DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity

Merge pull request #42 from radicallyopensecurity/better-planning-data

Browse Source 
Better planning data
This commit is contained in:
Patricia Piolon
2017-07-05 14:23:41 +02:00
committed by GitHub
parent d1785ff534 b1f85bf285
commit 4f9fe9c1ec
15 changed files with 127 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
xml/doc/examples/examplequickscope.xml
View File

@@ -31,7 +31,7 @@
<country>TP Country</country> <country>TP Country</country>
</third_party> </third_party>
<activity_info> <activityinfo>
<!-- Which targets will need to be tested? <!-- Which targets will need to be tested?
(one <target> element for each piece of software/service/server address/location...), delete/add as necessary --> (one <target> element for each piece of software/service/server address/location...), delete/add as necessary -->
<targets> <targets>
@@ -60,5 +60,5 @@
<!-- rate (to be filled in by ROS ;) --> <!-- rate (to be filled in by ROS ;) -->
<rate>40000</rate> <rate>40000</rate>
</activity_info> </activityinfo>
</quickscope> </quickscope>

32
xml/dtd/common.xsd
View File

@@ -116,7 +116,7 @@
<xs:attribute name="lastrevisiondate" type="xs:date"/> <xs:attribute name="lastrevisiondate" type="xs:date"/>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:element name="rate"> <xs:element name="rate">
<xs:complexType> <xs:complexType>
<xs:simpleContent> <xs:simpleContent>
@@ -156,8 +156,19 @@
<xs:element name="duration" type="xs:nonNegativeInteger"/> <xs:element name="duration" type="xs:nonNegativeInteger"/>
<xs:element name="persondays" type="xs:nonNegativeInteger"/> <xs:element name="persondays" type="xs:nonNegativeInteger"/>
<xs:element name="test_planning" type="xs:string"/> <xs:element name="planning">
<xs:element name="report_due" type="xs:string"/> <xs:complexType>
<xs:sequence>
<xs:element ref="start"/>
<xs:element ref="end"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="report_due">
<xs:simpleType>
<xs:union memberTypes="xs:date xs:string"/>
</xs:simpleType>
</xs:element>
<xs:element name="nature" type="xs:string"/> <xs:element name="nature" type="xs:string"/>
<xs:element name="type"> <xs:element name="type">
<xs:simpleType> <xs:simpleType>
@@ -168,6 +179,21 @@
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
</xs:element> </xs:element>
<xs:element name="start">
<xs:simpleType>
<xs:union memberTypes="xs:date xs:string"/>
</xs:simpleType>
</xs:element>
<xs:element name="end">
<xs:simpleType>
<xs:union memberTypes="xs:date xs:string"/>
</xs:simpleType>
</xs:element>
<xs:element name="target_application" type="xs:string"/> <xs:element name="target_application" type="xs:string"/>
<xs:element name="target_application_producer" type="xs:string"/> <xs:element name="target_application_producer" type="xs:string"/>

4
xml/dtd/ir_quickscope.xsd
View File

@@ -11,7 +11,7 @@
<xs:sequence> <xs:sequence>
<xs:element ref="client"/> <xs:element ref="client"/>
<xs:element ref="meta"/> <xs:element ref="meta"/>
<xs:element ref="activity_info"/> <xs:element ref="activityinfo"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
@@ -28,7 +28,7 @@
<xs:element name="offer_type" type="xs:NCName"/> <xs:element name="offer_type" type="xs:NCName"/>
<xs:element name="requested_service" type="xs:string"/> <xs:element name="requested_service" type="xs:string"/>
<xs:element name="activity_info"> <xs:element name="activityinfo">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element ref="organizational_readiness_assessment" minOccurs="0"/> <xs:element ref="organizational_readiness_assessment" minOccurs="0"/>

12
xml/dtd/offerte.xsd
View File

@@ -45,12 +45,12 @@
<xs:element name="activityinfo"> <xs:element name="activityinfo">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element ref="duration" minOccurs="0"/> <xs:element ref="duration" minOccurs="1"/>
<xs:element ref="persondays" minOccurs="0"/> <xs:element ref="persondays" minOccurs="1"/>
<xs:element ref="test_planning" minOccurs="0"/> <xs:element ref="planning" minOccurs="1"/>
<xs:element ref="report_due" minOccurs="0"/> <xs:element ref="report_due" minOccurs="1"/>
<xs:element ref="nature" minOccurs="0"/> <xs:element ref="nature" minOccurs="1"/>
<xs:element ref="type" minOccurs="0"/> <xs:element ref="type" minOccurs="1"/>
<xs:element ref="fee" minOccurs="0"/> <xs:element ref="fee" minOccurs="0"/>
<xs:element ref="organizational_readiness_assessment" minOccurs="0"/> <xs:element ref="organizational_readiness_assessment" minOccurs="0"/>
<xs:element ref="security_incident_management" minOccurs="0"/> <xs:element ref="security_incident_management" minOccurs="0"/>

16
xml/dtd/pentestreport.xsd
View File

@@ -47,14 +47,14 @@
<xs:element name="activityinfo"> <xs:element name="activityinfo">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element ref="duration"/> <xs:element ref="duration" minOccurs="1" maxOccurs="1"/>
<xs:element ref="persondays"/> <xs:element ref="persondays" minOccurs="1" maxOccurs="1"/>
<xs:element ref="test_planning"/> <xs:element ref="planning" minOccurs="1" maxOccurs="1"/>
<xs:element ref="report_due"/> <xs:element ref="report_due" minOccurs="1" maxOccurs="1"/>
<xs:element ref="nature"/> <xs:element ref="nature" minOccurs="1" maxOccurs="1"/>
<xs:element ref="type"/> <xs:element ref="type" minOccurs="1" maxOccurs="1"/>
<xs:element minOccurs="0" ref="target_application"/> <xs:element minOccurs="0" maxOccurs="1" ref="target_application"/>
<xs:element minOccurs="0" ref="target_application_producer"/> <xs:element minOccurs="0" maxOccurs="1" ref="target_application_producer"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>

11
xml/dtd/quickscope.xsd
View File

@@ -9,7 +9,7 @@
<xs:element ref="client"/> <xs:element ref="client"/>
<xs:element ref="meta"/> <xs:element ref="meta"/>
<xs:element ref="third_party" minOccurs="0" maxOccurs="unbounded"/> <xs:element ref="third_party" minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="activity_info"/> <xs:element ref="activityinfo"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
@@ -38,7 +38,7 @@
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:element name="activity_info"> <xs:element name="activityinfo">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element ref="targets"/> <xs:element ref="targets"/>
@@ -55,8 +55,11 @@
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
<xs:element name="days" type="xs:integer"/> <xs:element name="days" type="xs:integer"/>
<xs:element name="planning" type="xs:NCName"/> <xs:element name="delivery">
<xs:element name="delivery" type="xs:NCName"/> <xs:simpleType>
<xs:union memberTypes="xs:date xs:string"/>
</xs:simpleType>
</xs:element>
<xs:element name="codeaudit"> <xs:element name="codeaudit">
<xs:complexType> <xs:complexType>
<xs:attribute name="perform" use="required" type="xs:NCName"/> <xs:attribute name="perform" use="required" type="xs:NCName"/>

4
xml/source/ir_quickscope.xml
View File

@@ -20,7 +20,7 @@
</meta> </meta>
<!-- ACTIVITY INFO --> <!-- ACTIVITY INFO -->
<activity_info> <activityinfo>
<organizational_readiness_assessment><!-- Delete complete organizational_readiness_assessment element if not needed! --> <organizational_readiness_assessment><!-- Delete complete organizational_readiness_assessment element if not needed! -->
<rate denomination="eur">100000</rate><!-- flat rate! --> <rate denomination="eur">100000</rate><!-- flat rate! -->
<team> <team>
@@ -35,6 +35,6 @@
<technical_artefact_analysis> <technical_artefact_analysis>
<rate denomination="eur">250</rate><!-- rate per person-hour --> <rate denomination="eur">250</rate><!-- rate per person-hour -->
</technical_artefact_analysis> </technical_artefact_analysis>
</activity_info> </activityinfo>
</ir_quickscope> </ir_quickscope>

24
xml/source/quickscope.xml
View File

@@ -17,12 +17,6 @@
<!-- Required service --> <!-- Required service -->
<!-- Note: is only used when type is 'other', if offer_type is a specific type, service name will be taken from the localisation strings --> <!-- Note: is only used when type is 'other', if offer_type is a specific type, service name will be taken from the localisation strings -->
<requested_service>penetration testing services</requested_service> <requested_service>penetration testing services</requested_service>
<!-- Which targets will need to be tested?
(one <target> element for each piece of software/service/server address/location...), delete/add as necessary -->
<targets>
<target></target>
<target></target>
</targets>
</meta> </meta>
<!-- Do we need permission from third parties? Insert as many <third_party> elements as needed under this comment --> <!-- Do we need permission from third parties? Insert as many <third_party> elements as needed under this comment -->
<!-- INSERT OPTIONAL THIRD PARTIES HERE --> <!-- INSERT OPTIONAL THIRD PARTIES HERE -->
@@ -35,7 +29,13 @@
<country>XXX</country> <country>XXX</country>
</third_party> --> </third_party> -->
<!-- ___________________________________ --> <!-- ___________________________________ -->
<activity_info> <activityinfo>
<!-- Which targets will need to be tested?
(one <target> element for each piece of software/service/server address/location...), delete/add as necessary -->
<targets>
<target></target>
<target></target>
</targets>
<!-- How long would you like the test to be? (in days) --> <!-- How long would you like the test to be? (in days) -->
<days>0</days> <days>0</days>
<!-- How many persondays (if you don't know, try days * number of assigned pentesters) --> <!-- How many persondays (if you don't know, try days * number of assigned pentesters) -->
@@ -45,10 +45,12 @@
<!-- Testing type (Use one of the following values: crystal-box, black-box, grey-box) --> <!-- Testing type (Use one of the following values: crystal-box, black-box, grey-box) -->
<type>crystal-box</type> <type>crystal-box</type>
<!-- Test planning (when would you like the test to be executed --> <!-- Test planning (when would you like the test to be executed -->
<!-- Ideally something specific like 'December 7th - December 12th, 2015', but another description 'Beginning of December' is fine as well --> <!-- dates should be in ISO format (YYY-MM-DD) -->
<!-- do not start with a capital letter --> <!-- if unknown, write TBD -->
<planning>TBD</planning> <planning><start>YYYY-MM-DD</start><end>TBD</end></planning>
<!-- Pentest report delivery date (please allow at least 1 week between the end of the pentest and the report delivery date) --> <!-- Pentest report delivery date (please allow at least 1 week between the end of the pentest and the report delivery date) -->
<!-- date should be in ISO format (YYY-MM-DD) -->
<!-- if unknown, write TBD -->
<delivery>TBD</delivery> <delivery>TBD</delivery>
<!-- Do you need/want a code audit? (possible values: yes/no), only for pentest --> <!-- Do you need/want a code audit? (possible values: yes/no), only for pentest -->
<codeaudit perform="yes"/> <codeaudit perform="yes"/>
@@ -59,5 +61,5 @@
<!-- rate (to be filled in by ROS ;) --> <!-- rate (to be filled in by ROS ;) -->
<rate>0</rate> <rate>0</rate>
</activity_info> </activityinfo>
</quickscope> </quickscope>

4
xml/xslt/auto.xslt
View File

@@ -851,7 +851,7 @@
<xsl:choose> <xsl:choose>
<xsl:when test="$percentage >= 3.5"> <xsl:when test="$percentage >= 3.5">
<!--on the edge--> <!--on the edge-->
<svg:text text-anchor="middle" xsl:use-attribute-sets="TableFont"> <svg:text text-anchor="middle" xsl:use-attribute-sets="PieFont">
<xsl:attribute name="x"> <xsl:attribute name="x">
<xsl:value-of select="$middle_x + $text_line_x"/> <xsl:value-of select="$middle_x + $text_line_x"/>
</xsl:attribute> </xsl:attribute>
@@ -890,7 +890,7 @@
/> />
</xsl:attribute> </xsl:attribute>
</svg:path> </svg:path>
<svg:text text-anchor="end" xsl:use-attribute-sets="TableFont"> <svg:text text-anchor="end" xsl:use-attribute-sets="PieFont">
<xsl:attribute name="x"> <xsl:attribute name="x">
<!-- placement of text depends on where extra line is pointing --> <!-- placement of text depends on where extra line is pointing -->
<xsl:value-of select="$text_x_relative_to_line"/> <xsl:value-of select="$text_x_relative_to_line"/>

131
xml/xslt/ir2offerte.xsl
View File

@@ -70,7 +70,7 @@
</xsl:element> </xsl:element>
</permission_parties> </permission_parties>
<activityinfo> <activityinfo>
<xsl:for-each select="//activity_info/*"> <xsl:for-each select="//activityinfo/*">
<xsl:copy> <xsl:copy>
<xsl:copy-of select="node()"/> <xsl:copy-of select="node()"/>
</xsl:copy> </xsl:copy>
@@ -103,7 +103,7 @@
</xsl:element> </xsl:element>
</xsl:for-each> </xsl:for-each>
<xsl:if test="//activity_info/organizational_readiness_assessment"> <xsl:if test="//activityinfo/organizational_readiness_assessment">
<xsl:for-each <xsl:for-each
select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'organizational_readiness_assessment']/snippet"> select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'organizational_readiness_assessment']/snippet">
<xsl:element name="xi:include"> <xsl:element name="xi:include">
@@ -128,136 +128,9 @@
</xsl:attribute> </xsl:attribute>
</xsl:element> </xsl:element>
</xsl:for-each> </xsl:for-each>
<!--<xsl:comment>Introduction and Scope</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">introandscope</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Project overview section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">projectoverview</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Prerequisites section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">prerequisites</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Disclaimer section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">disclaimer</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Methodology section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">methodology</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>-->
<!--<xsl:if test="/*/activity_info/codeaudit/@perform = 'yes'">
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart"
>codeauditmethodology</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
</xsl:if>-->
<!--<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">teamandreporting</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Planning and payment section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">planningandpayment</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>About Us section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">aboutus</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Work condition section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">conditions</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>General terms and conditions section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart"
>generaltermsandconditions</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Waivers</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">waiver</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>-->
</offerte> </offerte>
</xsl:template> </xsl:template>
<!--<xsl:template name="docCheck">
<xsl:param name="fileNamePart" select="'none'"/>
<xsl:param name="typeSuffix">
<xsl:choose>
<xsl:when test="/*/meta/offer_type = 'pentest' or /*/meta/offer_type = 'other'"/>
<xsl:otherwise>
<xsl:text>_</xsl:text>
<xsl:value-of select="/*/meta/offer_type"/>
</xsl:otherwise>
</xsl:choose>
</xsl:param>
<xsl:param name="fileNameStandard"
select="concat('snippets/offerte/', $lang, '/', $fileNamePart, '.xml')"/>
<xsl:param name="fileNameExtended"
select="concat('snippets/offerte/', $lang, '/', $fileNamePart, $typeSuffix, '.xml')"/>
<xsl:choose>
<xsl:when test="doc-available(concat('../source/', $fileNameExtended))">
<xsl:value-of select="$fileNameExtended"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$fileNameStandard"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>-->
</xsl:stylesheet> </xsl:stylesheet>

4
xml/xslt/off2rep.xsl
View File

@@ -82,9 +82,9 @@
<title>Executive Summary</title> <title>Executive Summary</title>
<section id="introduction"> <section id="introduction">
<title>Introduction</title> <title>Introduction</title>
<p>...</p> <p>Between <p_startdate/> and <p_enddate/>, <company_long/> carried out a penetration test for <client_long/></p>
<p>This report contains our findings as well as detailed explanations of exactly <p>This report contains our findings as well as detailed explanations of exactly
how ROS performed the penetration test.</p> how <company_short/> performed the penetration test.</p>
</section> </section>
<section id="scope"> <section id="scope">
<title>Scope of work</title> <title>Scope of work</title>

20
xml/xslt/placeholders.xslt
View File

@@ -191,8 +191,14 @@
<xsl:with-param name="placeholderElement" select="$placeholderElement"/> <xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template> </xsl:call-template>
</xsl:template> </xsl:template>
<xsl:template match="p_testingduration"> <xsl:template match="p_startdate">
<xsl:param name="placeholderElement" select="/*/meta/activityinfo/test_planning"/> <xsl:param name="placeholderElement" select="/*/meta/activityinfo/planning/start"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_enddate">
<xsl:param name="placeholderElement" select="/*/meta/activityinfo/planning/end"/>
<xsl:call-template name="checkPlaceholder"> <xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/> <xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template> </xsl:call-template>
@@ -424,18 +430,24 @@
<xsl:text>&#160;</xsl:text> <xsl:text>&#160;</xsl:text>
<xsl:value-of select="$placeholderElement"/> <xsl:value-of select="$placeholderElement"/>
</xsl:when> </xsl:when>
<!-- PRETTY FORMATTING FOR AMOUNTS OF MONEY -->
<xsl:when test="self::p_fee or self::contractor_hourly_fee or self::ir_ora_rate"> <xsl:when test="self::p_fee or self::contractor_hourly_fee or self::ir_ora_rate">
<!-- pretty numbering for fee -->
<xsl:variable name="fee" select="$placeholderElement * 1"/> <xsl:variable name="fee" select="$placeholderElement * 1"/>
<xsl:number value="$fee" grouping-separator="," grouping-size="3"/> <xsl:number value="$fee" grouping-separator="," grouping-size="3"/>
</xsl:when> </xsl:when>
<!-- PRETTY FORMATTING FOR DATES -->
<xsl:when <xsl:when
test="self::contract_end_date or self::contract_start_date or self::generate_raterevisiondate"> test="(self::contract_end_date or self::contract_start_date or self::generate_raterevisiondate or self::start or self::end) and string(.) castable as xs:date">
<!-- pretty printing for date --> <!-- pretty printing for date -->
<xsl:value-of <xsl:value-of
select="format-date($placeholderElement, '[MNn] [D1], [Y]', 'en', (), ())" select="format-date($placeholderElement, '[MNn] [D1], [Y]', 'en', (), ())"
/> />
</xsl:when> </xsl:when>
<xsl:when
test="(self::contract_end_date or self::contract_start_date or self::generate_raterevisiondate or self::start or self::end) and not(string(.) castable as xs:date)">
<!-- pretty printing for date -->
<fo:inline xsl:use-attribute-sets="errortext">TBD</fo:inline>
</xsl:when>
<xsl:when <xsl:when
test="self::contract_period_unit and /contract/meta/scope/contract_type = 'single_engagement'"> test="self::contract_period_unit and /contract/meta/scope/contract_type = 'single_engagement'">
<!-- only use value for fixed term contracts; use 'engagement' for single engagement contract --> <!-- only use value for fixed term contracts; use 'engagement' for single engagement contract -->

153
xml/xslt/qs2offerte.xsl
View File

@@ -89,35 +89,36 @@
<activityinfo> <activityinfo>
<!-- copy various variables from quickscope --> <!-- copy various variables from quickscope -->
<duration> <duration>
<xsl:value-of select="/*/activity_info/days"/> <xsl:value-of select="/*/activityinfo/days"/>
</duration> </duration>
<xsl:comment>duration of pentest, in working days</xsl:comment> <xsl:comment>duration of pentest, in working days</xsl:comment>
<persondays> <persondays>
<xsl:value-of select="/*/activity_info/persondays"/> <xsl:value-of select="/*/activityinfo/persondays"/>
</persondays> </persondays>
<xsl:comment>duration of pentest, in persondays</xsl:comment> <xsl:comment>duration of pentest, in persondays</xsl:comment>
<test_planning> <planning>
<xsl:value-of select="/*/activity_info/planning"/> <start><xsl:value-of select="/*/activityinfo/planning/start"/></start>
</test_planning> <end><xsl:value-of select="/*/activityinfo/planning/end"/></end>
<xsl:comment>date or date range in text, e.g. May 18th until May 25th, 2016</xsl:comment> </planning>
<xsl:comment>start and end dates, in ISO format: YYYY-MM-DD</xsl:comment>
<report_due> <report_due>
<xsl:value-of select="/*/activity_info/delivery"/> <xsl:value-of select="/*/activityinfo/delivery"/>
</report_due> </report_due>
<xsl:comment>date or date range in text, e.g. May 18th until May 25th, 2016</xsl:comment> <xsl:comment>date or date range in text, e.g. May 18th until May 25th, 2016</xsl:comment>
<nature> <nature>
<xsl:value-of select="/*/activity_info/nature"/> <xsl:value-of select="/*/activityinfo/nature"/>
</nature> </nature>
<type> <type>
<xsl:value-of select="/*/activity_info/type"/> <xsl:value-of select="/*/activityinfo/type"/>
</type> </type>
<xsl:comment>please choose one of the following: black-box, grey-box, crystal-box</xsl:comment> <xsl:comment>please choose one of the following: black-box, grey-box, crystal-box</xsl:comment>
<fee denomination="eur"> <fee denomination="eur">
<xsl:value-of select="/*/activity_info/rate"/> <xsl:value-of select="/*/activityinfo/rate"/>
</fee> </fee>
<xsl:comment>(eur|usd|gbp)</xsl:comment> <xsl:comment>(eur|usd|gbp)</xsl:comment>
<xsl:if test="*/activity_info/application_name"> <xsl:if test="*/activityinfo/application_name">
<target_application> <target_application>
<xsl:value-of select="/*/activity_info/application_name"/> <xsl:value-of select="/*/activityinfo/application_name"/>
</target_application> </target_application>
<xsl:comment>name of application/service to be tested (if any; if none, DELETE target_application element)</xsl:comment> <xsl:comment>name of application/service to be tested (if any; if none, DELETE target_application element)</xsl:comment>
</xsl:if> </xsl:if>
@@ -150,7 +151,7 @@
</xsl:element> </xsl:element>
</xsl:for-each> </xsl:for-each>
<xsl:if test="/*/activity_info/codeaudit/@perform = 'yes'"> <xsl:if test="/*/activityinfo/codeaudit/@perform = 'yes'">
<xsl:for-each <xsl:for-each
select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'additionalcodeaudit']/snippet"> select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'additionalcodeaudit']/snippet">
<xsl:element name="xi:include"> <xsl:element name="xi:include">
@@ -176,134 +177,10 @@
</xsl:element> </xsl:element>
</xsl:for-each> </xsl:for-each>
<!--<xsl:comment>Introduction and Scope</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">introandscope</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Project overview section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">projectoverview</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Prerequisites section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">prerequisites</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Disclaimer section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">disclaimer</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Methodology section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">methodology</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>-->
<!--<xsl:if test="/*/activity_info/codeaudit/@perform = 'yes'">
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart"
>codeauditmethodology</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
</xsl:if>-->
<!--<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">teamandreporting</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Planning and payment section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">planningandpayment</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>About Us section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">aboutus</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Work condition section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">conditions</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>General terms and conditions section</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart"
>generaltermsandconditions</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
<xsl:comment>Waivers</xsl:comment>
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNamePart">waiver</xsl:with-param>
</xsl:call-template>
</xsl:attribute>
</xsl:element>-->
</offerte> </offerte>
</xsl:template> </xsl:template>
<!--<xsl:template name="docCheck">
<xsl:param name="fileNamePart" select="'none'"/>
<xsl:param name="typeSuffix">
<xsl:choose>
<xsl:when test="/*/meta/offer_type = 'pentest' or /*/meta/offer_type = 'other'"/>
<xsl:otherwise>
<xsl:text>_</xsl:text>
<xsl:value-of select="/*/meta/offer_type"/>
</xsl:otherwise>
</xsl:choose>
</xsl:param>
<xsl:param name="fileNameStandard"
select="concat('snippets/offerte/', $lang, '/', $fileNamePart, '.xml')"/>
<xsl:param name="fileNameExtended"
select="concat('snippets/offerte/', $lang, '/', $fileNamePart, $typeSuffix, '.xml')"/>
<xsl:choose>
<xsl:when test="doc-available(concat('../source/', $fileNameExtended))">
<xsl:value-of select="$fileNameExtended"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$fileNameStandard"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>-->
</xsl:stylesheet> </xsl:stylesheet>

36
xml/xslt/rep2off.xsl
View File

@@ -82,28 +82,24 @@
<xsl:comment>duration of pentest, in working days</xsl:comment> <xsl:comment>duration of pentest, in working days</xsl:comment>
<persondays>2</persondays> <persondays>2</persondays>
<xsl:comment>duration of pentest, in persondays</xsl:comment> <xsl:comment>duration of pentest, in persondays</xsl:comment>
<test_planning> <planning>
<xsl:choose> <start>
<xsl:when test="/*/activityinfo/test_planning"> <xsl:comment>date in ISO format (YYYY-MM-DD) or TBD</xsl:comment>
<xsl:value-of select="/*/activity_info/test_planning"/> <xsl:text>YYYY-MM-DD</xsl:text>
</xsl:when> </start>
<xsl:otherwise>TBD</xsl:otherwise> <end>
</xsl:choose> <xsl:comment>date in ISO format (YYYY-MM-DD) or TBD</xsl:comment>
</test_planning> <xsl:text>YYYY-MM-DD</xsl:text>
<xsl:comment>date or date range in text, e.g. May 18th until May 25th, 2015</xsl:comment> </end>
</planning>
<report_due> <report_due>
<xsl:choose> <xsl:comment>date in ISO format (YYYY-MM-DD) or TBD</xsl:comment>
<xsl:when test="/*/activityinfo/report_due"> <xsl:text>YYYY-MM-DD</xsl:text>
<xsl:value-of select="/*/activity_info/report_due"/>
</xsl:when>
<xsl:otherwise>TBD</xsl:otherwise>
</xsl:choose>
</report_due> </report_due>
<xsl:comment>date or date range in text, e.g. May 18th until May 25th, 2015</xsl:comment>
<nature> <nature>
<xsl:choose> <xsl:choose>
<xsl:when test="/*/activityinfo/nature"> <xsl:when test="/*/activityinfo/nature">
<xsl:value-of select="/*/activity_info/nature"/> <xsl:value-of select="/*/activityinfo/nature"/>
</xsl:when> </xsl:when>
<xsl:otherwise>time-boxed</xsl:otherwise> <xsl:otherwise>time-boxed</xsl:otherwise>
</xsl:choose> </xsl:choose>
@@ -111,7 +107,7 @@
<type> <type>
<xsl:choose> <xsl:choose>
<xsl:when test="/*/activityinfo/type"> <xsl:when test="/*/activityinfo/type">
<xsl:value-of select="/*/activity_info/type"/> <xsl:value-of select="/*/activityinfo/type"/>
</xsl:when> </xsl:when>
<xsl:otherwise>crystal-box</xsl:otherwise> <xsl:otherwise>crystal-box</xsl:otherwise>
</xsl:choose> </xsl:choose>
@@ -119,9 +115,9 @@
<xsl:comment>please choose one of the following: black-box, grey-box, crystal-box</xsl:comment> <xsl:comment>please choose one of the following: black-box, grey-box, crystal-box</xsl:comment>
<fee denomination="eur">0</fee> <fee denomination="eur">0</fee>
<xsl:comment>(eur|usd|gbp)</xsl:comment> <xsl:comment>(eur|usd|gbp)</xsl:comment>
<xsl:if test="*/activity_info/target_application"> <xsl:if test="*/activityinfo/target_application">
<target_application> <target_application>
<xsl:value-of select="/*/activity_info/target_application"/> <xsl:value-of select="/*/activityinfo/target_application"/>
</target_application> </target_application>
</xsl:if> </xsl:if>
</activityinfo> </activityinfo>

5
xml/xslt/styles.xslt
View File

@@ -35,6 +35,11 @@
<xsl:attribute-set name="TableFont" use-attribute-sets="DefaultFont"> <xsl:attribute-set name="TableFont" use-attribute-sets="DefaultFont">
<xsl:attribute name="font-size">10pt</xsl:attribute> <xsl:attribute name="font-size">10pt</xsl:attribute>
</xsl:attribute-set> </xsl:attribute-set>
<xsl:attribute-set name="PieFont">
<xsl:attribute name="font-family">LiberationSansNarrow</xsl:attribute>
<xsl:attribute name="font-size">10pt</xsl:attribute>
<xsl:attribute name="color">black</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="TinyFont" use-attribute-sets="DefaultFont"> <xsl:attribute-set name="TinyFont" use-attribute-sets="DefaultFont">
<xsl:attribute name="font-size">8pt</xsl:attribute> <xsl:attribute name="font-size">8pt</xsl:attribute>
</xsl:attribute-set> </xsl:attribute-set>