
||||
<xs:group ref="placeholders"/>
|
||||
</xs:choice>
|
||||
@@ -57,6 +58,7 @@
|
||||
|
||||
<xs:element name="full_name" type="xs:string"/>
|
||||
<xs:element name="short_name" type="xs:string"/>
|
||||
<xs:element name="short_code" type="xs:string"/>
|
||||
<xs:element name="poc1" type="xs:string"/>
|
||||
<xs:element name="legal_rep" type="xs:string"/>
|
||||
<xs:element name="address">
|
||||
|
||||
@@ -11,6 +11,8 @@
|
||||
<!-- long client name, e.g. Sitting Duck B.V. -->
|
||||
<short_name>Sitting Duck</short_name>
|
||||
<!-- short client name, e.g. Sitting Duck; if no short name: same as long name -->
|
||||
<short_code></short_code>
|
||||
<!-- 3-letter shortcode for use in pentest reports, e.g. SID (or leave empty to use system default) -->
|
||||
<legal_rep>I.M. Portant</legal_rep>
|
||||
<!-- customer legal representative (to sign offer) -->
|
||||
<waiver_rep>B.I.G. Wig</waiver_rep>
|
||||
|
||||
@@ -5,12 +5,80 @@
|
||||
|
||||
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
|
||||
|
||||
<xsl:variable name="clientShort" select="normalize-space(//client/short_name)"/>
|
||||
<xsl:variable name="stringLength" select="string-length($clientShort)"/>
|
||||
<xsl:variable name="stringLengthNoSpaces" select="translate($clientShort, ' ', '')"/>
|
||||
<xsl:variable name="wordCount" select="$stringLength - string-length($stringLengthNoSpaces) + 1"/>
|
||||
<xsl:variable name="noVowels"
|
||||
select="substring(translate($clientShort, 'AaEeIiOoUuYy', ''), 2, string-length(translate($clientShort, 'AaEeIiOoUu', '')) - 1)"/>
|
||||
<xsl:variable name="findingCodeSuggestion">
|
||||
<xsl:choose>
|
||||
<xsl:when test="normalize-space(//client/short_code)">
|
||||
<xsl:value-of select="normalize-space(//client/short_code)"/>
|
||||
</xsl:when>
|
||||
<xsl:when test="$clientShort">
|
||||
<xsl:choose>
|
||||
<!-- If client name should start with a three-letter abbreviation, pick that -->
|
||||
<xsl:when
|
||||
test="(string-length(substring-before($clientShort, ' ')) = 3) and substring-before($clientShort, ' ') = upper-case(substring-before($clientShort, ' '))">
|
||||
<xsl:value-of select="substring-before($clientShort, ' ')"/>
|
||||
</xsl:when>
|
||||
<!-- One-word client name -->
|
||||
<xsl:when test="$wordCount = 1">
|
||||
<xsl:choose>
|
||||
<xsl:when test="$stringLength = 3">
|
||||
<xsl:value-of select="$clientShort"/>
|
||||
</xsl:when>
|
||||
<xsl:otherwise>
|
||||
<!-- Get first letter -->
|
||||
<xsl:value-of select="substring($clientShort, 1, 1)"/>
|
||||
<!-- Then add two more -->
|
||||
<xsl:choose>
|
||||
<xsl:when test="string-length($noVowels) < 2">
|
||||
<!-- not enough consonants remaining, just get letter 2 and 3 -->
|
||||
<xsl:value-of select="substring($clientShort, 2, 2)"/>
|
||||
</xsl:when>
|
||||
<xsl:otherwise>
|
||||
<!-- we have at least two more consonants; add those -->
|
||||
<xsl:value-of select="substring($noVowels, 1, 2)"/>
|
||||
</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:when>
|
||||
<!-- Two-word client name: pick first letter of each word + last letter -->
|
||||
<xsl:when test="$wordCount = 2">
|
||||
<xsl:sequence
|
||||
select="
|
||||
string-join(for $x in tokenize($clientShort, ' ')
|
||||
return
|
||||
substring($x, 1, 1), '')"/>
|
||||
<xsl:value-of select="substring($noVowels, string-length($noVowels), 1)"/>
|
||||
</xsl:when>
|
||||
<xsl:when test="$wordCount = 3">
|
||||
<!-- Three words! Abbreviate! -->
|
||||
<xsl:sequence
|
||||
select="
|
||||
string-join(for $x in tokenize($clientShort, ' ')
|
||||
return
|
||||
substring($x, 1, 1), '')"
|
||||
/>
|
||||
</xsl:when>
|
||||
<!-- More than 3 words: pick the first letters of the first three words -->
|
||||
<xsl:otherwise>???</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:when>
|
||||
<!-- if there's no shortcode or client name to work with, give up -->
|
||||
<xsl:otherwise>???</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:variable>
|
||||
|
||||
<!-- ROOT -->
|
||||
<xsl:template match="/">
|
||||
|
||||
<pentest_report xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:noNamespaceSchemaLocation="../dtd/pentestreport.xsd"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude" xml:lang="en" findingCode="???" secrets="show">
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude" xml:lang="en"
|
||||
findingCode="{upper-case($findingCodeSuggestion)}" secrets="show">
|
||||
<meta>
|
||||
<title>Penetration Test Report</title>
|
||||
<targets>
|
||||
@@ -23,12 +91,20 @@
|
||||
</targets>
|
||||
<activityinfo>
|
||||
<xsl:for-each select="/offerte/meta/activityinfo/*">
|
||||
<xsl:if test="not(self::fee)">
|
||||
<xsl:if test="not(self::fee) and not(self::planning)">
|
||||
<xsl:copy copy-namespaces="no">
|
||||
<xsl:copy-of select="node()" copy-namespaces="no"/>
|
||||
</xsl:copy>
|
||||
</xsl:if>
|
||||
</xsl:for-each>
|
||||
<planning>
|
||||
<xsl:comment>start and end dates, in ISO format: YYYY-MM-DD</xsl:comment>
|
||||
<xsl:for-each select="/offerte/meta/activityinfo/planning/*">
|
||||
<xsl:copy copy-namespaces="no">
|
||||
<xsl:copy-of select="node()" copy-namespaces="no"/>
|
||||
</xsl:copy>
|
||||
</xsl:for-each>
|
||||
</planning>
|
||||
</activityinfo>
|
||||
<permission_parties>
|
||||
<xsl:element name="xi:include">
|
||||
@@ -158,7 +234,7 @@
|
||||
|
||||
<p>We have identified the following issues:</p>
|
||||
<xsl:comment> Listing of Findings (written by pentesters) </xsl:comment>
|
||||
|
||||
|
||||
<xsl:comment> Extreme </xsl:comment>
|
||||
|
||||
<xsl:comment> High </xsl:comment>
|
||||
|
||||
Reference in New Issue
Block a user