DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity

Merge branch 'development'

Browse Source
This commit is contained in:
Peter Mosmans
2016-08-25 15:35:05 +02:00
parent 52aef54c69 18ff44ef4d
commit b5143de80e
107 changed files with 7698 additions and 536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1141
xml/RELEASE_NOTES.html Normal file
View File

File diff suppressed because it is too large Load Diff

74
xml/RELEASE_NOTES.md
View File

@@ -1,6 +1,80 @@
RELEASE NOTES
=============
August 25th, 2016
-----------------
### More configurable contract snippet selection
You can now configure contract types and the snippets they use in `snippets/snippetselection.xml`. The selected snippets will be used when generating the contract from `contract_info.xml` (see Aug 19 release notes). If you define no snippet group, all snippets will be generated one after the other in the resulting contract. If you do define snippet groups, these can then be referenced from the xslt so that you generate a group at a time (useful if there should be something in between them or if they go in different sections or something like that). In due time this will also be generated for offertes (so as to configure offertes generated from the `quickscope.xml`)
### Generic Document footnotes
You can now use footnotes (`<p>This is a nice<fnref>And by nice I mean that it contains a footnote</fnref> sentence.</p>`) in generic documents. In due time these will also be added to pentest reports and offertes.
### Generic Document bibliography
You can now use bibliography references and entries in generic documents. In due time these will also be added to pentest reports and offertes.
#### Example:
<p>This is a nice book<bibref ref="bib1"/>.</p>`
<section id="bibliography">
<title>Bibliography</title>
<biblioentries>
<biblioentry role="book" id="bib1">
<author>
<surname>Guy</surname>
<firstname>Some</firstname>
</author>
<title>Books are cool</title>
<info>pages 207228</info>
<publisher>
<name>We Publish Everything</name>
<location>Amsterdam</location>
</publisher>
<pubdate>2016</pubdate>
<link>
<a href="http://www.noqualitycontrol.com/someguysbook">http://www.noqualitycontrol.com/someguysbook</a>
<accessed>2016-08-25</accessed>
</link>
</biblioentry>
August 19th, 2016
-----------------
### Contracts
Added a contract document type; it works as follows:
1. fill out the fields (elements) in contract_info.xml
2. Create contract.xml from contract_info.xml using info2contract.xsl
3. contract.xml --> contract.pdf (using generate_contract.xsl + fop)
In general there shoudl be no need to edit contract.xml, it is an intermediate document. The idea is to go straight from contract_info.xml to contract.pdf (in two steps)
July 30, 2016
-------------
### Finding status
New feature for retests: finding status to indicate if, in context of a follow-up pentest, a finding is new, resolved, still unresolved or not retested.
The `<finding>` element now has an optional `@status` attribute. Possible values are:
- `new`
- `unresolved`
- `resolved`
- `not_retested`
The `<generate_findings/>` element now likewise has this optional `@status` attribute with the same possible values. You can add it to generate a finding summary table containing only the findings with a specific status.
June 15, 2016
-------------

122
xml/dtd/common.xsd
View File

@@ -32,6 +32,7 @@
<xs:element ref="iban"/>
</xs:sequence>
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
</xs:complexType>
</xs:element>
@@ -99,6 +100,7 @@
<xs:element ref="vat_no"/>
</xs:sequence>
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
<xs:attribute name="id" type="xs:ID"/>
</xs:complexType>
</xs:element>
@@ -108,7 +110,6 @@
<xs:element name="duration" type="xs:nonNegativeInteger"/>
<xs:element name="test_planning" type="xs:string"/>
<xs:element name="report_writing" type="xs:string"/>
<xs:element name="report_due" type="xs:string"/>
<xs:element name="nature" type="xs:string"/>
<xs:element name="type">
@@ -219,7 +220,7 @@
<xs:attribute ref="xml:base"/>
</xs:complexType>
</xs:element>
<xs:element name="version_history">
<xs:complexType>
<xs:sequence>
@@ -294,6 +295,23 @@
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="bibref">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="ref" use="optional" type="xs:anyURI"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:element name="fnref">
<xs:complexType mixed="true">
<xs:choice maxOccurs="unbounded">
<xs:group ref="inline-except-fnref"/>
<xs:group ref="placeholders"/>
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="b">
<xs:complexType mixed="true">
<xs:choice maxOccurs="unbounded">
@@ -350,6 +368,79 @@
</xs:choice>
</xs:complexType>
</xs:element>
<xs:element name="biblioentries">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="unbounded">
<xs:element ref="biblioentry"></xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="biblioentry">
<xs:complexType>
<xs:sequence>
<xs:element ref="author" minOccurs="0" maxOccurs="unbounded"/>
<xs:element ref="title"/>
<xs:choice>
<xs:element ref="journal" minOccurs="0"/>
<xs:element ref="website" minOccurs="0"/>
</xs:choice>
<xs:element ref="info" minOccurs="0"/>
<xs:element ref="publisher" minOccurs="0"/>
<xs:element ref="pubdate" minOccurs="0"/>
<xs:element ref="link" minOccurs="0"/>
</xs:sequence>
<xs:attribute ref="role"/>
<xs:attribute name="id" use="required" type="xs:ID"/>
</xs:complexType>
</xs:element>
<xs:attribute name="role">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="book"/>
<xs:enumeration value="article"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:element name="author">
<xs:complexType>
<xs:sequence>
<xs:element ref="surname" minOccurs="0" maxOccurs="1"/>
<xs:element ref="firstname" minOccurs="0" maxOccurs="1"/>
<xs:element ref="org" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="publisher">
<xs:complexType>
<xs:sequence>
<xs:element ref="name" minOccurs="0" maxOccurs="1"/>
<xs:element ref="location" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="link">
<xs:complexType>
<xs:sequence>
<xs:element ref="a" minOccurs="1" maxOccurs="1"/>
<xs:element ref="accessed" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="surname" type="xs:string"/>
<xs:element name="firstname" type="xs:string"/>
<xs:element name="org" type="xs:string"/>
<xs:element name="journal" type="xs:string"/>
<xs:element name="info" type="xs:string"/>
<xs:element name="location" type="xs:string"/>
<xs:element name="pubdate" type="xs:string"/>
<xs:element name="accessed" type="xs:date"/>
<!-- attributes -->
<xs:attribute name="break">
@@ -380,6 +471,21 @@
<xs:element minOccurs="0" maxOccurs="unbounded" ref="monospace"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sup"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sub"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="fnref"/>
</xs:choice>
</xs:group>
<xs:group name="inline-except-fnref">
<xs:choice>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="a"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="br"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="i"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="b"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="u"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="monospace"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sup"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sub"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
</xs:choice>
</xs:group>
<xs:group name="inline-except-b">
@@ -391,6 +497,8 @@
<xs:element minOccurs="0" maxOccurs="unbounded" ref="monospace"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sup"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sub"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="fnref"/>
</xs:choice>
</xs:group>
<xs:group name="inline-except-sup">
@@ -402,6 +510,8 @@
<xs:element minOccurs="0" maxOccurs="unbounded" ref="b"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="monospace"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sub"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="fnref"/>
</xs:choice>
</xs:group>
<xs:group name="inline-except-sub">
@@ -413,6 +523,8 @@
<xs:element minOccurs="0" maxOccurs="unbounded" ref="b"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="monospace"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sup"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="fnref"/>
</xs:choice>
</xs:group>
<xs:group name="inline-except-i">
@@ -424,6 +536,8 @@
<xs:element minOccurs="0" maxOccurs="unbounded" ref="monospace"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sup"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sub"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="fnref"/>
</xs:choice>
</xs:group>
<xs:group name="inline-except-u">
@@ -435,6 +549,8 @@
<xs:element minOccurs="0" maxOccurs="unbounded" ref="monospace"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sup"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sub"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="fnref"/>
</xs:choice>
</xs:group>
<xs:group name="inline-except-monospace">
@@ -446,6 +562,8 @@
<xs:element minOccurs="0" maxOccurs="unbounded" ref="u"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sup"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="sub"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="bibref"/>
<xs:element minOccurs="0" maxOccurs="unbounded" ref="fnref"/>
</xs:choice>
</xs:group>

146
xml/dtd/contract_info.xsd Normal file
View File

@@ -0,0 +1,146 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
<xs:import namespace="http://www.w3.org/XML/1998/namespace"
schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<xs:import namespace="http://www.w3.org/2001/XInclude"
schemaLocation="http://www.w3.org/2001/XInclude/XInclude.xsd"/>
<xs:include schemaLocation="common.xsd"/>
<xs:element name="contract_info">
<xs:complexType>
<xs:sequence>
<xs:element ref="company"/>
<xs:element ref="scope"/>
<xs:element ref="contractor"/>
<xs:element ref="work"/>
</xs:sequence>
<xs:attribute ref="xml:lang"/>
</xs:complexType>
</xs:element>
<xs:element name="scope">
<xs:complexType>
<xs:sequence>
<xs:element ref="contract_type"/>
<xs:element ref="engagement_description"/>
<xs:element ref="secondpartyrole"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="contract_type">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="single_engagement"/>
<xs:enumeration value="fixed_term"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="engagement_description" type="xs:string"/>
<xs:element name="secondpartyrole" type="xs:string"/>
<xs:element name="contractor">
<xs:complexType>
<xs:sequence>
<xs:element ref="name"/>
<xs:element ref="ctcompany"/>
<xs:element ref="address"/>
<xs:element ref="postal_code"/>
<xs:element ref="city"/>
<xs:element ref="country"/>
<xs:element ref="email"/>
<xs:element ref="hourly_fee"/>
</xs:sequence>
<xs:attribute name="sex" use="required">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="F"/>
<xs:enumeration value="M"/>
<xs:enumeration value="O"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="ctcompany" type="xs:string"/>
<xs:element name="work">
<xs:complexType>
<xs:sequence>
<xs:element ref="activities"/>
<xs:element ref="start_date"/>
<xs:element ref="end_date"/>
<xs:element ref="planning"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="activities">
<xs:complexType>
<xs:sequence>
<xs:element maxOccurs="unbounded" ref="activity"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="activity" type="xs:string"/>
<xs:element name="start_date" type="xs:date"/>
<xs:element name="end_date" type="xs:date"/>
<xs:element name="planning">
<xs:complexType>
<xs:sequence>
<xs:element ref="hours"/>
<xs:element ref="per"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="hours" type="xs:integer"/>
<xs:element name="per">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="week"/>
<xs:enumeration value="month"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="hourly_fee">
<xs:complexType>
<xs:simpleContent>
<xs:extension base="xs:integer">
<xs:attribute name="denomination" use="required">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="eur"/>
<xs:enumeration value="gbp"/>
<xs:enumeration value="usd"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
</xs:element>
<xs:group name="placeholders">
<xs:choice>
<xs:element name="company_long"/>
<xs:element name="company_short"/>
<xs:element name="company_address"/>
<xs:element name="company_postalcode"/>
<xs:element name="company_city"/>
<xs:element name="company_country"/>
<xs:element name="company_poc1"/>
<xs:element name="company_email"/>
<xs:element name="engagement_description"/>
<xs:element name="secondpartyrole"/>
<xs:element name="contract_start_date"/>
<xs:element name="contract_end_date"/>
<xs:element name="contract_period"/>
<xs:element name="contract_total_fee"/>
<xs:element name="contract_planned_hours"/>
<xs:element name="contract_period_unit"/>
<xs:element name="contract_activities"/>
<xs:element name="contractor_name"/>
<xs:element name="contractor_company"/>
<xs:element name="contractor_address"/>
<xs:element name="contractor_postalcode"/>
<xs:element name="contractor_city"/>
<xs:element name="contractor_country"/>
<xs:element name="contractor_email"/>
<xs:element name="contractor_hourly_fee"/>
</xs:choice>
</xs:group>
</xs:schema>

2
xml/dtd/genericdocument.xsd
View File

@@ -77,6 +77,7 @@
<xs:element ref="ol"/>
<xs:element ref="img"/>
<xs:element ref="div"/>
<xs:element ref="biblioentries"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="id" use="required" type="xs:ID"/>
@@ -116,6 +117,7 @@
</xs:complexType>
<!-- Placeholders -->
<xs:group name="placeholders">
<xs:choice/>
</xs:group>

9
xml/dtd/offerte.xsd
View File

@@ -68,7 +68,6 @@
<xs:sequence>
<xs:element ref="duration"/>
<xs:element ref="test_planning"/>
<xs:element ref="report_writing"/>
<xs:element ref="report_due"/>
<xs:element ref="nature"/>
<xs:element ref="type"/>
@@ -114,6 +113,7 @@
</xs:choice>
</xs:sequence>
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
<xs:attribute ref="visibility" use="optional"/>
</xs:complexType>
</xs:element>
@@ -122,11 +122,10 @@
<xs:complexType>
<xs:sequence>
<xs:element ref="standard_waiver"/>
<xs:choice>
<xs:element ref="alternative_waiver"/>
</xs:choice>
<xs:element ref="alternative_waiver" minOccurs="0"/>
</xs:sequence>
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
</xs:complexType>
</xs:element>
@@ -192,6 +191,7 @@
<xs:attribute name="id" use="optional" type="xs:ID"/>
<xs:attribute ref="break" use="optional"/>
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
</xs:complexType>
</xs:element>
@@ -232,7 +232,6 @@
<xs:element name="p_boxtype"/>
<xs:element name="p_fee"/>
<xs:element name="p_testingduration"/>
<xs:element name="p_reportwritingduration"/>
<xs:element name="p_reportdue"/>
<xs:element name="signee_long"/>
<xs:element name="signee_short"/>

50
xml/dtd/pentestreport.xsd
View File

@@ -25,6 +25,7 @@
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute ref="xml:lang"/>
</xs:complexType>
</xs:element>
@@ -48,7 +49,6 @@
<xs:sequence>
<xs:element ref="duration"/>
<xs:element ref="test_planning"/>
<xs:element ref="report_writing"/>
<xs:element ref="report_due"/>
<xs:element ref="nature"/>
<xs:element ref="type"/>
@@ -126,9 +126,18 @@
</xs:sequence>
<xs:attribute name="id" use="required" type="xs:ID"/>
<xs:attribute ref="visibility" use="optional"/>
<xs:attribute ref="xml:lang"/>
</xs:complexType>
</xs:element>
<xs:complexType name="block" mixed="true">
<xs:choice maxOccurs="unbounded">
<xs:group ref="inline-all"/>
<xs:group ref="placeholders"/>
</xs:choice>
<xs:attribute ref="xml:base"/>
</xs:complexType>
<xs:element name="generate_testteam">
<xs:complexType/>
</xs:element>
@@ -158,6 +167,7 @@
<xs:attribute ref="break" use="optional"/>
<xs:attribute ref="visibility" use="optional"/>
<xs:attribute ref="xml:base"/>
<xs:attribute ref="xml:lang"/>
</xs:complexType>
</xs:element>
@@ -186,11 +196,31 @@
<xs:element name="generate_recommendations">
<xs:complexType>
<xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
<xs:attribute name="status" use="optional">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="new"/>
<xs:enumeration value="resolved"/>
<xs:enumeration value="unresolved"/>
<xs:enumeration value="not_retested"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="generate_findings">
<xs:complexType>
<xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
<xs:attribute name="status" use="optional">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="new"/>
<xs:enumeration value="resolved"/>
<xs:enumeration value="unresolved"/>
<xs:enumeration value="not_retested"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="finding">
@@ -225,6 +255,16 @@
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="status" use="optional">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="new"/>
<xs:enumeration value="resolved"/>
<xs:enumeration value="unresolved"/>
<xs:enumeration value="not_retested"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="type" use="required"/>
<xs:attribute name="break" use="optional">
<xs:simpleType>
@@ -305,14 +345,6 @@
</xs:complexType>
</xs:element>
<xs:complexType name="block" mixed="true">
<xs:choice maxOccurs="unbounded">
<xs:group ref="inline-all"/>
<xs:group ref="placeholders"/>
</xs:choice>
<xs:attribute ref="xml:base"/>
</xs:complexType>
<!-- Placeholders -->
<xs:group name="placeholders">
<xs:choice>

BIN
xml/graphics/omemog1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 147 KiB

BIN
xml/graphics/omemog2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
xml/graphics/omemog3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

79
xml/source/contract.xml Normal file
View File

@@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8"?>
<contract xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xsi:noNamespaceSchemaLocation="../dtd/contract.xsd"
xml:lang="en">
<meta>
<xi:include href="snippets/company_info.xml"/>
<scope>
<contract_type>fixed_term</contract_type>
<!-- single_engagement or fixed_term -->
<engagement_description>battle the pirates</engagement_description>
<!-- [NOTE: only needed for SINGLE ENGAGEMENT type contract, value is ignored otherwise] -->
<secondpartyrole>Consultant</secondpartyrole>
<!-- what contractor will be referred to throughout the contract. Can be anything, but should probably be Consultant or Consultancy company. When in doubt, leave as is. -->
</scope>
<contractor sex="M"><!-- (M|F|O) (O for other) --> <!-- this info is used to select the correct pronoun, not for profiling :) -->
<name>Peter Pan</name>
<ctcompany>Lost Boys Inc.</ctcompany>
<!-- delete element in case of freelancer without company -->
<address>Cloud 9</address>
<postal_code>1234 XX</postal_code>
<city>Treehouse City</city>
<country>Neverland</country>
<email>peter@pan.tech</email>
<hourly_fee denomination="eur">50</hourly_fee>
<!-- (eur|gbp|usd) -->
</contractor>
<work>
<activities><!-- add/delete activity elements as necessary -->
<activity>Taunting Captain Hook</activity>
<activity>Feeding crocodiles</activity>
<activity>Flying to and fro ('to' and 'fro' to be specified at takeoff)</activity>
</activities>
<start_date>2016-08-18</start_date>
<end_date>2016-09-15</end_date>
<planning><!-- amount of work to be done between the start and end date -->
<hours>30</hours>
<!-- non-negative integer, used for planned working hours over total engagement (for SINGLE ENGAGEMENT contract) or over each period in <per> (for FIXED TIME contract) -->
<per>month</per>
<!-- (month|week) [NOTE: only used for FIXED TIME contract, value is ignored otherwise] -->
</planning>
</work>
</meta>
<section>
<title>security consulting agreement</title>
<xi:include href="snippets/contract/en/parties.xml"/>
<p>WHEREAS:</p>
<ol type="A">
<xi:include href="snippets/contract/en/wa_contractorcan.xml"/>
<xi:include href="snippets/contract/en/wa_noemploymentintention.xml"/>
</ol>
<!--Agreement section-->
<section>
<title>agree as follows</title>
<ol type="1">
<xi:include href="snippets/contract/en/ag_period.xml"/>
<xi:include href="snippets/contract/en/ag_noemployment.xml"/>
<xi:include href="snippets/contract/en/ag_companyinstructs.xml"/>
<xi:include href="snippets/contract/en/ag_ownrisk.xml"/>
<xi:include href="snippets/contract/en/ag_workinghours.xml"/>
<xi:include href="snippets/contract/en/ag_payment_fixed_term.xml"/>
<xi:include href="snippets/contract/en/ag_biggerscopewarning.xml"/>
<xi:include href="snippets/contract/en/ag_propertyrights.xml"/>
<xi:include href="snippets/contract/en/ag_retainrights.xml"/>
<xi:include href="snippets/contract/en/ag_nondisclosure.xml"/>
<xi:include href="snippets/contract/en/ag_responsibilities.xml"/>
<xi:include href="snippets/contract/en/ag_thirdparty.xml"/>
<xi:include href="snippets/contract/en/ag_liability.xml"/>
<xi:include href="snippets/contract/en/ag_provisions.xml"/>
<xi:include href="snippets/contract/en/ag_generaltermsandconditions.xml"/>
</ol>
</section>
<section>
<title>Signed in duplicate on August 18, 2016 in</title>
<generate_contract_signature_box/>
</section>
</section>
</contract>

36
xml/source/contract_info_sample.xml Normal file
View File

@@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<contract_info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" xsi:noNamespaceSchemaLocation="../dtd/contract_info.xsd" xml:lang="en">
<!-- WARNING:
Please note that the PenText creators make no claims regarding the validity of the contract generated by filling in the elements below and generating the pdf using the PenText system.
The contract snippets in this repo are provided as an example and should not be used for official contracts. It is the responsibility of the end user to edit the contract snippets and code so that the resulting contract is valid and watertight in the context of their own business operations and legal system. -->
<xi:include href="snippets/company_info.xml"/>
<scope>
<contract_type>fixed_term</contract_type><!-- single_engagement or fixed_term -->
<engagement_description>battle the pirates</engagement_description><!-- [NOTE: only needed for SINGLE ENGAGEMENT type contract, value is ignored otherwise] -->
<secondpartyrole>Consultant</secondpartyrole><!-- what contractor will be referred to throughout the contract. Can be anything, but should probably be Consultant or Consultancy company. When in doubt, leave as is. -->
</scope>
<contractor sex="M"><!-- (M|F|O) (O for other) --> <!-- this info is used to select the correct pronoun, not for profiling :) -->
<name>Peter Pan</name>
<ctcompany>Lost Boys Inc.</ctcompany><!-- delete element in case of freelancer without company -->
<address>Cloud 9</address>
<postal_code>1234 XX</postal_code>
<city>Treehouse City</city>
<country>Neverland</country>
<email>peter@pan.tech</email>
<hourly_fee denomination="eur">50</hourly_fee><!-- (eur|gbp|usd) -->
</contractor>
<work>
<activities><!-- add/delete activity elements as necessary -->
<activity>Taunting Captain Hook</activity>
<activity>Feeding crocodiles</activity>
<activity>Flying to and fro ('to' and 'fro' to be specified at takeoff)</activity>
</activities>
<start_date>2016-08-18</start_date>
<end_date>2016-09-15</end_date>
<planning><!-- amount of work to be done between the start and end date -->
<hours>30</hours><!-- non-negative integer, used for planned working hours over total engagement (for SINGLE ENGAGEMENT contract) or over each period in <per> (for FIXED TIME contract) -->
<per>month</per><!-- (month|week) [NOTE: only used for FIXED TIME contract, value is ignored otherwise] -->
</planning>
</work>
</contract_info>

1502
xml/source/document.xml Normal file
View File

File diff suppressed because it is too large Load Diff

20
xml/source/invoice.xml Normal file
View File

@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<invoice xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:fo="http://www.w3.org/1999/XSL/Format"
xsi:noNamespaceSchemaLocation="../dtd/invoice.xsd"
date="2016-08-25"
invoice_no="00/000"
denomination="euro">
<meta>
<xi:include href="snippets/company_info.xml"/>
<xi:include href="client_info.xml"/>
</meta>
<servicesdelivered>
<service>
<description>6-day penetration test Sitting Duck</description>
<fee>100</fee>
</service>
</servicesdelivered>
</invoice>

73
xml/source/offerte.xml Normal file
View File

@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8"?>
<offerte xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:fo="http://www.w3.org/1999/XSL/Format"
xsi:noNamespaceSchemaLocation="../dtd/offerte.xsd"
xml:lang="en"><!--document meta information; to be filled in by the offerte writer-->
<meta>
<offered_service_long>penetration testing services</offered_service_long>
<!--if there is a shorter way of saying the same thing, you can type it here (it makes for more dynamic offerte text). If not, just repeat the long name.-->
<offered_service_short>penetration test</offered_service_short>
<xi:include href="snippets/company_info.xml"/>
<targets><!--one target element per target-->
<target>dsfsd</target>
<target>adfsd</target>
</targets>
<permission_parties>
<xi:include href="client_info.xml"/>
<party>
<full_name>dafaf</full_name>
<short_name>dad</short_name>
<!-- Name of the person who will need to sign the waiver for this vendor -->
<waiver_rep>sgf</waiver_rep>
<address>fsgf</address>
<city>sgf</city>
<country>sfgsfg</country>
</party>
</permission_parties>
<pentestinfo>
<duration>6</duration>
<!--duration of pentest, in working days-->
<test_planning>TBD</test_planning>
<!--date or date range in text, e.g. May 18th until May 25th, 2015-->
<report_due>TBD</report_due>
<!--date or date range in text, e.g. May 18th until May 25th, 2015-->
<nature>time-boxed</nature>
<type>crystal-box</type>
<!--please choose one of the following: black-box, grey-box, crystal-box-->
<fee denomination="euro">100</fee>
<!--(euro|dollar)-->
</pentestinfo>
<version_history><!--needed for date on frontpage and in signature boxes; it is possible to add a new <version> after each review; in that case, make sure to update the date/time-->
<version number="auto" date="2016-08-25T10:00:00"><!--actual date-time here; you can leave the number attribute alone-->
<v_author>ROS Writer</v_author>
<!--name of the author here; for internal use only-->
<v_description>Initial draft</v_description>
<!--for internal use only-->
</version>
</version_history>
</meta>
<!--Introduction and Scope-->
<xi:include href="snippets/offerte/en/introandscope.xml"/>
<!--Project overview section-->
<xi:include href="snippets/offerte/en/projectoverview.xml"/>
<!--Prerequisites section-->
<xi:include href="snippets/offerte/en/prerequisites.xml"/>
<!--Disclaimer section-->
<xi:include href="snippets/offerte/en/disclaimer.xml"/>
<!--Methodology section-->
<xi:include href="snippets/offerte/en/methodology.xml"/>
<xi:include href="snippets/offerte/en/codeauditmethodology.xml"/>
<xi:include href="snippets/offerte/en/teamandreporting.xml"/>
<!--Planning and payment section-->
<xi:include href="snippets/offerte/en/planningandpayment.xml"/>
<!--About Us section-->
<xi:include href="snippets/offerte/en/aboutus.xml"/>
<!--Work condition section-->
<xi:include href="snippets/offerte/en/conditions.xml"/>
<!--General terms and conditions section-->
<xi:include href="snippets/offerte/en/generaltermsandconditions.xml"/>
<!--Waivers-->
<xi:include href="snippets/offerte/en/waiver.xml"/>
</offerte>

58
xml/source/quickscope_sample.xml Normal file
View File

@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<quickscope xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xml="http://www.w3.org/XML/1998/namespace">
<!-- Today's date -->
<version date="2015-01-01"/>
<!-- YYYY-MM-DD -->
<!-- COMPANY INFO -->
<xi:include href="client_info.xml"/>
<!-- SERVICE INFO -->
<meta>
<!-- Language the offer should be in (en|nl) -->
<offer_language>en</offer_language>
<!-- Offer type (pentest|basic-scan|load-test|other) -->
<offer_type>pentest</offer_type>
<!-- Required service -->
<!-- Note: is only used when type is 'other', if offer_type is a specific type, service name will be taken from the localisation strings -->
<requested_service>penetration testing services</requested_service>
<!-- Which targets will need to be tested?
(one <target> element for each piece of software/service/server address/location...), delete/add as necessary -->
<targets>
<target>dsfsd</target>
<target>adfsd</target>
</targets>
</meta>
<!-- Some information about any third parties involved with the software/service to be tested, if applicable.
If not applicable, delete the whole <third_party> element. If more parties are needed, add <third_party> elements -->
<third_party>
<full_name>dafaf</full_name>
<short_name>dad</short_name>
<!-- Name of the person who will need to sign the waiver for this vendor -->
<waiver_rep>sgf</waiver_rep>
<address>fsgf</address>
<city>sgf</city>
<country>sfgsfg</country>
</third_party>
<pentest_info>
<!-- How long would you like the test to be? (in days) -->
<days>6</days>
<!-- Service execution (Use one of the following values: time-boxed, subscription) -->
<nature>time-boxed</nature>
<!-- Testing type (Use one of the following values: crystal-box, black-box, grey-box) -->
<type>crystal-box</type>
<!-- Test planning (when would you like the test to be executed -->
<!-- Ideally something specific like 'December 7th - December 12th, 2015', but another description 'Beginning of December' is fine as well -->
<!-- do not start with a capital letter -->
<planning>TBD</planning>
<!-- Pentest report delivery date (please allow at least 1 week between the end of the pentest and the report delivery date) -->
<delivery>TBD</delivery>
<!-- Do you need/want a code audit? (possible values: yes/no), only for pentest -->
<codeaudit perform="yes"/>
<!-- rate (to be filled in by ROS ;) -->
<rate>100</rate>
</pentest_info>
</quickscope>

120
xml/source/report.xml Normal file
View File

@@ -0,0 +1,120 @@
<?xml version="1.0" encoding="UTF-8"?>
<pentest_report xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:fo="http://www.w3.org/1999/XSL/Format"
xsi:noNamespaceSchemaLocation="../dtd/pentestreport.xsd"
xml:lang="en"
findingCode="XXX">
<meta>
<title>Penetration Test Report</title>
<xi:include href="client_info.xml"/>
<targets><!--one target element per target-->
<target>dsfsd</target>
<target>adfsd</target>
</targets>
<collaborators>
<reviewers>
<reviewer>FirstName LastName</reviewer>
</reviewers>
<approver>
<name>Melanie Rieback</name>
<bio>Melanie Rieback is a former Asst. Prof. of Computer Science from the
VU, who is also the co-founder/CEO of Radically Open Security.</bio>
</approver>
<pentesters>
<pentester>
<name>FirstName LastName</name>
<bio>Info</bio>
</pentester>
</pentesters>
</collaborators>
<classification>Confidential</classification>
<version_history><!--needed for date on frontpage and in signature boxes; it is possible to add a new <version> after each review; in that case, make sure to update the date/time-->
<version number="auto" date="2016-08-25T10:00:00"><!--actual date-time here; you can leave the number attribute alone-->
<v_author>ROS Writer</v_author>
<!--name of the author here; for internal use only-->
<v_description>Initial draft</v_description>
<!--for internal use only-->
</version>
</version_history>
<xi:include href="snippets/company_info.xml"/>
</meta>
<generate_index/>
<section id="executiveSummary">
<title>Executive Summary</title>
<section id="introduction">
<title>Introduction</title>
<p>...</p>
<p>This report contains our findings as well as detailed explanations of exactly
how ROS performed the penetration test.</p>
</section>
<section id="scope">
<title>Scope of work</title>
<p>The scope of the penetration test was limited to the following target:</p>
<generate_targets/>
</section>
<section id="objectives">
<title>Project objectives</title>
<p>...</p>
</section>
<section id="timeline">
<title>Timeline</title>
<p>The Security Audit took place between X and Y, 2016.</p>
</section>
<xi:include href="resultsinanutshell.xml"/>
<section id="findingSummary">
<title>Summary of Findings</title>
<generate_findings/>
<!-- generated from Findings section -->
</section>
<section id="recommendationSummary">
<title>Summary of Recommendations</title>
<generate_recommendations/>
<!-- generated from Findings section -->
</section>
</section>
<xi:include href="snippets/report/methodology.xml"/>
<section id="recon">
<title>Reconnaissance and Fingerprinting</title>
<p>Through automated scans we were able to gain the following information about the
software and infrastructure. Detailed scan output can be found in the sections
below.</p>
<section id="scans">
<title>Automated Scans</title>
<p>As part of our active reconnaissance we used the following automated
scans:</p>
<ul><!--analyze_hosts - https://github.com/PeterMosmans/security-scripts-->
<li>nmap <a href="http://nmap.org">http://nmap.org</a>
</li>
<!--OWASP Zed Attack Proxy - https://github.com/zaproxy/zaproxy Skipfish https://code.google.com/p/skipfish/ sqlmap https://github.com/sqlmapproject/sqlmap testssl.sh
https://github.com/drwetter/testssl.sh-->
</ul>
</section>
</section>
<section id="techSummary">
<title>Pentest Technical Summary</title>
<section id="findings">
<title>Findings</title>
<p>We have identified the following issues:</p>
<!-- Listing of Findings (written by pentesters) -->
<!-- Extreme -->
<!-- High -->
<!-- Moderate -->
<!-- Elevated -->
<!-- Low -->
</section>
<section id="nonFindings">
<title>Non-Findings</title>
<p>In this section we list some of the things that were tried but turned out to
be dead ends.</p>
</section>
<!-- Listing of Non-Findings (written by pentesters) -->
</section>
<xi:include href="futurework.xml"/>
<xi:include href="conclusion.xml"/>
<appendix id="testteam">
<title>Testing team</title>
<generate_testteam/>
</appendix>
</pentest_report>

2
xml/source/snippets/contract/en/ag_biggerscopewarning.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>If during the course of the Activities, there is a risk that the scope of the assignment is bigger than expected, the <secondpartyrole/> will let <company_short/> know without delay.</li>

2
xml/source/snippets/contract/en/ag_companyinstructs.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> instructs (in Dutch: "<i>wijst aan</i>"; not "<i>instrueert</i>") the <secondpartyrole/> and the <secondpartyrole/> agrees to perform the following activities (the “<b>Activities</b>”): <contract_activities/></li>

2
xml/source/snippets/contract/en/ag_generaltermsandconditions.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The general terms and conditions of <company_short/> apply to this agreement. <company_short/> rejects any general terms and conditions used by the <secondpartyrole/>.</li>

2
xml/source/snippets/contract/en/ag_law.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>Dutch law applies to this agreement. Any dispute between <company_short/> and <secondpartyrole/> will be resolved in the first instance exclusively by the District Court (in Dutch: “<i>rechtbank</i>”) of Amsterdam, the Netherlands.</li>

2
xml/source/snippets/contract/en/ag_liability.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>Unless a result of gross negligence or willful misconduct, the liability of either party to the other for any type of damages is limited to the amount of <secondpartyrole/>'s total fees under Article 5 of this agreement.</li>

3
xml/source/snippets/contract/en/ag_noemployment.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> and the <secondpartyrole/> explicitly do not intend to enter into an employment agreement (in Dutch: “<i>arbeidsovereenkomst</i>”) as in Article 7:610 Burgerlijk Wetboek. The <secondpartyrole/> guarantees he shall never claim an employment agreement exists.
</li>

2
xml/source/snippets/contract/en/ag_nondisclosure.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> will not disclose confidential information and personal data <contractor_personal_pronoun/> receives from <company_short/>, or gains access to in the course of the Activities. The <secondpartyrole/> will only use this information or data for the purposes of carrying out this agreement. The <secondpartyrole/> will take reasonable measures to maintain the confidentiality of this information and data. The <secondpartyrole/> may disclose this information and data on a need-to-know basis, and only to persons associated with <company_short/> as employee, freelancer or volunteer and only if the <secondpartyrole/> knows that they are bound by the same confidentiality obligations.</li>

2
xml/source/snippets/contract/en/ag_ownrisk.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> is working at his or her own risk (in Dutch: “<i>voor eigen rekening en risico</i>”). The <secondpartyrole/> is free to perform the Activities at his or her own discretion (in Dutch: “<i>naar eigen inzicht</i>”) and independently. The <secondpartyrole/> will use his own resources and tools to perform the Activities for <company_short/>.</li>

3
xml/source/snippets/contract/en/ag_payment_fixed_term.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><p><company_short/> will pay the <secondpartyrole/> <contractor_hourly_fee/> per hour excluding VAT. It will do so after <company_short/> has received an invoice from the <secondpartyrole/>. The <secondpartyrole/> will send an invoice within 14 days after the end of each calendar month for the Activities performed during that month.</p>
<p><company_short/> will then pay the agreed amount within 30 days of receipt of the invoice. <company_short/> will also pay reasonable travel expenses of the <secondpartyrole/>, to the extent that <company_short/> has given prior written approval for such costs and the <secondpartyrole/> provides <company_short/> with an invoice or other documentation for these expenses. <company_short/> will not reimburse any other costs the <secondpartyrole/> incurs in the course of the Activities, unless <company_short/> has given prior written approval for such costs. For the avoidance of doubt, <company_short/> shall pay no wages (in Dutch: "<i>salaris</i>") to the <secondpartyrole/> and therefore, <company_short/> shall not provide payslips to the <secondpartyrole/>, nor pay to the <secondpartyrole/> any money or allowance in the event of a holiday or illness of the <secondpartyrole/>.</p></li>

3
xml/source/snippets/contract/en/ag_payment_single_engagement.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><p><company_short/> will pay the <secondpartyrole/> for a <contract_planned_hours/>-hour engagement: <contractor_hourly_fee/> per hour excluding VAT, therefore totaling <contract_total_fee/> excluding VAT. It will do so after <company_short/> has been paid for the assignment in the context of which the Activities took place and has received an invoice from the <secondpartyrole/>. The <secondpartyrole/> will send an invoice within 14 days after the end of each calendar month for the Activities performed during that month.</p>
<p><company_short/> will then pay the agreed amount within 30 days of receipt of the invoice. <company_short/> will also pay reasonable travel expenses of the <secondpartyrole/>, to the extent that <company_short/> has given prior written approval for such costs and the <secondpartyrole/> provides <company_short/> with an invoice or other documentation for these expenses. <company_short/> will not reimburse any other costs the <secondpartyrole/> incurs in the course of the Activities, unless <company_short/> has given prior written approval for such costs. For the avoidance of doubt, <company_short/> shall pay no wages (in Dutch: "<i>salaris</i>") to the <secondpartyrole/> and therefore, <company_short/> shall not provide payslips to the <secondpartyrole/>, nor pay to the <secondpartyrole/> any money or allowance in the event of a holiday or illness of the <secondpartyrole/>.</p></li>

4
xml/source/snippets/contract/en/ag_period.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><p>This contract shall be effective as of <contract_start_date/> for the period of <contract_period/>. This contract will end by operation of law on <contract_end_date/> without any notice being required.</p>
<p>In case of tacit extension of this contract, the parties agree to do so for the same term and on the same conditions. Either party is entitled to give notice of termination of the contract with immediate effect. Notice of termination should be given by email. (To <company_short/>: <company_email/>; to the <secondpartyrole/>: <contractor_email/>) The other party will confirm the termination by return.</p>
<p>Premature termination shall not give rise to liability or financial compensation for either party.</p></li>

2
xml/source/snippets/contract/en/ag_propertyrights.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> transfers to <company_short/> all intellectual property rights created as a result of the Activities. To the extent that it is not possible to transfer these rights, <contractor_personal_pronoun/> grants to <company_short/> a perpetual, exclusive transferable, sub-licensable, world-wide license to such rights, and agrees to co-operate with the transfer of these rights to <company_short/>. To the extent that the <secondpartyrole/> has transferred these rights to <company_short/>, <company_short/> grants a perpetual, non-exclusive, non-transferable, not-sub-licensable, world-wide license to such rights to the <secondpartyrole/>, unless <company_short/> considers this impossible, due to obligations <company_short/> might have vis-à-vis others. In that case, <company_short/> will explore whether it is possible to grant to the <secondpartyrole/> a license on the rights with a narrower scope. For the avoidance of doubt, any rights of the <secondpartyrole/> vested in software or services developed prior to the Activities are not affected by this agreement.</li>

2
xml/source/snippets/contract/en/ag_provisions.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>If any of the provisions of this agreement is annulled or void, the other provisions remain in effect. To the extent possible, the annulled or void provision will be replaced by a similar provision that has the same effect.</li>

12
xml/source/snippets/contract/en/ag_responsibilities.xml Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> is responsible: <ul><li>for ensuring that any work performed in the course of
this agreement is lawful (in Dutch: “<i>rechtmatig</i>”) and not illegal (in Dutch: “<i>niet
strafbaar</i>”);</li>
<li>for ensuring that by performing the Activities, <contractor_personal_pronoun/> does not act contrary to a
non-compete- or a confidentiality obligation <contractor_personal_pronoun/> may have. If there is a risk that
the <secondpartyrole/> will act contrary to such an obligation, <contractor_personal_pronoun/> will inform <company_short/>
without delay. <company_short/> then has the right to terminate the agreement without
compensation;</li>
<li>and for paying any applicable taxes and social security premiums following from the
Activities. Should <company_short/> have to pay any of these, the <secondpartyrole/> will indemnify
<company_short/>.</li></ul></li>

2
xml/source/snippets/contract/en/ag_retainrights.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> retains all intellectual property rights <contractor_personal_pronoun/> owns prior to this agreement.</li>

2
xml/source/snippets/contract/en/ag_thirdparty.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>Should a third party lodge a claim against <company_short/> or any of its employees, freelancers or volunteers, or the public prosecutor initiate an investigation or criminal proceedings against any of these parties, as a result of activities performed by the <secondpartyrole/> under this agreement, then the <secondpartyrole/> will co-operate fully with <company_short/> in defending against this claim, investigation or these proceedings, including by providing any evidence he or she has which may be relevant to this defense.</li>

2
xml/source/snippets/contract/en/ag_workinghours.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The agreed working hours shall amount to <contract_planned_hours/> hours per <contract_period_unit/>. The <secondpartyrole/> may be expected to perform overtime outside the established working hours whenever this is necessary for the proper performance of the Activites.</li>

2
xml/source/snippets/contract/en/ag_worktime.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> will perform the Activities from <contract_start_date/> up to and including <contract_end_date/>.</li>

6
xml/source/snippets/contract/en/parties.xml Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<div><p><u><b><company_long/></b></u>, located at <company_address/>, <company_postalcode/>, <company_city/>, represented by <company_poc1/> (“<b><company_short/></b>”);</p>
<p>AND</p>
<p><u><b><contractor_name/><!-- this might include the company in parentheses; if you don't want the company in here, remove the <ctcompany> element from contract_info.xml --></b></u>, with <contractor_possessive_pronoun/> address at <contractor_address/>, <contractor_postalcode/>, <contractor_city/>, <contractor_country/> (the “<b><secondpartyrole/></b>”);</p></div>

2
xml/source/snippets/contract/en/wa_companyhasasked.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> has asked the <secondpartyrole/> to assist with this.</li>

2
xml/source/snippets/contract/en/wa_companywants.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> wants to <engagement_description/>.</li>

2
xml/source/snippets/contract/en/wa_contractorcan.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> is willing and able to perform the activities mentioned hereafter.</li>

2
xml/source/snippets/contract/en/wa_noemploymentintention.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> and the <secondpartyrole/> have no intention whatsoever to agree upon an employment agreement and this agreement is only drafted to enable the <secondpartyrole/> to perform incidental activities for <company_short/>. <company_short/> and the <secondpartyrole/> explicitly confirm that this agreement does not qualify as an employment agreement. The <secondpartyrole/> is free to perform work for other parties, and in fact does so on a regular basis.</li>

2
xml/source/snippets/contract/nl/ag_biggerscopewarning.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>If during the course of the Activities, there is a risk that the scope of the assignment is bigger than expected, the <secondpartyrole/> will let <company_short/> know without delay.</li>

2
xml/source/snippets/contract/nl/ag_companyinstructs.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> instructs (in Dutch: "<i>wijst aan</i>"; not "<i>instrueert</i>") the <secondpartyrole/> and the <secondpartyrole/> agrees to perform the following activities (the “<b>Activities</b>”): <contract_activities/></li>

2
xml/source/snippets/contract/nl/ag_generaltermsandconditions.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The general terms and conditions of <company_short/> apply to this agreement. <company_short/> rejects any general terms and conditions used by the <secondpartyrole/>.</li>

2
xml/source/snippets/contract/nl/ag_law.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>Dutch law applies to this agreement. Any dispute between <company_short/> and <secondpartyrole/> will be resolved in the first instance exclusively by the District Court (in Dutch: “<i>rechtbank</i>”) of Amsterdam, the Netherlands.</li>

2
xml/source/snippets/contract/nl/ag_liability.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>Unless a result of gross negligence or willful misconduct, the liability of either party to the other for any type of damages is limited to the amount of <secondpartyrole/>'s total fees under Article 5 of this agreement.</li>

3
xml/source/snippets/contract/nl/ag_noemployment.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> and the <secondpartyrole/> explicitly do not intend to enter into an employment agreement (in Dutch: “<i>arbeidsovereenkomst</i>”) as in Article 7:610 Burgerlijk Wetboek. The <secondpartyrole/> guarantees he shall never claim an employment agreement exists.
</li>

2
xml/source/snippets/contract/nl/ag_nondisclosure.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> will not disclose confidential information and personal data <contractor_personal_pronoun/> receives from <company_short/>, or gains access to in the course of the Activities. The <secondpartyrole/> will only use this information or data for the purposes of carrying out this agreement. The <secondpartyrole/> will take reasonable measures to maintain the confidentiality of this information and data. The <secondpartyrole/> may disclose this information and data on a need-to-know basis, and only to persons associated with <company_short/> as employee, freelancer or volunteer and only if the <secondpartyrole/> knows that they are bound by the same confidentiality obligations.</li>

2
xml/source/snippets/contract/nl/ag_ownrisk.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> is working at his or her own risk (in Dutch: “<i>voor eigen rekening en risico</i>”). The <secondpartyrole/> is free to perform the Activities at his or her own discretion (in Dutch: “<i>naar eigen inzicht</i>”) and independently. The <secondpartyrole/> will use his own resources and tools to perform the Activities for <company_short/>.</li>

3
xml/source/snippets/contract/nl/ag_payment_fixed_term.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><p><company_short/> will pay the <secondpartyrole/> <contractor_hourly_fee/> per hour excluding VAT. It will do so after <company_short/> has received an invoice from the <secondpartyrole/>. The <secondpartyrole/> will send an invoice within 14 days after the end of each calendar month for the Activities performed during that month.</p>
<p><company_short/> will then pay the agreed amount within 30 days of receipt of the invoice. <company_short/> will also pay reasonable travel expenses of the <secondpartyrole/>, to the extent that <company_short/> has given prior written approval for such costs and the <secondpartyrole/> provides <company_short/> with an invoice or other documentation for these expenses. <company_short/> will not reimburse any other costs the <secondpartyrole/> incurs in the course of the Activities, unless <company_short/> has given prior written approval for such costs. For the avoidance of doubt, <company_short/> shall pay no wages (in Dutch: "<i>salaris</i>") to the <secondpartyrole/> and therefore, <company_short/> shall not provide payslips to the <secondpartyrole/>, nor pay to the <secondpartyrole/> any money or allowance in the event of a holiday or illness of the <secondpartyrole/>.</p></li>

3
xml/source/snippets/contract/nl/ag_payment_single_engagement.xml Normal file
View File

@@ -0,0 +1,3 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><p><company_short/> will pay the <secondpartyrole/> for a <contract_planned_hours/>-hour engagement: <contractor_hourly_fee/> per hour excluding VAT, therefore totaling <contract_total_fee/> excluding VAT. It will do so after <company_short/> has been paid for the assignment in the context of which the Activities took place and has received an invoice from the <secondpartyrole/>. The <secondpartyrole/> will send an invoice within 14 days after the end of each calendar month for the Activities performed during that month.</p>
<p><company_short/> will then pay the agreed amount within 30 days of receipt of the invoice. <company_short/> will also pay reasonable travel expenses of the <secondpartyrole/>, to the extent that <company_short/> has given prior written approval for such costs and the <secondpartyrole/> provides <company_short/> with an invoice or other documentation for these expenses. <company_short/> will not reimburse any other costs the <secondpartyrole/> incurs in the course of the Activities, unless <company_short/> has given prior written approval for such costs. For the avoidance of doubt, <company_short/> shall pay no wages (in Dutch: "<i>salaris</i>") to the <secondpartyrole/> and therefore, <company_short/> shall not provide payslips to the <secondpartyrole/>, nor pay to the <secondpartyrole/> any money or allowance in the event of a holiday or illness of the <secondpartyrole/>.</p></li>

4
xml/source/snippets/contract/nl/ag_period.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><p>This contract shall be effective as of <contract_start_date/> for the period of <contract_period/><!-- note: period can only be computed in years/months (for periods longer than a month) or days (for periods shorter than a month). If the period is e.g. 1 month and 14 days, this value will NOT be correct and must be added manually -->. This contract will end by operation of law on <contract_end_date/> without any notice being required.</p>
<p>In case of tacit extension of this contract, the parties agree to do so for the same term and on the same conditions. Either party is entitled to give notice of termination of the contract with immediate effect. Notice of termination should be given by email. (To <company_short/>: <company_email/>; to the <secondpartyrole/>: <contractor_email/>) The other party will confirm the termination by return.</p>
<p>Premature termination shall not give rise to liability or financial compensation for either party.</p></li>

2
xml/source/snippets/contract/nl/ag_propertyrights.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> transfers to <company_short/> all intellectual property rights created as a result of the Activities. To the extent that it is not possible to transfer these rights, <contractor_personal_pronoun/> grants to <company_short/> a perpetual, exclusive transferable, sub-licensable, world-wide license to such rights, and agrees to co-operate with the transfer of these rights to <company_short/>. To the extent that the <secondpartyrole/> has transferred these rights to <company_short/>, <company_short/> grants a perpetual, non-exclusive, non-transferable, not-sub-licensable, world-wide license to such rights to the <secondpartyrole/>, unless <company_short/> considers this impossible, due to obligations <company_short/> might have vis-à-vis others. In that case, <company_short/> will explore whether it is possible to grant to the <secondpartyrole/> a license on the rights with a narrower scope. For the avoidance of doubt, any rights of the <secondpartyrole/> vested in software or services developed prior to the Activities are not affected by this agreement.</li>

2
xml/source/snippets/contract/nl/ag_provisions.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>If any of the provisions of this agreement is annulled or void, the other provisions remain in effect. To the extent possible, the annulled or void provision will be replaced by a similar provision that has the same effect.</li>

12
xml/source/snippets/contract/nl/ag_responsibilities.xml Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> is responsible: <ul><li>for ensuring that any work performed in the course of
this agreement is lawful (in Dutch: “<i>rechtmatig</i>”) and not illegal (in Dutch: “<i>niet
strafbaar</i>”);</li>
<li>for ensuring that by performing the Activities, <contractor_personal_pronoun/> does not act contrary to a
non-compete- or a confidentiality obligation <contractor_personal_pronoun/> may have. If there is a risk that
the <secondpartyrole/> will act contrary to such an obligation, <contractor_personal_pronoun/> will inform <company_short/>
without delay. <company_short/> then has the right to terminate the agreement without
compensation;</li>
<li>and for paying any applicable taxes and social security premiums following from the
Activities. Should <company_short/> have to pay any of these, the <secondpartyrole/> will indemnify
<company_short/>.</li></ul></li>

2
xml/source/snippets/contract/nl/ag_retainrights.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> retains all intellectual property rights <contractor_personal_pronoun/> owns prior to this agreement.</li>

2
xml/source/snippets/contract/nl/ag_thirdparty.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>Should a third party lodge a claim against <company_short/> or any of its employees, freelancers or volunteers, or the public prosecutor initiate an investigation or criminal proceedings against any of these parties, as a result of activities performed by the <secondpartyrole/> under this agreement, then the <secondpartyrole/> will co-operate fully with <company_short/> in defending against this claim, investigation or these proceedings, including by providing any evidence he or she has which may be relevant to this defense.</li>

2
xml/source/snippets/contract/nl/ag_workinghours.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The agreed working hours shall amount to <contract_planned_hours/> hours per <contract_period_unit/>. The <secondpartyrole/> may be expected to perform overtime outside the established working hours whenever this is necessary for the proper performance of the Activites.</li>

2
xml/source/snippets/contract/nl/ag_worktime.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> will perform the Activities from <contract_start_date/> up to and including <contract_end_date/>.</li>

6
xml/source/snippets/contract/nl/parties.xml Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<div><p><u><b><company_long/></b></u>, met adres <company_address/>, <company_postalcode/>, <company_city/>, vertegenwoordigd door <company_poc1/> (“<b><company_short/></b>”);</p>
<p>EN</p>
<p><u><b><contractor_name/></b></u>, met <contractor_possessive_pronoun/> adres op <contractor_address/>, <contractor_postalcode/>, <contractor_city/>, <contractor_country/> (de “<b><secondpartyrole/></b>”);</p></div>

2
xml/source/snippets/contract/nl/wa_companyhasasked.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> has asked the <secondpartyrole/> to assist with this.</li>

2
xml/source/snippets/contract/nl/wa_companywants.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> wants to <engagement_description/>.</li>

2
xml/source/snippets/contract/nl/wa_contractorcan.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li>The <secondpartyrole/> is willing and able to perform the activities mentioned hereafter.</li>

2
xml/source/snippets/contract/nl/wa_noemploymentintention.xml Normal file
View File

@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<li><company_short/> and the <secondpartyrole/> have no intention whatsoever to agree upon an employment agreement and this agreement is only drafted to enable the <secondpartyrole/> to perform incidental activities for <company_short/>. <company_short/> and the <secondpartyrole/> explicitly confirm that this agreement does not qualify as an employment agreement. The <secondpartyrole/> is free to perform work for other parties, and in fact does so on a regular basis.</li>

40
xml/source/snippets/localisationstrings.xml
View File

@@ -63,5 +63,45 @@
<translation xml:lang="nl">namens</translation>
<translation xml:lang="en">for</translation>
</string>
<string id="signed_dupe">
<translation xml:lang="nl">In duplicaat getekend</translation>
<translation xml:lang="en">Signed in duplicate</translation>
</string>
<string id="contract_title">
<translation xml:lang="nl">security consulting agreement</translation>
<translation xml:lang="en">security consulting agreement</translation>
</string>
<string id="contract_whereas">
<translation xml:lang="nl">in aanmerking genomen dat</translation>
<translation xml:lang="en">whereas</translation>
</string>
<string id="contract_agree">
<translation xml:lang="nl">komen het volgende overeen</translation>
<translation xml:lang="en">agree as follows</translation>
</string>
<string id="personal_m">
<translation xml:lang="nl">hij</translation>
<translation xml:lang="en">he</translation>
</string>
<string id="personal_f">
<translation xml:lang="nl">ze</translation>
<translation xml:lang="en">she</translation>
</string>
<string id="personal_o">
<translation xml:lang="nl">hen</translation>
<translation xml:lang="en">they</translation>
</string>
<string id="possessive_m">
<translation xml:lang="nl">zijn</translation>
<translation xml:lang="en">his</translation>
</string>
<string id="possessive_f">
<translation xml:lang="nl">haar</translation>
<translation xml:lang="en">her</translation>
</string>
<string id="possessive_o">
<translation xml:lang="nl">hun</translation>
<translation xml:lang="en">their</translation>
</string>
</localised_strings>

74
xml/source/snippets/snippetselection.xml Normal file
View File

@@ -0,0 +1,74 @@
<?xml version="1.0" encoding="UTF-8"?>
<snippet_selection>
<document type="offerte">
<selection subtype="pentest">
<snippet>introandscope</snippet>
<snippet>projectoverview</snippet>
</selection>
<selection subtype="basic-scan">
<snippet>introandscope</snippet>
<snippet>projectoverview</snippet>
</selection>
</document>
<document type="contract">
<selection subtype="single_engagement">
<snippet_group set="parties">
<!-- define parties in contract -->
<snippet>parties</snippet>
</snippet_group>
<snippet_group set="whereas">
<!-- define conditions -->
<snippet>wa_companywants</snippet>
<snippet>wa_companyhasasked</snippet>
<snippet>wa_contractorcan</snippet>
<snippet>wa_noemploymentintention</snippet>
</snippet_group>
<snippet_group set="agree">
<!-- define agreement -->
<snippet>ag_noemployment</snippet>
<snippet>ag_companyinstructs</snippet>
<snippet>ag_worktime</snippet>
<snippet>ag_ownrisk</snippet>
<snippet>ag_payment_single_engagement</snippet>
<snippet>ag_biggerscopewarning</snippet>
<snippet>ag_propertyrights</snippet>
<snippet>ag_retainrights</snippet>
<snippet>ag_nondisclosure</snippet>
<snippet>ag_responsibilities</snippet>
<snippet>ag_thirdparty</snippet>
<snippet>ag_liability</snippet>
<snippet>ag_provisions</snippet>
<snippet>ag_generaltermsandconditions</snippet>
</snippet_group>
</selection>
<selection subtype="fixed_term">
<snippet_group set="parties">
<!-- define parties in contract -->
<snippet>parties</snippet>
</snippet_group>
<snippet_group set="whereas">
<!-- define conditions -->
<snippet>wa_contractorcan</snippet>
<snippet>wa_noemploymentintention</snippet>
</snippet_group>
<snippet_group set="agree">
<!-- define agreement -->
<snippet>ag_period</snippet>
<snippet>ag_noemployment</snippet>
<snippet>ag_companyinstructs</snippet>
<snippet>ag_ownrisk</snippet>
<snippet>ag_workinghours</snippet>
<snippet>ag_payment_fixed_term</snippet>
<snippet>ag_biggerscopewarning</snippet>
<snippet>ag_propertyrights</snippet>
<snippet>ag_retainrights</snippet>
<snippet>ag_nondisclosure</snippet>
<snippet>ag_responsibilities</snippet>
<snippet>ag_thirdparty</snippet>
<snippet>ag_liability</snippet>
<snippet>ag_provisions</snippet>
<snippet>ag_generaltermsandconditions</snippet>
</snippet_group>
</selection>
</document>
</snippet_selection>

146
xml/source/target/report.fo
View File

File diff suppressed because one or more lines are too long

4
xml/source/target/waiver_....fo
View File

@@ -1,4 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?><fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format"><fo:layout-master-set><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Cover"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after"/></fo:simple-page-master><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Content"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after"/></fo:simple-page-master><fo:page-sequence-master master-name="Report"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="Cover" blank-or-not-blank="not-blank" page-position="first"/><fo:conditional-page-master-reference master-reference="Content" blank-or-not-blank="not-blank"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master></fo:layout-master-set><fo:page-sequence master-reference="Report"><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-before"><fo:block text-align="right" font-weight="bold"/></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-after"><fo:block text-align-last="justify"><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="black">Chamber of Commerce
60628081</fo:inline></fo:block></fo:static-content><fo:flow font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-body"><fo:block><fo:block margin-bottom="1.5cm"><fo:block font-weight="bold" keep-with-next.within-page="always" text-align="center" color="white" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">PENETRATION TESTING WAIVER</fo:block><fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold"><fo:inline text-decoration="underline">...</fo:inline> (“...”)</fo:inline>, with its registered office at ..., ..., ...
and duly represented by ....</fo:block><fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">WHEREAS:</fo:inline></fo:block><fo:block margin-bottom="10pt" line-height="18pt">A. ... wants some of its systems to be tested, Radically Open Security B.V. (“ROS”) has offered to perform such testing for and has accepted this offer. The assignment will be performed by ROS' core-team members, external freelancers, and/or volunteers (the “Consultants”).</fo:block><fo:block margin-bottom="10pt" line-height="18pt">B. Some of the activities performed by ROS and the Consultants during the course of this assignment could be considered illegal, unless ... has given permission for these activities. ROS and the Consultant will only perform such activities if they have received the required permission.</fo:block><fo:block margin-bottom="10pt" line-height="18pt">C. ... is willing to give such permission to ROS, the Consultants and any other person ROS might employ or engage for the assignment.</fo:block><fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">DECLARES AS FOLLOWS:</fo:inline></fo:block><fo:block margin-bottom="10pt" line-height="18pt">1. ... is aware that ROS will perform penetration testing services of the following systems of ..., as described below. The services are intended to gain insight in the security of these systems. To do so, ROS will access these systems, attempt to find vulnerabilities and gain further access and elevated privileges by exploiting any vulnerabilities found. ROS will test the following targets (the “<fo:inline font-weight="bold">Targets</fo:inline>”):</fo:block><fo:list-block margin-bottom="10pt" line-height="18pt" provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline>•</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>...</fo:block></fo:list-item-body></fo:list-item></fo:list-block><fo:block margin-bottom="10pt" line-height="18pt">2. ... hereby grants ROS and the Consultants on a date to be confirmed by email the broadest permission
possible to perform the assignment, including the permission to:</fo:block><fo:block margin-bottom="10pt" line-height="18pt">a. enter and use the Targets;</fo:block><fo:block margin-bottom="10pt" line-height="18pt">b. circumvent, breach, remove and turn off any security measures protecting the Targets;</fo:block><fo:block margin-bottom="10pt" line-height="18pt">c. copy, intercept, record, amend, delete, render unusable or inaccessible any data stored on, processed by or transferred via the Targets; and</fo:block><fo:block margin-bottom="10pt" line-height="18pt">d. hinder the access or use of the Targets,</fo:block><fo:block margin-bottom="10pt" line-height="18pt">but ... only grants the permission for these activities to the extent that (i) such activities are necessary to perform the assignment and (ii) such activities do not disrupt the normal business operations of ....</fo:block><fo:block margin-bottom="10pt" line-height="18pt">3. The permission under Article 1 extends to all systems on which the Targets run, or which ROS or the Consultant might encounter while performing the assignment, regardless of whether these systems are owned by third parties.</fo:block><fo:block margin-bottom="10pt" line-height="18pt">4. ... warrants that it has the legal authority to give the permission set out under Articles 1 and 2. It also warrants it has obtained the necessary permissions from any third parties referred to under Article 3.</fo:block><fo:block margin-bottom="10pt" line-height="18pt">5. Should the public prosecutor initiate an investigation or criminal proceedings against ROS or any of the consultants it engaged or employed as a result of the performance of the assignment for the customer, then ... will co-operate fully with ROS in defending against this investigation or proceedings, including by providing any evidence it has which relates to this investigation or these proceedings.</fo:block><fo:block margin-top="1.5cm" keep-together.within-page="always"><fo:table width="100%" table-layout="fixed"><fo:table-column column-width="proportional-column-width(10)"/><fo:table-column column-width="proportional-column-width(90)"/><fo:table-body><fo:table-row><fo:table-cell padding="2pt" number-rows-spanned="4"><fo:block>Signed</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">on    June 8, 2015</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">in     ...</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">by    ...</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">for    ...</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:block></fo:block><fo:block id="EndOfDoc"/></fo:flow></fo:page-sequence></fo:root>

466
xml/target/contract.fo Normal file
View File

@@ -0,0 +1,466 @@
<?xml version="1.0" encoding="UTF-8"?>
<fo:root xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:fo="http://www.w3.org/1999/XSL/Format">
<fo:layout-master-set>
<fo:simple-page-master margin-top="0.5cm" margin-bottom="1.5cm" margin-left="1.5cm"
margin-right="1.5cm" page-height="29.7cm" page-width="21.0cm" master-name="Cover">
<fo:region-body margin-top="3.6cm" margin-bottom="1cm" region-name="region-body"/>
<fo:region-before precedence="true" extent="2.7cm" region-name="region-before-cover"/>
<fo:region-after precedence="true" extent="0.6cm" padding="0"
region-name="region-after-cover"/>
</fo:simple-page-master>
<fo:simple-page-master margin-top="0.5cm" margin-bottom="1.5cm" margin-left="1.5cm"
margin-right="1.5cm" page-height="29.7cm" page-width="21.0cm" master-name="Content">
<fo:region-body margin-top="2cm" margin-bottom="1cm" region-name="region-body"/>
<fo:region-before precedence="true" extent="0.6cm" region-name="region-before-content"/>
<fo:region-after precedence="true" extent="0.6cm" padding="0"
region-name="region-after-content"/>
</fo:simple-page-master>
<fo:page-sequence-master master-name="Report">
<fo:repeatable-page-master-alternatives>
<fo:conditional-page-master-reference master-reference="Cover"
blank-or-not-blank="not-blank" page-position="first"/>
<fo:conditional-page-master-reference master-reference="Content"
blank-or-not-blank="not-blank"/>
</fo:repeatable-page-master-alternatives>
</fo:page-sequence-master>
</fo:layout-master-set>
<fo:page-sequence master-reference="Report">
<fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black"
flow-name="region-before-cover">
<fo:block><fo:table width="100%" table-layout="fixed">
<fo:table-column column-width="proportional-column-width(40)"/>
<fo:table-column column-width="proportional-column-width(20)"/>
<fo:table-column column-width="proportional-column-width(40)"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell text-align="right" display-align="after" padding-bottom="5mm">
<fo:block font-family="LiberationSansNarrow" font-size="8pt" color="black"
><fo:block font-weight="bold" color="#FF5C00">Radically Open Security
B.V.</fo:block><fo:block>Overdiemerweg 28</fo:block><fo:block>1111
PP Diemen</fo:block><fo:block>The Netherlands</fo:block></fo:block>
</fo:table-cell>
<fo:table-cell text-align="center">
<fo:block><fo:external-graphic padding-top="0cm" padding-bottom="0cm"
src="url(../graphics/logo_alt.png)" width="30mm"
content-width="scale-to-fit" content-height="scale-to-fit"
scaling="uniform"/></fo:block>
</fo:table-cell>
<fo:table-cell display-align="after" padding-bottom="5mm">
<fo:block font-family="LiberationSansNarrow" font-size="8pt" color="black"
><fo:block font-weight="bold" color="#FF5C00"
>www.radicallyopensecurity.com</fo:block><fo:block>info@radicallyopensecurity.com</fo:block><fo:block>Chamber
of Commerce 60628081</fo:block><fo:block>VAT number
853989655B01</fo:block></fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table></fo:block>
</fo:static-content>
<fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black"
flow-name="region-before-content">
<fo:block text-align="right" font-weight="normal"/>
</fo:static-content>
<fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black"
flow-name="region-after-cover">
<fo:block text-align-last="justify" text-align="center"
><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader
leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt"
color="black">Radically Open Security B.V. - Chamber of Commerce
60628081</fo:inline></fo:block>
</fo:static-content>
<fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black"
flow-name="region-after-content">
<fo:block text-align-last="justify" text-align="center"
><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader
leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt"
color="black">Radically Open Security B.V. - Chamber of Commerce
60628081</fo:inline></fo:block>
</fo:static-content>
<fo:flow font-family="LiberationSansNarrow" font-size="12pt" color="black"
flow-name="region-body">
<fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white"
font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm"
background-color="#FF5C00">SECURITY CONSULTING AGREEMENT</fo:block>
<fo:block><fo:block margin-bottom="10pt" line-height="18pt"><fo:inline
text-decoration="underline"><fo:inline font-weight="bold">Radically Open
Security B.V.</fo:inline></fo:inline>, located at Overdiemerweg 28, 1111
PP, Diemen, represented by Melanie Rieback (“<fo:inline font-weight="bold"
>ROS</fo:inline>”);</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">AND</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline
text-decoration="underline"><fo:inline font-weight="bold">Peter Pan (Lost
Boys Inc.)</fo:inline></fo:inline>, with his address at Cloud 9, 1234 XX,
Treehouse City, Neverland (the “<fo:inline font-weight="bold"
>Consultant</fo:inline>”);</fo:block></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">WHEREAS:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm"
provisional-label-separation="2.5mm" margin-bottom="1.5cm" space-after="12pt"
start-indent="1cm">
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>A. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The Consultant is willing and able to perform the activities
mentioned hereafter.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>B. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>ROS and the Consultant have no intention whatsoever to agree upon
an employment agreement and this agreement is only drafted to enable the
Consultant to perform incidental activities for ROS. ROS and the
Consultant explicitly confirm that this agreement does not qualify as an
employment agreement. The Consultant is free to perform work for other
parties, and in fact does so on a regular basis.</fo:block>
</fo:list-item-body>
</fo:list-item>
</fo:list-block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white"
font-weight="bold" text-transform="uppercase" font-style="italic"
font-size="14pt" margin-bottom="0.8cm" background-color="#999999">AGREE AS
FOLLOWS</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm"
provisional-label-separation="2.5mm" margin-bottom="1.5cm" space-after="12pt"
start-indent="1cm">
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>1. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block><fo:block margin-bottom="5pt">This contract shall be effective
as of August 18, 2016 for the period of 28 days. This contract will
end by operation of law on September 15, 2016 without any notice
being required.</fo:block>
<fo:block margin-bottom="5pt">In case of tacit extension of this
contract, the parties agree to do so for the same term and on the
same conditions. Either party is entitled to give notice of
termination of the contract with immediate effect. Notice of
termination should be given by email. (To ROS:
info@radicallyopensecurity.com; to the Consultant: peter@pan.tech)
The other party will confirm the termination by return.</fo:block>
<fo:block margin-bottom="5pt">Premature termination shall not give
rise to liability or financial compensation for either
party.</fo:block></fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>2. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>ROS and the Consultant explicitly do not intend to enter into
an employment agreement (in Dutch: “<fo:inline font-style="italic"
>arbeidsovereenkomst</fo:inline>”) as in Article 7:610 Burgerlijk
Wetboek. The Consultant guarantees he shall never claim an employment
agreement exists. </fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>3. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>ROS instructs (in Dutch: "<fo:inline font-style="italic">wijst
aan</fo:inline>"; not "<fo:inline font-style="italic"
>instrueert</fo:inline>") the Consultant and the Consultant
agrees to perform the following activities (the “<fo:inline
font-weight="bold">Activities</fo:inline>”): <fo:list-block
xmlns:my="http://radical.sexy" margin-bottom="10pt"
line-height="18pt">
<fo:list-item>
<fo:list-item-label end-indent="label-end()">
<fo:block><fo:inline>•</fo:inline></fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>Taunting Captain Hook</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item>
<fo:list-item-label end-indent="label-end()">
<fo:block><fo:inline>•</fo:inline></fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>Feeding crocodiles</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item>
<fo:list-item-label end-indent="label-end()">
<fo:block><fo:inline>•</fo:inline></fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>Flying to and fro ('to' and 'fro' to be specified
at takeoff)</fo:block>
</fo:list-item-body>
</fo:list-item>
</fo:list-block></fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>4. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The Consultant is working at his or her own risk (in Dutch:
“<fo:inline font-style="italic">voor eigen rekening en
risico</fo:inline>”). The Consultant is free to perform the
Activities at his or her own discretion (in Dutch: “<fo:inline
font-style="italic">naar eigen inzicht</fo:inline>”) and
independently. The Consultant will use his own resources and tools to
perform the Activities for ROS.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>5. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The agreed working hours shall amount to 30 hours per month.
The Consultant may be expected to perform overtime outside the
established working hours whenever this is necessary for the proper
performance of the Activites.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>6. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block><fo:block margin-bottom="5pt">ROS will pay the Consultant € 50
per hour excluding VAT. It will do so after ROS has received an
invoice from the Consultant. The Consultant will send an invoice
within 14 days after the end of each calendar month for the
Activities performed during that month.</fo:block>
<fo:block margin-bottom="5pt">ROS will then pay the agreed amount
within 30 days of receipt of the invoice. ROS will also pay
reasonable travel expenses of the Consultant, to the extent that
ROS has given prior written approval for such costs and the
Consultant provides ROS with an invoice or other documentation for
these expenses. ROS will not reimburse any other costs the
Consultant incurs in the course of the Activities, unless ROS has
given prior written approval for such costs. For the avoidance of
doubt, ROS shall pay no wages (in Dutch: "<fo:inline
font-style="italic">salaris</fo:inline>") to the Consultant and
therefore, ROS shall not provide payslips to the Consultant, nor
pay to the Consultant any money or allowance in the event of a
holiday or illness of the Consultant.</fo:block></fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>7. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>If during the course of the Activities, there is a risk that
the scope of the assignment is bigger than expected, the Consultant
will let ROS know without delay.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>8. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The Consultant transfers to ROS all intellectual property
rights created as a result of the Activities. To the extent that it is
not possible to transfer these rights, he grants to ROS a perpetual,
exclusive transferable, sub-licensable, world-wide license to such
rights, and agrees to co-operate with the transfer of these rights to
ROS. To the extent that the Consultant has transferred these rights to
ROS, ROS grants a perpetual, non-exclusive, non-transferable,
not-sub-licensable, world-wide license to such rights to the
Consultant, unless ROS considers this impossible, due to obligations
ROS might have vis-à-vis others. In that case, ROS will explore
whether it is possible to grant to the Consultant a license on the
rights with a narrower scope. For the avoidance of doubt, any rights
of the Consultant vested in software or services developed prior to
the Activities are not affected by this agreement.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>9. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The Consultant retains all intellectual property rights he owns
prior to this agreement.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>10. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The Consultant will not disclose confidential information and
personal data he receives from ROS, or gains access to in the course
of the Activities. The Consultant will only use this information or
data for the purposes of carrying out this agreement. The Consultant
will take reasonable measures to maintain the confidentiality of this
information and data. The Consultant may disclose this information and
data on a need-to-know basis, and only to persons associated with ROS
as employee, freelancer or volunteer and only if the Consultant knows
that they are bound by the same confidentiality
obligations.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>11. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The Consultant is responsible: <fo:list-block
provisional-distance-between-starts="0.75cm"
provisional-label-separation="2.5mm" space-after="0pt"
start-indent="2.25cm">
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>•</fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>for ensuring that any work performed in the course
of this agreement is lawful (in Dutch: “<fo:inline
font-style="italic">rechtmatig</fo:inline>”) and not
illegal (in Dutch: “<fo:inline font-style="italic">niet
strafbaar</fo:inline>”);</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>•</fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>for ensuring that by performing the Activities, he
does not act contrary to a non-compete- or a
confidentiality obligation he may have. If there is a risk
that the Consultant will act contrary to such an
obligation, he will inform ROS without delay. ROS then has
the right to terminate the agreement without
compensation;</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>•</fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>and for paying any applicable taxes and social
security premiums following from the Activities. Should
ROS have to pay any of these, the Consultant will
indemnify ROS.</fo:block>
</fo:list-item-body>
</fo:list-item>
</fo:list-block></fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>12. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>Should a third party lodge a claim against ROS or any of its
employees, freelancers or volunteers, or the public prosecutor
initiate an investigation or criminal proceedings against any of these
parties, as a result of activities performed by the Consultant under
this agreement, then the Consultant will co-operate fully with ROS in
defending against this claim, investigation or these proceedings,
including by providing any evidence he or she has which may be
relevant to this defense.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>13. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>Unless a result of gross negligence or willful misconduct, the
liability of either party to the other for any type of damages is
limited to the amount of Consultant's total fees under Article 5 of
this agreement.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>14. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>If any of the provisions of this agreement is annulled or void,
the other provisions remain in effect. To the extent possible, the
annulled or void provision will be replaced by a similar provision
that has the same effect.</fo:block>
</fo:list-item-body>
</fo:list-item>
<fo:list-item margin-bottom="5pt">
<fo:list-item-label end-indent="label-end()">
<fo:block>15. </fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block>The general terms and conditions of ROS apply to this
agreement. ROS rejects any general terms and conditions used by the
Consultant.</fo:block>
</fo:list-item-body>
</fo:list-item>
</fo:list-block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white"
font-weight="bold" text-transform="uppercase" font-style="italic"
font-size="14pt" margin-bottom="0.8cm" background-color="#999999">SIGNED IN
DUPLICATE ON AUGUST 18, 2016 IN</fo:block>
<fo:block margin-top="1.5cm" keep-together.within-page="always"
><fo:block><fo:table border-width="1pt" border-style="solid"
border-color="black" width="100%" table-layout="fixed">
<fo:table-column border-width="1pt" border-style="solid"
border-color="black" column-width="proportional-column-width(50)"/>
<fo:table-column border-width="1pt" border-style="solid"
border-color="black" column-width="proportional-column-width(50)"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell padding="2pt">
<fo:block>Treehouse City</fo:block>
</fo:table-cell>
<fo:table-cell padding="2pt">
<fo:block>Diemen</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell padding="2pt">
<fo:block> </fo:block>
<fo:block> </fo:block>
</fo:table-cell>
<fo:table-cell padding="2pt">
<fo:block> </fo:block>
<fo:block> </fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell padding="2pt">
<fo:block>Peter Pan</fo:block>
</fo:table-cell>
<fo:table-cell padding="2pt">
<fo:block>Melanie Rieback</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell padding="2pt">
<fo:block font-weight="bold">Lost Boys Inc.</fo:block>
</fo:table-cell>
<fo:table-cell padding="2pt">
<fo:block font-weight="bold">Radically Open Security
B.V.</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table></fo:block></fo:block>
</fo:block>
</fo:block>
</fo:block>
<fo:block id="EndOfDoc"/>
</fo:flow>
</fo:page-sequence>
</fo:root>

BIN
xml/target/contract.pdf Normal file
View File

Binary file not shown.

1002
xml/target/document.fo Normal file
View File

File diff suppressed because one or more lines are too long

BIN
xml/target/document.pdf Normal file
View File

Binary file not shown.

181
xml/target/invoice.fo Normal file
View File

@@ -0,0 +1,181 @@
<?xml version="1.0" encoding="UTF-8"?>
<fo:root xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:fo="http://www.w3.org/1999/XSL/Format">
<fo:layout-master-set>
<fo:simple-page-master margin-top="0.5cm"
margin-bottom="1.5cm"
margin-left="1.5cm"
margin-right="1.5cm"
page-height="29.7cm"
page-width="21.0cm"
master-name="Cover">
<fo:region-body margin-top="3.6cm" margin-bottom="1cm" region-name="region-body"/>
<fo:region-before precedence="true" extent="2.7cm" region-name="region-before-cover"/>
<fo:region-after precedence="true"
extent="0.6cm"
padding="0"
region-name="region-after-cover"/>
</fo:simple-page-master>
<fo:simple-page-master margin-top="0.5cm"
margin-bottom="1.5cm"
margin-left="1.5cm"
margin-right="1.5cm"
page-height="29.7cm"
page-width="21.0cm"
master-name="Content">
<fo:region-body margin-top="2cm" margin-bottom="1cm" region-name="region-body"/>
<fo:region-before precedence="true"
extent="0.6cm"
region-name="region-before-content"/>
<fo:region-after precedence="true"
extent="0.6cm"
padding="0"
region-name="region-after-content"/>
</fo:simple-page-master>
<fo:page-sequence-master master-name="Report">
<fo:repeatable-page-master-alternatives>
<fo:conditional-page-master-reference master-reference="Cover"
blank-or-not-blank="not-blank"
page-position="first"/>
<fo:conditional-page-master-reference master-reference="Content" blank-or-not-blank="not-blank"/>
</fo:repeatable-page-master-alternatives>
</fo:page-sequence-master>
</fo:layout-master-set>
<fo:page-sequence master-reference="Report">
<fo:static-content font-family="LiberationSansNarrow"
font-size="12pt"
color="black"
flow-name="region-before-cover">
<fo:block>
<fo:table width="100%" table-layout="fixed">
<fo:table-column column-width="proportional-column-width(40)"/>
<fo:table-column column-width="proportional-column-width(20)"/>
<fo:table-column column-width="proportional-column-width(40)"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell text-align="right" display-align="after" padding-bottom="5mm">
<fo:block font-family="LiberationSansNarrow" font-size="8pt" color="black">
<fo:block font-weight="bold" color="#FF5C00">Radically Open Security B.V.</fo:block>
<fo:block>Overdiemerweg 28</fo:block>
<fo:block>1111 PP Diemen</fo:block>
<fo:block>The Netherlands</fo:block>
</fo:block>
</fo:table-cell>
<fo:table-cell text-align="center">
<fo:block>
<fo:external-graphic padding-top="0cm"
padding-bottom="0cm"
src="url(../graphics/logo_alt.png)"
width="30mm"
content-width="scale-to-fit"
content-height="scale-to-fit"
scaling="uniform"/>
</fo:block>
</fo:table-cell>
<fo:table-cell display-align="after" padding-bottom="5mm">
<fo:block font-family="LiberationSansNarrow" font-size="8pt" color="black">
<fo:block font-weight="bold" color="#FF5C00">www.radicallyopensecurity.com</fo:block>
<fo:block>info@radicallyopensecurity.com</fo:block>
<fo:block>Chamber of Commerce 60628081</fo:block>
<fo:block>VAT number 853989655B01</fo:block>
</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table>
</fo:block>
</fo:static-content>
<fo:static-content font-family="LiberationSansNarrow"
font-size="12pt"
color="black"
flow-name="region-before-content">
<fo:block text-align="right" font-weight="normal"/>
</fo:static-content>
<fo:static-content font-family="LiberationSansNarrow"
font-size="12pt"
color="black"
flow-name="region-after-cover">
<fo:block text-align-last="justify" text-align="center">
<fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="#FF5C00">Please keep digital unless absolutely required. Read the (unique) terms and conditions of Radically Open Security at: https://radicallyopensecurity.com/TermsandConditions.pdf</fo:inline>
</fo:block>
</fo:static-content>
<fo:static-content font-family="LiberationSansNarrow"
font-size="12pt"
color="black"
flow-name="region-after-content">
<fo:block text-align-last="justify" text-align="center">
<fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="#FF5C00">Please keep digital unless absolutely required. Read the (unique) terms and conditions of Radically Open Security at: https://radicallyopensecurity.com/TermsandConditions.pdf</fo:inline>
</fo:block>
</fo:static-content>
<fo:flow font-family="LiberationSansNarrow"
font-size="12pt"
color="black"
flow-name="region-body">
<fo:block>
<fo:block font-weight="bold"
keep-with-next.within-page="always"
text-align="center"
color="white"
font-size="18pt"
margin-bottom="1cm"
background-color="#FF5C00"
margin-top="1cm">Invoice nr. 00/000</fo:block>
<fo:block>
<fo:block>Sitting Duck B.V.</fo:block>
<fo:block>T.a.v. </fo:block>
<fo:block>Reed Street 42</fo:block>
<fo:block>0000 Pond City</fo:block>
<fo:block>Amazonia</fo:block>
<fo:block>freemoney@sittingduck.com</fo:block>
</fo:block>
<fo:block margin-bottom="8mm" text-align="right">August 25, 2016</fo:block>
<fo:block font-weight="bold"
keep-with-next.within-page="always"
text-align="center"
color="white"
font-style="normal"
font-size="18pt"
margin-bottom="0.8cm"
background-color="silver">Services Delivered</fo:block>
<fo:block>
<fo:table margin-bottom="8mm"
background-color="#EEEEEE"
width="100%"
table-layout="fixed">
<fo:table-column column-width="proportional-column-width(90)"/>
<fo:table-column column-width="proportional-column-width(10)"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell padding="2pt"
border-collapse="separate"
border-spacing="5mm"
padding-top="2pt">
<fo:block>6-day penetration test Sitting Duck</fo:block>
</fo:table-cell>
<fo:table-cell padding="2pt"
border-collapse="separate"
border-spacing="5mm"
padding-top="2pt"
text-align="right">
<fo:block margin-bottom="5pt">€ 100.--</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table>
</fo:block>
<fo:block margin-bottom="8mm">Radically Open Security B.V. donates &gt; 90% of its entire profits to
charity.</fo:block>
<fo:block margin-bottom="8mm">Please be so kind to pay within 30 days
by money transfer, to the following account:</fo:block>
<fo:block margin-bottom="8mm" margin-left="1.3cm">
<fo:block>Radically Open Security B.V.</fo:block>
<fo:block>IBAN: NL06 RABO 0188 2813 12</fo:block>
<fo:block>Reference: 00/000</fo:block>
</fo:block>
<fo:block>Kind regards,</fo:block>
<fo:block>your dedicated team at</fo:block>
<fo:block font-style="italic">Radically Open Security B.V.</fo:block>
</fo:block>
</fo:flow>
</fo:page-sequence>
</fo:root>

BIN
xml/target/invoice.pdf Normal file
View File

Binary file not shown.

568
xml/target/offerte.fo Normal file
View File

@@ -0,0 +1,568 @@
<?xml version="1.0" encoding="UTF-8"?><fo:root xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:fo="http://www.w3.org/1999/XSL/Format"><fo:layout-master-set><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Cover"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before-cover"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after-cover"/></fo:simple-page-master><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Content"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before-content"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after-content"/></fo:simple-page-master><fo:page-sequence-master master-name="Report"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="Cover" blank-or-not-blank="not-blank" page-position="first"/><fo:conditional-page-master-reference master-reference="Content" blank-or-not-blank="not-blank"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master></fo:layout-master-set><fo:page-sequence master-reference="Report"><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-before-cover"><fo:block text-align="right" font-weight="bold"/></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-before-content"><fo:block text-align="right" font-weight="bold"/></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-after-cover"><fo:block text-align-last="justify"><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="black">Radically Open Security B.V. - Chamber of Commerce
60628081</fo:inline></fo:block></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-after-content"><fo:block text-align-last="justify"><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="black">Radically Open Security B.V. - Chamber of Commerce
60628081</fo:inline></fo:block></fo:static-content><fo:flow font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-body"><fo:block>
<fo:block text-align="center" margin-bottom="5pt"><fo:external-graphic padding-top="2cm" padding-bottom="3cm" src="url(../graphics/logo.png)" width="70mm" content-width="scale-to-fit" content-height="scale-to-fit" scaling="uniform"/></fo:block><fo:block font-weight="bold" keep-with-next.within-page="always" text-align="center" color="white" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">RADICALLY OPEN SECURITY B.V.</fo:block><fo:block text-align="center" margin-bottom="1cm" font-size="16pt" font-weight="bold">OFFER</fo:block><fo:block font-weight="bold" keep-with-next.within-page="always" text-align="center" color="white" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">PENETRATION TESTING SERVICES</fo:block><fo:block text-align="center" margin-bottom="1cm" font-size="16pt" font-weight="bold">FOR</fo:block><fo:block font-weight="bold" keep-with-next.within-page="always" text-align="center" color="white" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#999999">Sitting Duck B.V.</fo:block><fo:block text-align="center" margin-bottom="1cm" font-size="16pt" font-weight="bold" break-after="page">August 25, 2016</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Introduction</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Sitting Duck B.V. (hereafter “<fo:inline font-weight="bold">Sitting Duck</fo:inline>”), with its registered office
at Reed Street 42, Pond City, Amazonia, has requested Radically Open Security B.V.
(hereafter “<fo:inline font-weight="bold">ROS</fo:inline>”) to perform penetration testing services.
Motivation for this request is that Sitting Duck wishes to get a better
insight in ...</fo:block>
<fo:block margin-bottom="1.5cm" line-height="18pt">This offer sets out the scope of the work and the terms and conditions under
which ROS will perform these services.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Project Overview</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will perform penetration testing services
for Sitting Duck of the systems described below. The services are intended
to gain insight into the security of these systems. To do so, ROS
will access these systems, attempt to find vulnerabilities, and gain
further access and elevated privileges by exploiting any vulnerabilities
found.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will test the following targets
(the “<fo:inline font-weight="bold">Targets</fo:inline>”):</fo:block>
<fo:list-block margin-bottom="10pt" line-height="18pt" provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline>•</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>dsfsd</fo:block></fo:list-item-body></fo:list-item><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline>•</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>adfsd</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="1.5cm" line-height="18pt">ROS will test for the presence of the
most common vulnerabilities, using both publicly available vulnerability
scanning tools and manual testing. ROS shall perform a
6-day, crystal-box, intrusive test via the internet.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Prerequisites</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">In order to perform this audit, ROS will need access to:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" margin-bottom="1.5cm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Test accounts</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Test environment</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Contact information of system administrators, in case of emergencies</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Disclaimer</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">It is possible that in the course of the penetration testing, ROS
might hinder the operations of the Targets or cause damage to the Targets.
Sitting Duck gives permission for this, to the extent that ROS
does not act negligent or recklessly. Sitting Duck also warrants it has the
authority to give such permission.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">It is important to understand the limits of ROS's services.
ROS does not (and cannot) give guarantees that something is
secure. ROS, instead, has an obligation to make reasonable
efforts (in Dutch: “<fo:inline font-style="italic">inspanningsverplichting</fo:inline>”) to perform the
agreed services.</fo:block>
<fo:block margin-bottom="1.5cm" line-height="18pt">ROS and Sitting Duck agree to take reasonable measures to
maintain the confidentiality of information and personal data they gain
access to in the course of performing the penetration test within the
Targets. Both parties will use the information and data they receive or
access only for the purposes outlined in this agreement.
ROS warrants that all core-team members, external freelancers,
and volunteers it engages to perform the penetration test have signed a
non-disclosure agreement (NDA). </fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Pentest Methodology</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">During the execution of penetration tests, Radically Open Security B.V. broadly follows
the following steps:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>1. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Requirements Gathering and Scoping; </fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>2. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Discovery;</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>3. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Validation;</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>4. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Information Collection;</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>5. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Threat and Vulnerability Analysis;</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>6. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Exploitation;</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>7. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Reporting;</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Step 1: Requirements Gathering and Scoping</fo:inline> <fo:block/>
The expectations of both parties are discussed and agreements are made regarding
how to conduct the test(s). For example, contact details and the pentest's scope
are documented.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Step 2: Discovery</fo:inline><fo:block/>
As much information as possible about the target organization and target objects
is collected. This information is passively gathered, primarily from public sources.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Step 3: Validation</fo:inline><fo:block/>
All customer-specified systems are cross-referenced with findings from the
Discovery step. We do this to ensure that discovered systems are legal property
of the customer and to verify the scope with the customer.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Step 4: Information Collection</fo:inline><fo:block/>
Information from Step 2 is now used to actively collect information about the
system. Activities conducted during this phase may include:
Determining which parts of the various components will be investigated;
Testing for the presence of known vulnerabilities, using automated tests;
Identifying the offered services and fingerprinting the software used for them.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Step 5: Threat and Vulnerability Analysis</fo:inline><fo:block/>
Potential threats and vulnerabilities are indexed, based upon the collected information.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Step 6: Exploitation</fo:inline><fo:block/>
Attempt to use vulnerabilities of the various components.
The diverse applications and components of the client's infrastructure are
relentlessly probed for frequently occurring design, configuration, and
programming errors.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Note: Radically Open Security B.V. uses open-source scanning tools to get its bearings,
but generally performs most of the exploitation by hand.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Step 7: Reporting</fo:inline><fo:block/>
After finishing the audit, a report will be delivered where the step-by-step
approach, results, and discovered vulnerabilities are described. The report and
results will be presented to the responsible project leader or manager at the
client's office.</fo:block>
<fo:block margin-bottom="1.5cm" line-height="18pt">Steps 4-6 may be repeated multiple times per test. For example, access may be
acquired in an external system, which serves as a stepping-stone to the internal network.
The internal network will then be explored in Steps 4 and 5, and exploited in Step 6.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Code Audit</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will perform a code audit to aid pentesting. During a
code audit, we manually examine the code of an application to ensure there
are no security vulnerabilities and use our understanding of the code to
guide our pentesting. If vulnerabilities are found, we document those and
suggest ways to fix them. This is done by highly-trained penetration testers
who can both review the raw code as well as interpret the findings of the
automated scans, putting them into context.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">During the code audit portion of penetration tests, we take the following
criteria into account:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>1. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Risk Assessment and "Threat Modeling"<fo:block/>
In this step, we analyze the risks of a particular application or system.
Threat Modeling is a specific, structured approach to risk analysis that
enables us to identify, qualify, and address the security risks, thus
dovetailing with the Code Review process. For example, user data is
sacred. We focus on encrypted storage, discover if Sitting Duck employees
have a backdoor into data, and cut loose stolen devices by wiping them
remotely and revoking accounts.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>2. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Purpose and Context<fo:block/>
Here we focus on risks, especially in the quick and easy sharing of
internal documents and itineraries. Account details aren't so secret
when we know who will be in meetings, but what's being discussed is secret.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>3. </fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Complexity<fo:block/>
The complexity of the system is in the frameworks that support the web
application. We'd ignore those and focus only on the custom code and
backend code. We would also
focus on implementation mistakes and known flaws in the systems. For
example, we'd ensure you're using the latest versions of software,
but we wouldn't delve into the framework itself. Since we assume the
code is written by a team, it should be clearly-written code. If you have
several full-release versions, there will undoubtedly be several revisions
and audits on that code.</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="1.5cm" line-height="18pt">For more information, please refer to this link:
<fo:basic-link color="blue" external-destination="https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents">https://www.owasp.org/index.php/OWASP_Code_Review_V2_Table_of_Contents</fo:basic-link></fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Team and Reporting</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="#999999">Team</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS may perform the activities with its core-team
members, external freelancers, and/or volunteers.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">First point of contact for this assignment shall be:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Melanie Rieback (ROS)</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>Sir Knowsalot (Sitting Duck)</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="10pt" line-height="18pt">Our penetration tests are run a bit like a Capture The Flag
(CTF) competition:
Radically Open Security B.V. has a geographically distributed team
and we use online infrastructure (RocketChat, GitLabs, etc.)
to coordinate our work. This enables us to invite the
customer to send several technical people from their
organization to join our penetration test team on a volunteer basis.
Naturally, we extend this invitation to Sitting Duck as well.</fo:block>
<fo:block margin-bottom="1.5cm" line-height="18pt">Throughout the course of the audit, we intend to actively
brainstorm with Sitting Duck about both the penetration test and the process.
This is a continuous learning experience for both us and you.
Also, in our experience, a tight feedback loop with the customer
greatly improves both the quality and focus of the engagement.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="#999999">Reporting</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will report to Sitting Duck on the penetration test.
This report will include the steps it has taken during the
test and the vulnerabilities it has found. It will include
recommendations but not comprehensive solutions on how to address
these vulnerabilities.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">A sample Pentest report can be found here</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:basic-link color="blue" external-destination="https://github.com/radicallyopensecurity/templates/blob/master/sample-report/REP_SittingDuck-pentestreport-v10.pdf">https://github.com/radicallyopensecurity/templates/blob/master/sample-report/REP_SittingDuck-pentestreport-v10.pdf</fo:basic-link></fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="1.5cm" line-height="18pt">One of ROS's Core Principles is the Teach
To Fish principle otherwise known as the 'Peek over our
Shoulder' (PooS) principle. We strive to structure our
services so they can also serve as a teaching or training
opportunity for our customers.</fo:block>
</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Planning and Payment</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will uphold the following dates for the planning of the services:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>ROS performs a penetration test on TBD.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>ROS delivers the final report TBD.</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="10pt" line-height="18pt">
Our fixed-fee price quote for the above described penetration
testing services is € 100.- excl. VAT and out-of-pocket expenses.
ROS will send an invoice after completion of this assignment.
Sitting Duck will pay the agreed amount within 30 days of the invoice date.
</fo:block>
<fo:block margin-bottom="1.5cm" line-height="18pt">
Any additional work will be charged separately. An hourly
rate for additional work will be agreed upon before starting this work.
</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">About Radically Open Security B.V.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Radically Open Security B.V. is the world's first not-for-profit computer security consultancy.
We operate under an innovative new business model whereby we use a Dutch fiscal
entity, called a “Fiscaal Fondswervende Instelling” (Fiscal Fund raising Institution),
as a commercial front-end to send 90% of our profits, tax-free, to a not-for-profit
foundation, Stichting NL net. The NLnet Foundation has supported open-source,
digital rights, and Internet research for almost 20 years.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">In contrast to other organizations, our profits do not benefit shareholders,
investors, or founders. Our profits benefit society. As an
organization without a profit-motive, we recruit top-name, ethical security
experts and find like-minded customers that want to use their IT security
budget as a "vote" to support socially responsible entrepreneurship. The rapid
pace of our current growth reflects the positive response the market has to our
idealistic philosophy and innovative business model.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Radically Open Security B.V. has a number of values that we describe as our
“Core Principles.” These are:</fo:block>
<fo:list-block provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">No sketchy stuff</fo:inline><fo:block/>
We don't build surveillance systems, hack activists, sell exploits to
intelligence agencies, or anything of the sort. If a job is even remotely
morally questionable, we simply won't do it.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Open-Source</fo:inline><fo:block/>
Releasing ALL tools and frameworks, we build as open-source on our website.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Teach to fish</fo:inline><fo:block/>
During engagements, we will not only share our results with your company,
but also provide a step-by-step description of how to perform the same
audit or procedure without us. We want to demystify what we're doing.
It's not rocket science, and we genuinely want to help your company
improve its security posture, even if it costs us repeat business.</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">IoCs for free</fo:inline><fo:block/>Releasing ALL collected threat intelligence
(Indicators of Compromise) into an open-source database that everyone can freely use.
(Sanitized in agreement with customers.)</fo:block></fo:list-item-body></fo:list-item><fo:list-item margin-bottom="5pt"><fo:list-item-label end-indent="label-end()"><fo:block>•</fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block><fo:inline font-weight="bold">Zero days</fo:inline><fo:block/>
We don't sell zero-days - we responsibly disclose them!</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="1.5cm" line-height="18pt">For more information about Radically Open Security B.V., we refer you to our website:
<fo:basic-link color="blue" external-destination="http://www.radicallyopensecurity.com">www.radicallyopensecurity.com</fo:basic-link>.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Terms and Conditions</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will only perform the penetration test
if it has obtained the permission from Sitting Duck B.V. and dafaf
as set out in the penetration testing waiver, attached as <fo:inline font-weight="bold">Annex 2</fo:inline>,
or provided in a separate document.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS performs this assignment on the basis of its general
terms and conditions, which are attached to this offer as Annex 1.
ROS rejects any general terms and conditions used by
Sitting Duck.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">In order to agree to this offer, please sign this letter in duplicate
and return it to:</fo:block>
<fo:block keep-together.within-page="always" margin-left="1.5cm" line-height="18pt">
<fo:block>Melanie Rieback</fo:block>
Radically Open Security B.V.<fo:block/>Overdiemerweg 28<fo:block/>1111 PP Diemen
<fo:block>melanie@radicallyopensecurity.com</fo:block>
</fo:block>
<fo:block margin-top="1.5cm" keep-together.within-page="always"><fo:block font-weight="bold" keep-with-next.within-page="always" text-align="center" color="white" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#999999">Signed in duplicate</fo:block><fo:block><fo:table border-width="1pt" border-style="solid" border-color="black" width="100%" table-layout="fixed"><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(50)"/><fo:table-column border-width="1pt" border-style="solid" border-color="black" column-width="proportional-column-width(50)"/><fo:table-body><fo:table-row><fo:table-cell padding="2pt"><fo:block>August 25, 2016</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>August 25, 2016</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block/></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Diemen</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block> </fo:block><fo:block> </fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block> </fo:block><fo:block> </fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block>I.M. Portant</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block>Melanie Rieback</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block font-weight="bold">Sitting Duck B.V.</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block font-weight="bold">Radically Open Security B.V.</fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block></fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" break-before="page">
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">Annex 1<fo:block/>General Terms and Conditions</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">What is this document?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">These are the general terms and conditions (in Dutch: “<fo:inline font-style="italic">algemene voorwaarden</fo:inline>”)
of Radically Open Security B.V. (ROS). This version of the general terms and conditions
is dated 15 July 2014.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">In the spirit of ROS's philosophy, ROS wants these
general terms and conditions to be as understandable as possible. If you have any
questions, feel free to ask for clarification.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">What is Radically Open Security B.V.?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS is a private limited liability company under Dutch law located
in Amsterdam, The Netherlands. It is registered at the Dutch Chamber of Commerce
under no. 60628081.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">To what do these terms and conditions apply?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">These general terms and conditions apply to all agreements between ROS
and the customer. ROS rejects any terms and conditions used by the
customer. The parties can only deviate from these general terms and conditions
in writing. These general terms and conditions are also intended to benefit any
person employed or engaged by ROS during the performance of an assignment.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">How does ROS agree on an assignment?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS wants both parties to have a clear picture of an assignment
before it starts. This means there only is an agreement between ROS
and the customer after ROS sends a written offer containing the key
terms of the agreement and the customer subsequently accepts the offer.
Communications other than the written offer do not form part of the agreement.
ROS can rescind an offer until it is accepted by the customer.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">What can the customer expect from ROS?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">It is important to understand the limits of ROS's services.
ROS does not (and cannot) give guarantees that something is secure.
ROS instead has an obligation to make reasonable efforts
(in Dutch: “<fo:inline font-style="italic">inspanningsverplichting</fo:inline>”) to perform the agreed services.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will make reasonable efforts to perform the assignment in
accordance with the plan set out in the offer (if any). If ROS
expects it will not fulfill the plan as documented, it will let the customer
know without delay. ROS is not automatically deemed to be in default
if it doesn't meet the plan.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS will make reasonable efforts to avoid disruption of the
customer's operations and damage to its owned or operated systems, but it
cannot guarantee that this will be avoided. The customer agrees
to this. ROS is not obliged to restore the systems or recover any
data deleted or amended in the course of the assignment.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">What can ROS expect from the customer?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">The customer will provide ROS with all means necessary to allow
ROS to perform the agreed services. If ROS needs explicit
permission from the customer to perform its services (for example, when doing
penetration tests) the customer gives this permission. The customer also warrants
that it has the legal authority to give this permission.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">How do the parties handle confidential information?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS and the customer will not disclose to others confidential
information and personal data they receive from each other or gain access to in
the course of an assignment. ROS has the right to disclose this
information and data to persons engaged by ROS, but only if these
persons have a similar confidentiality obligation vis-á-vis ROS.
Any person will only use the information and data it receives or gains access
to for the purposes following from the agreement. Both parties will take reasonable
measures to maintain the confidentiality of the information and data they received
or gained access to, and will ensure that persons engaged by them do the same.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">What does ROS do with vulnerabilities it finds in the course
of an assignment?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">If ROS in the course of an assignment finds a vulnerability which
might affect the customer, it will report this to the customer. If a vulnerability
might affect third parties as well, ROS retains the right to disclose
this vulnerability also to others than the customer. It will only do so after
having given the customer a reasonable period to take measures minimising the
impact of the vulnerability, in line with responsible disclosure best practices.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">What does ROS do with indicators of compromise it finds?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">If ROS in the course of an assignment finds indicators of
compromise, such as malware signatures and IP-addresses, it will report this to
the customer. ROS retains the right to also publish this information
in a publicly accessible database. It will only do so after it has given the
customer the opportunity to object to the publication of data which would
negatively impact the customer.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Who owns the products developed in the course of the assignment?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS retains any intellectual property rights in products developed
for an assignment, such as software and reports. ROS, however, wants
to teach as many customers as possible 'how to fish'.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">For software it developed, this means that ROS gives the customer
a permanent, non-exclusive, transferable, sub-licensable, worldwide license to
distribute and use the software in source and binary forms, with or without
modification (very similar to the BSD-license). If ROS's software
is based on other software which is provided under a license which restricts
ROS's ability to license its own software (such as the GPLv3 license),
the more restrictive license will apply.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">For other products it developed, such as reports and analyses, ROS
gives the customer the same license, but this license is exclusive to the customer
and does not contain the right to modification. The latter condition is intended
to ensure that the customer will not change ROS's products, such as
reports and analyses. ROS retains the right to reuse these products,
for example for training and marketing purposes. ROS will remove any
confidential information from these products before publication.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS retains title to any property transferred to the customer
until all outstanding payments by the customer have been done in full (in Dutch:
“<fo:inline font-style="italic">eigendomsvoorbehoud</fo:inline>”). ROS also only gives a license after
all outstanding payments have been done in full.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Who will perform the assignment?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS has the right to appoint the persons who will perform the
assignment. It has the right to replace a person with someone with at least the
same expertise, but only after having consulted with the customer. This means
that section 7:404 Dutch Civil Code (in Dutch: “<fo:inline font-style="italic">Burgerlijk Wetboek</fo:inline>”) is
excluded.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Due to the nature of ROS's business, ROS regularly
works with freelancers for the performance of its assignments. ROS
has the right to engage third parties, including freelancers, in the course of
the performance of an assignment.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS wants to be able to use the expertise of its entire team to
help with an assignment. This means that in the course of an assignment, it is
possible that the persons performing the assignment will consult with and be
advised by others in ROS's team. These others will of course be
bound by the same confidentiality obligations as the persons performing the assignment.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">What happens when the scope of the assignment is bigger than agreed?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS and the customer will attempt to precisely define the scope
of the assignment before ROS starts. If during the course of the
assignment, the scope turns out to be bigger than expected, ROS
will report this to the customer and make a written offer for the additional work.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">How is payment arranged?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">All amounts in ROS's offers are in Euros, excluding VAT and
other applicable taxes, unless agreed otherwise.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">For assignments where the parties agreed to an hourly fee, ROS
will send an invoice after each month. For other assignments, ROS
will send an invoice after completion of the assignment, and at moments set out
in the offer (if any). The customer must pay an invoice within 30 days of the
invoice date.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">ROS may, prior to an assignment, agree on the payment of a
deposit by the customer. ROS will settle deposits with interim
payments or the final invoice for the assignment.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">If the payment is not received before the agreed term, the client will be
deemed to be in default without prior notice. ROS will then have
the right to charge the statutory interest (in Dutch: “<fo:inline font-style="italic">wettelijke rente</fo:inline>”)
and any judicial and extrajudicial (collection) costs (in Dutch:
“<fo:inline font-style="italic">gerechtelijke- en buitengerechtelijke (incasso)kosten</fo:inline>”).</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">If the customer cancels or delays the assignment two weeks before it starts,
ROS is entitled to charge the customer 50% of the agreed price.
If the customer cancels or delays the assignment after it already started,
ROS is entitled to charge the customer 100% of the agreed price.
ROS is entitled to charge a pro rata percentage in the case of
cancellation or delay shorter than two weeks before the start of the assignment
(i.e. a cancellation one week before the assignment would entitle ROS
to charge 75% of the agreed price).</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">For what can ROS be held liable?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Any liability of ROS resulting from or related to the performance
of an assignment, shall be limited to the amount that is paid out in that
specific case under an applicable indemnity insurance of ROS,
if any, increased by the amount of the applicable deductible (in Dutch:
“<fo:inline font-style="italic">eigen risico</fo:inline>”) which under that insurance shall be borne by ROS.
If no amount is paid out under an insurance, these damages are limited to the
amount already paid for the assignment, with a maximum of EUR 10.000.
Each claim for damages shall expire after a period of one month from the day
following the day on which the customer became aware or could reasonably
be aware of the existence of the damages.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">To make things clear, ROS is not liable if a person associated
with ROS acts contrary to any confidentiality or non-compete
obligation vis-á-vis the customer or a third party, this person might have
agreed to in another engagement.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">What happens when third parties lodge a claim or initiate criminal proceedings
against ROS?</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">The customer shall indemnify ROS and any person employed or
engaged by ROS for any claims of third parties which are in any
way related to the activities of ROS and any person employed or
engaged by ROS for the customer.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Should a third party lodge a claim against ROS or any of the
consultants it engaged or employed as a result of the performance of the assignment
for the customer, then the customer will co-operate fully with ROS
in defending against this claim, including by providing to ROS any
evidence it has which relates to this claim.
Should the public prosecutor initiate an investigation or criminal proceedings
against ROS or any of the consultants it engaged or employed as a
result of the performance of the assignment for the customer, then the customer
will also co-operate fully with ROS in defending against this
investigation or proceedings, including by providing any evidence it has which
relates to this investigation or these proceedings.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">The customer shall reimburse ROS and any person employed or
engaged by ROS all costs of legal defence and all damages in
relation to these claims, investigations or proceedings. This provision does
not apply to the extent a claim, investigation, or proceeding is the result of
the intent or recklessness (in Dutch: “<fo:inline font-style="italic">opzet of bewuste roekeloosheid</fo:inline>”)
of ROS or a person employed or engaged by ROS.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">When is this agreement terminated and what happens then?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Each of the parties may terminate the agreement wholly or partly without
prior notice if the other party is declared bankrupt or is being wound up or if
the other party's affairs are being administered by the court
(in Dutch: “surséance van betaling”).</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">When can ROS not be expected to perform the assignment?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">In the case of force majeure (in Dutch: “<fo:inline font-style="italic">overmacht</fo:inline>”) as a result of
which ROS cannot reasonably be expected to perform the assignment,
the performance will be suspended. Situations of force majeure include cases
where means, such as soft- and hardware, which are prescribed by the customer
do not function well. The agreement may be terminated by either party if a
situation of force majeure has continued longer than 90 days. The customer will
then have to pay the amount for the work already performed pro rata.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold">Which law applies and which court is competent?</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">Dutch law applies to the legal relationship between ROS and its
customers. Any dispute between ROS and a customer will be resolved
in the first instance exclusively by the District Court (in Dutch:
“<fo:inline font-style="italic">rechtbank</fo:inline>”) of Amsterdam, the Netherlands.</fo:block>
</fo:block>
<fo:block margin-bottom="1.5cm" break-before="page"><fo:block font-weight="bold" keep-with-next.within-page="always" text-align="center" color="white" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00">ANNEX 2<fo:block/></fo:block>
<fo:block keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="#999999">penetration test - WAIVER</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold"><fo:inline font-style="italic">Sitting Duck B.V.</fo:inline> (<fo:inline font-style="italic">Sitting Duck</fo:inline>)</fo:inline>, with its registered office at Reed Street 42,
Pond City, Amazonia and duly represented by <fo:inline font-weight="bold">B.I.G. Wig</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">
<fo:inline font-weight="bold">WHEREAS:</fo:inline>
</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">A. Sitting Duck wants some of its systems to be tested,
Radically Open Security B.V. (“ROS”) has offered to perform
such testing for Sitting Duck and
Sitting Duck has accepted this offer.
The assignment will be performed by ROS' core-team members, external
freelancers, and/or volunteers (the “Consultants”).</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">B. Some of the activities performed by
ROS and the
Consultants during the course of this assignment could be considered
illegal, unless Sitting Duck has given permission for
these activities. ROS
and the Consultant will only perform such activities if they have received
the required permission.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">C. Sitting Duck is
willing to give such permission to ROS, the Consultants and any
other person ROS might
employ or engage for the assignment.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">
<fo:inline font-weight="bold">DECLARES AS FOLLOWS:</fo:inline>
</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">1. Sitting Duck is
aware that ROS will
perform penetration testing services of the
following systems of Sitting Duck, as described
below. The services are intended to gain insight in the security of these
systems. To do so, ROS
will access these systems, attempt to find vulnerabilities and gain further
access and elevated privileges by exploiting any vulnerabilities found.
ROS will test the
following targets (the “<fo:inline font-weight="bold">Targets</fo:inline>”):</fo:block>
<fo:list-block margin-bottom="10pt" line-height="18pt" provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline>•</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>dsfsd</fo:block></fo:list-item-body></fo:list-item><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline>•</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>adfsd</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="10pt" line-height="18pt">2. Sitting Duck
hereby grants ROS and
the Consultants on a date to be confirmed by email the broadest permission
possible to perform the assignment, including the permission to:</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">a. enter and use the Targets;</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">b. circumvent, breach, remove and turn off
any security measures protecting the Targets;</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">c. copy, intercept, record, amend, delete,
render unusable or inaccessible any data stored on, processed by or
transferred via the Targets; and</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">d. hinder the access or use of the
Targets,</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">but Sitting Duck
only grants the permission for these activities to the extent that (i) such
activities are necessary to perform the assignment and (ii) such activities
do not disrupt the normal business operations of Sitting Duck.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">3. The permission under Article 1 extends
to all systems on which the Targets run, or which ROS or the Consultant might
encounter while performing the assignment, regardless of whether these
systems are owned by third parties.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">4. Sitting Duck
warrants that it has the legal authority to give the permission set out
under Articles 1 and 2. It also warrants it has obtained the necessary
permissions from any third parties referred to under Article 3.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">5. Should the public prosecutor initiate an
investigation or criminal proceedings against ROS or any of the consultants it
engaged or employed as a result of the performance of the assignment for the
customer, then Sitting Duck will co-operate fully
with ROS in defending
against this investigation or proceedings, including by providing any
evidence it has which relates to this investigation or these
proceedings.</fo:block>
<fo:block margin-top="1.5cm" keep-together.within-page="always"><fo:table width="100%" table-layout="fixed"><fo:table-column column-width="proportional-column-width(10)"/><fo:table-column column-width="proportional-column-width(90)"/><fo:table-body><fo:table-row><fo:table-cell padding="2pt" number-rows-spanned="4"><fo:block>Signed</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">on    August 25, 2016</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">in     </fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">by
   __________________________________</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">for    </fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block>
</fo:block>
</fo:block><fo:block id="EndOfDoc"/></fo:flow></fo:page-sequence></fo:root>

BIN
xml/target/offerte.pdf Normal file
View File

Binary file not shown.

132
xml/target/report.fo Normal file
View File

File diff suppressed because one or more lines are too long

BIN
xml/target/report.pdf Normal file
View File

Binary file not shown.

80
xml/target/waiver_dad.fo Normal file
View File

@@ -0,0 +1,80 @@
<?xml version="1.0" encoding="UTF-8"?><fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format"><fo:layout-master-set><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Cover"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before-cover"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after-cover"/></fo:simple-page-master><fo:simple-page-master margin-top="2cm" margin-bottom="1.8cm" margin-left="2cm" margin-right="2cm" page-height="29.7cm" page-width="21.0cm" master-name="Content"><fo:region-body margin-top="1cm" margin-bottom="1cm" region-name="region-body"/><fo:region-before precedence="true" extent="0.6cm" region-name="region-before-content"/><fo:region-after precedence="true" extent="0.6cm" padding="0" region-name="region-after-content"/></fo:simple-page-master><fo:page-sequence-master master-name="Report"><fo:repeatable-page-master-alternatives><fo:conditional-page-master-reference master-reference="Cover" blank-or-not-blank="not-blank" page-position="first"/><fo:conditional-page-master-reference master-reference="Content" blank-or-not-blank="not-blank"/></fo:repeatable-page-master-alternatives></fo:page-sequence-master></fo:layout-master-set><fo:page-sequence master-reference="Report"><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-before-cover"><fo:block text-align="right" font-weight="bold"/></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-before-content"><fo:block text-align="right" font-weight="bold"/></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-after-cover"><fo:block text-align-last="justify"><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="black"> - Chamber of Commerce
</fo:inline></fo:block></fo:static-content><fo:static-content font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-after-content"><fo:block text-align-last="justify"><fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/><fo:leader leader-pattern="space"/><fo:inline font-family="LiberationSansNarrow" font-size="8pt" color="black"> - Chamber of Commerce
</fo:inline></fo:block></fo:static-content><fo:flow font-family="LiberationSansNarrow" font-size="12pt" color="black" flow-name="region-body"><fo:block><fo:block margin-bottom="1.5cm"><fo:block font-weight="bold" keep-with-next.within-page="always" text-align="center" color="white" text-transform="uppercase" font-size="18pt" margin-bottom="1cm" background-color="#FF5C00"/>
<fo:block xmlns:xlink="http://www.w3.org/1999/xlink" keep-with-next.within-page="always" text-align="center" color="white" font-weight="bold" text-transform="uppercase" font-style="italic" font-size="14pt" margin-bottom="0.8cm" background-color="#999999">penetration test - WAIVER</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt"><fo:inline font-weight="bold"><fo:inline font-style="italic">dafaf</fo:inline> (<fo:inline font-style="italic">dad</fo:inline>)</fo:inline>, with its registered office at fsgf,
sgf, sfgsfg and duly represented by <fo:inline font-weight="bold">sgf</fo:inline></fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">
<fo:inline font-weight="bold">WHEREAS:</fo:inline>
</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">A. Sitting Duck wants some of its systems to be tested,
Radically Open Security B.V. (“ROS”) has offered to perform
such testing for Sitting Duck and
Sitting Duck has accepted this offer.
The assignment will be performed by ROS' core-team members, external
freelancers, and/or volunteers (the “Consultants”).</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">B. Some of the activities performed by
ROS and the
Consultants during the course of this assignment could be considered
illegal, unless dad has given permission for
these activities. ROS
and the Consultant will only perform such activities if they have received
the required permission.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">C. dad is
willing to give such permission to ROS, the Consultants and any
other person ROS might
employ or engage for the assignment.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">
<fo:inline font-weight="bold">DECLARES AS FOLLOWS:</fo:inline>
</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">1. dad is
aware that ROS will
perform penetration testing services of the
following systems of dad, as described
below. The services are intended to gain insight in the security of these
systems. To do so, ROS
will access these systems, attempt to find vulnerabilities and gain further
access and elevated privileges by exploiting any vulnerabilities found.
ROS will test the
following targets (the “<fo:inline font-weight="bold">Targets</fo:inline>”):</fo:block>
<fo:list-block margin-bottom="10pt" line-height="18pt" provisional-distance-between-starts="0.75cm" provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm"><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline>•</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>dsfsd</fo:block></fo:list-item-body></fo:list-item><fo:list-item><fo:list-item-label end-indent="label-end()"><fo:block><fo:inline>•</fo:inline></fo:block></fo:list-item-label><fo:list-item-body start-indent="body-start()"><fo:block>adfsd</fo:block></fo:list-item-body></fo:list-item></fo:list-block>
<fo:block margin-bottom="10pt" line-height="18pt">2. dad
hereby grants ROS and
the Consultants on a date to be confirmed by email the broadest permission
possible to perform the assignment, including the permission to:</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">a. enter and use the Targets;</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">b. circumvent, breach, remove and turn off
any security measures protecting the Targets;</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">c. copy, intercept, record, amend, delete,
render unusable or inaccessible any data stored on, processed by or
transferred via the Targets; and</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">d. hinder the access or use of the
Targets,</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">but dad
only grants the permission for these activities to the extent that (i) such
activities are necessary to perform the assignment and (ii) such activities
do not disrupt the normal business operations of dad.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">3. The permission under Article 1 extends
to all systems on which the Targets run, or which ROS or the Consultant might
encounter while performing the assignment, regardless of whether these
systems are owned by third parties.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">4. dad
warrants that it has the legal authority to give the permission set out
under Articles 1 and 2. It also warrants it has obtained the necessary
permissions from any third parties referred to under Article 3.</fo:block>
<fo:block margin-bottom="10pt" line-height="18pt">5. Should the public prosecutor initiate an
investigation or criminal proceedings against ROS or any of the consultants it
engaged or employed as a result of the performance of the assignment for the
customer, then dad will co-operate fully
with ROS in defending
against this investigation or proceedings, including by providing any
evidence it has which relates to this investigation or these
proceedings.</fo:block>
<fo:block margin-top="1.5cm" keep-together.within-page="always"><fo:table width="100%" table-layout="fixed"><fo:table-column column-width="proportional-column-width(10)"/><fo:table-column column-width="proportional-column-width(90)"/><fo:table-body><fo:table-row><fo:table-cell padding="2pt" number-rows-spanned="4"><fo:block>Signed</fo:block></fo:table-cell><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">on    August 25, 2016</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">in     </fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">by
   __________________________________</fo:block></fo:table-cell></fo:table-row><fo:table-row><fo:table-cell padding="2pt"><fo:block margin-bottom="10pt" line-height="18pt">for    </fo:block></fo:table-cell></fo:table-row></fo:table-body></fo:table></fo:block>
</fo:block></fo:block><fo:block id="EndOfDoc"/></fo:flow></fo:page-sequence></fo:root>

252
xml/xslt/auto.xsl → xml/xslt/auto.xslt
View File

@@ -2,7 +2,7 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs"
xmlns:fo="http://www.w3.org/1999/XSL/Format" version="2.0">
<xsl:variable name="denomination">
<xsl:choose>
<xsl:when test="/offerte/meta/pentestinfo/fee/@denomination = 'euro'"></xsl:when>
@@ -16,9 +16,10 @@
<xsl:template name="generate_targets_xslt">
<xsl:param name="Ref" select="@Ref"/>
<fo:list-block xsl:use-attribute-sets="list" provisional-distance-between-starts="0.75cm"
<fo:list-block xsl:use-attribute-sets="list" provisional-distance-between-starts="0.75cm"
provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm">
<xsl:for-each select="/*/meta/targets/target[@Ref=$Ref] | /*/meta/targets/target[not(@Ref)]">
<xsl:for-each
select="/*/meta/targets/target[@Ref = $Ref] | /*/meta/targets/target[not(@Ref)]">
<fo:list-item>
<!-- insert a bullet -->
<fo:list-item-label end-indent="label-end()">
@@ -39,6 +40,7 @@
<xsl:template match="generate_findings">
<xsl:variable name="Ref" select="@Ref"/>
<xsl:variable name="status" select="@status"/>
<fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table borders">
<xsl:call-template name="checkIfLast"/>
@@ -66,7 +68,21 @@
</fo:table-cell>
</fo:table-row>
<xsl:choose>
<xsl:when test="@Ref">
<xsl:when test="@status and @Ref">
<!-- Only generate a table for findings in the section with this status AND this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status][ancestor::*[@id = $Ref]]">
<xsl:call-template name="findingsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@status and not(@Ref)">
<!-- Only generate a table for findings in the section with this status -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status]">
<xsl:call-template name="findingsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@Ref and not(@status)">
<!-- Only generate a table for findings in the section with this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[ancestor::*[@id = $Ref]]">
@@ -118,6 +134,7 @@
<xsl:template match="generate_recommendations">
<xsl:variable name="Ref" select="@Ref"/>
<xsl:variable name="status" select="@status"/>
<fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table borders">
<xsl:call-template name="checkIfLast"/>
@@ -140,7 +157,21 @@
</fo:table-cell>
</fo:table-row>
<xsl:choose>
<xsl:when test="@Ref">
<xsl:when test="@status and @Ref">
<!-- Only generate a table for findings in the section with this status AND this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status][ancestor::*[@id = $Ref]]">
<xsl:call-template name="recommendationsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@status and not(@Ref)">
<!-- Only generate a table for findings in the section with this status -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status]">
<xsl:call-template name="recommendationsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@Ref and not(@status)">
<!-- Only generate a table for findings in the section with this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[ancestor::*[@id = $Ref]]">
@@ -209,19 +240,20 @@
</fo:table-row>
</xsl:for-each>
<xsl:for-each select="/pentest_report/meta/collaborators/pentesters/pentester">
<xsl:if test="not(./name = /pentest_report/meta/collaborators/approver/name)">
<xsl:if
test="not(./name = /pentest_report/meta/collaborators/approver/name)">
<fo:table-row xsl:use-attribute-sets="borders">
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="name"/>
</fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="bio"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="name"/>
</fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="bio"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
</xsl:if>
</xsl:for-each>
</fo:table-body>
@@ -235,11 +267,14 @@
<xsl:with-param name="latestVersionDate" select="$latestVersionDate"/>
</xsl:call-template>
</xsl:template>
<xsl:template name="generateSignatureBox">
<xsl:param name="latestVersionDate"/>
<fo:block keep-together.within-page="always" xsl:use-attribute-sets="signaturebox">
<fo:block xsl:use-attribute-sets="title-client">SIGNED IN DUPLICATE</fo:block>
<fo:block xsl:use-attribute-sets="title-client">
<xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'signed_dupe'"/>
</xsl:call-template></fo:block>
<fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="borders">
<fo:table-column column-width="proportional-column-width(50)"
@@ -261,25 +296,11 @@
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:choose>
<xsl:when test="/offerte">
<xsl:value-of
select="/*/meta/permission_parties/client/city"/>
</xsl:when>
<xsl:when test="/quickscope">
<xsl:value-of select="/*/customer/city"/>
</xsl:when>
</xsl:choose>
</fo:block>
<fo:block><xsl:value-of select="/*/customer/city"/></fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:text>Amsterdam</xsl:text>
<fo:block><xsl:value-of
select="/*/meta/company/city"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
@@ -381,164 +402,5 @@
</xsl:for-each>
</xsl:template>
<!-- PLACEHOLDERS -->
<xsl:template match="client_long">
<xsl:param name="placeholderElement" select="/*/meta//client/full_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_short">
<xsl:param name="placeholderElement" select="/*/meta//client/short_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_street">
<xsl:param name="placeholderElement" select="/*/meta//client/address"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_city">
<xsl:param name="placeholderElement" select="/*/meta//client/city"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_country">
<xsl:param name="placeholderElement" select="/*/meta//client/country"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_legal_rep">
<xsl:param name="placeholderElement" select="/offerte/meta/permission_parties/client/legal_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_waiver_rep">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/waiver_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_poc1">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/poc1"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_coc">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/coc"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_long">
<xsl:param name="placeholderElement" select="/*/meta/company/full_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_short">
<xsl:param name="placeholderElement" select="/*/meta/company/short_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_svc_long">
<xsl:param name="placeholderElement" select="/*/meta/offered_service_long"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_svc_short">
<xsl:param name="placeholderElement" select="/*/meta/offered_service_short"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_legal_rep">
<xsl:param name="placeholderElement" select="/*/meta/company/legal_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_poc1">
<xsl:param name="placeholderElement" select="/*/meta/company/poc1"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="t_app">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/target_application"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="t_app_producer">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/target_application_producer"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_duration">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/duration"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_boxtype">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/type"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_fee">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/fee"/>
<xsl:value-of select="$denomination"/><xsl:text>&#160;</xsl:text>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_testingduration">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/test_planning"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_reportwritingduration">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/report_writing"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_reportdue">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/report_due"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template name="checkPlaceholder">
<xsl:param name="placeholderElement" select="/"/>
<xsl:choose>
<xsl:when test="normalize-space($placeholderElement)"><!-- placeholder exists and contains text -->
<xsl:choose>
<xsl:when test="self::p_fee"><!-- pretty numbering for fee -->
<xsl:variable name="fee" select="$placeholderElement * 1"/>
<xsl:number value="$fee" grouping-separator="," grouping-size="3"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$placeholderElement"/>
</xsl:otherwise>
</xsl:choose>
</xsl:when>
<xsl:otherwise>
<fo:inline xsl:use-attribute-sets="errortext">XXXXXX</fo:inline>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>

6
xml/xslt/block.xslt
View File

@@ -33,6 +33,12 @@
</fo:block>
</xsl:template>
<xsl:template match="li/p">
<fo:block xsl:use-attribute-sets="li">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="p" mode="summarytable">
<xsl:apply-templates mode="summarytable"/>
</xsl:template>

99
xml/xslt/findings.xslt
View File

@@ -1,68 +1,103 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
exclude-result-prefixes="xs" xmlns:fo="http://www.w3.org/1999/XSL/Format"
version="2.0">
xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs"
xmlns:fo="http://www.w3.org/1999/XSL/Format" version="2.0">
<xsl:template match="finding" mode="meta">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability ID: </fo:inline>
<xsl:apply-templates select="." mode="number"/>
</fo:block>
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability type: </fo:inline>
<xsl:value-of select="@type"/>
</fo:block>
<fo:block xsl:use-attribute-sets="finding-meta">
<xsl:attribute name="margin-bottom" select="$large-space"/>
<fo:inline xsl:use-attribute-sets="bold">Threat level: </fo:inline>
<xsl:value-of select="@threatLevel"/>
</fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table" margin-bottom="{$large-space}">
<fo:table-column column-width="proportional-column-width(70)"/>
<fo:table-column column-width="proportional-column-width(30)"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<xsl:if test="not(@status)"><xsl:attribute name="number-columns-spanned">2</xsl:attribute></xsl:if>
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability ID: </fo:inline>
<xsl:apply-templates select="." mode="number"/>
</fo:block>
</fo:table-cell>
<xsl:if test="@status">
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Retest status: </fo:inline>
<xsl:value-of select="@status"/>
</fo:block>
</fo:table-cell>
</xsl:if>
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td" number-columns-spanned="2">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability type: </fo:inline>
<xsl:value-of select="@type"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td" number-columns-spanned="2">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Threat level: </fo:inline>
<xsl:value-of select="@threatLevel"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table>
</xsl:template>
<!-- ignore summary-table-only elements in the findings -->
<xsl:template match="description_summary|recommendation_summary"/>
<xsl:template match="description_summary | recommendation_summary"/>
<xsl:template match="description">
<fo:block xsl:use-attribute-sets="title-4">Description:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="description" mode="summarytable">
<xsl:if test="img|table">
<xsl:message>WARNING: description containing img or table may not look very good in the finding summary table. Consider using a description_summary element instead.</xsl:message>
</xsl:if>
<xsl:apply-templates mode="summarytable"/>
<xsl:if test="img | table">
<xsl:message>WARNING: description containing img or table may not look very good in the
finding summary table. Consider using a description_summary element
instead.</xsl:message>
</xsl:if>
<xsl:apply-templates mode="summarytable"/>
</xsl:template>
<xsl:template match="technicaldescription">
<fo:block xsl:use-attribute-sets="title-4">Technical description:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="impact">
<fo:block xsl:use-attribute-sets="title-4">Impact:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="recommendation">
<fo:block xsl:use-attribute-sets="title-4">Recommendation:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="recommendation" mode="summarytable">
<xsl:if test="img|table">
<xsl:message>WARNING: recommendation containing img or table may not look very good in the finding summary table. Consider using a recommendation_summary element instead.</xsl:message>
<xsl:if test="img | table">
<xsl:message>WARNING: recommendation containing img or table may not look very good in
the finding summary table. Consider using a recommendation_summary element
instead.</xsl:message>
</xsl:if>
<xsl:apply-templates mode="summarytable"/>
</xsl:template>
</xsl:stylesheet>
</xsl:stylesheet>

2
xml/xslt/generate_a4.xsl
View File

@@ -11,7 +11,7 @@
<xsl:import href="att-set.xslt"/>
<xsl:import href="block.xslt"/>
<xsl:import href="findings.xslt"/>
<xsl:import href="auto.xsl"/>
<xsl:import href="auto.xslt"/>
<xsl:import href="table.xslt"/>
<xsl:import href="lists.xslt"/>
<xsl:import href="inline.xslt"/>

189
xml/xslt/generate_contract.xsl Normal file
View File

@@ -0,0 +1,189 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:fo="http://www.w3.org/1999/XSL/Format" exclude-result-prefixes="xs" version="2.0">
<xsl:import href="pages.xslt"/>
<xsl:import href="toc.xslt"/>
<xsl:import href="structure.xslt"/>
<xsl:import href="att-set.xslt"/>
<xsl:import href="block.xslt"/>
<xsl:import href="auto.xslt"/>
<xsl:import href="table.xslt"/>
<xsl:import href="lists.xslt"/>
<xsl:import href="inline.xslt"/>
<xsl:import href="graphics.xslt"/>
<xsl:import href="generic.xslt"/>
<xsl:import href="numbering.xslt"/>
<xsl:import href="localisation.xslt"/>
<xsl:import href="placeholders.xslt"/>
<xsl:import href="snippets.xslt"/>
<xsl:include href="styles_con.xslt"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="no"/>
<!-- ****** AUTO_NUMBERING_FORMAT: value of the <xsl:number> element used for auto numbering -->
<xsl:param name="AUTO_NUMBERING_FORMAT" select="'1.1.1'"/>
<xsl:key name="rosid" match="section | finding | appendix | non-finding" use="@id"/>
<xsl:key name="biblioid" match="biblioentry" use="@id"/>
<xsl:variable name="CLASSES" select="document('../xslt/styles_con.xslt')/*/xsl:attribute-set"/>
<xsl:variable name="lang" select="/*/@xml:lang"/>
<xsl:variable name="localDateFormat" select="$strdoc/date/format[lang($lang)]"/>
<xsl:variable name="fee" select="/contract/meta/contractor/hourly_fee * 1"/>
<xsl:variable name="plannedHours" select="/contract/meta/work/planning/hours * 1"/>
<xsl:variable name="total_fee" select="$fee * $plannedHours"/>
<xsl:variable name="denomination">
<xsl:choose>
<xsl:when test="/contract/meta/contractor/hourly_fee/@denomination = 'eur'"></xsl:when>
<xsl:when test="/contract/meta/contractor/hourly_fee/@denomination = 'gbp'">£</xsl:when>
<xsl:when test="/contract/meta/contractor/hourly_fee/@denomination = 'usd'">$</xsl:when>
</xsl:choose>
</xsl:variable>
<xsl:param name="latestVersionDate"><!-- we're not using versions for contracts, but the contract date will do just fine -->
<xsl:value-of select="format-date(/contract/meta/work/start_date, '[MNn] [D1], [Y]', 'en', (), ())"/>
</xsl:param>
<!-- ROOT -->
<xsl:template match="/">
<fo:root>
<xsl:call-template name="layout-master-set"/>
<xsl:call-template name="Content"/>
</fo:root>
</xsl:template>
<!-- OVERRIDES -->
<!-- NO FRONT PAGE FOR META, JUST A HEADER -->
<xsl:template match="meta"/>
<!-- TITLES (NO NUMBERING) -->
<xsl:template match="title">
<xsl:variable name="LEVEL" select="count(ancestor::*) - 1"/>
<xsl:variable name="CLASS">
<!-- use title-x for all levels -->
<xsl:text>title-</xsl:text>
<xsl:value-of select="$LEVEL"/>
</xsl:variable>
<fo:block>
<xsl:call-template name="use-att-set">
<xsl:with-param name="CLASS" select="$CLASS"/>
</xsl:call-template>
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<!-- TITLES (ALL CAPS) -->
<xsl:template match="title/text()">
<xsl:value-of select="upper-case(.)"/>
</xsl:template>
<xsl:template match="generate_contract_signature_box">
<fo:block keep-together.within-page="always" xsl:use-attribute-sets="signaturebox">
<fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="borders">
<fo:table-column column-width="proportional-column-width(50)"
xsl:use-attribute-sets="borders"/>
<fo:table-column column-width="proportional-column-width(50)"
xsl:use-attribute-sets="borders"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block><xsl:value-of
select="/contract/meta/contractor/city"/>
</fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block><xsl:value-of
select="/*/meta/company/city"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>&#160;</fo:block>
<fo:block>&#160;</fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>&#160;</fo:block>
<fo:block>&#160;</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block><xsl:value-of
select="/*/meta/contractor/name"/></fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block><xsl:value-of select="/*/meta/company/legal_rep"/></fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block xsl:use-attribute-sets="bold"><xsl:value-of select="/*/meta/contractor/ctcompany"/></fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block xsl:use-attribute-sets="bold"><xsl:value-of select="/*/meta/company/full_name"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table>
</fo:block>
</fo:block>
</xsl:template>
<xsl:template name="page_header">
<fo:static-content flow-name="region-before-cover" xsl:use-attribute-sets="HeaderFont">
<fo:block>
<fo:table width="100%" table-layout="fixed">
<fo:table-column column-width="proportional-column-width(40)"/>
<fo:table-column column-width="proportional-column-width(20)"/>
<fo:table-column column-width="proportional-column-width(40)"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell text-align="right" display-align="after" padding-bottom="5mm">
<fo:block xsl:use-attribute-sets="TinyFont">
<fo:block xsl:use-attribute-sets="bold orange-text"><xsl:value-of select="/*/meta/company/full_name"/></fo:block>
<fo:block><xsl:value-of select="/*/meta/company/address"/></fo:block>
<fo:block><xsl:value-of select="/*/meta/company/postal_code"/>&#160;<xsl:value-of select="/*/meta/company/city"/></fo:block>
<fo:block><xsl:value-of select="/*/meta/company/country"/></fo:block>
</fo:block>
</fo:table-cell>
<fo:table-cell text-align="center">
<fo:block><fo:external-graphic xsl:use-attribute-sets="logo"/></fo:block>
</fo:table-cell>
<fo:table-cell display-align="after" padding-bottom="5mm">
<fo:block xsl:use-attribute-sets="TinyFont">
<fo:block xsl:use-attribute-sets="bold orange-text"><xsl:value-of select="/*/meta/company/website"/></fo:block>
<fo:block><xsl:value-of select="/*/meta/company/email"/></fo:block>
<fo:block>Chamber of Commerce <xsl:value-of select="/*/meta/company/coc"/></fo:block>
<fo:block>VAT number <xsl:value-of select="/*/meta/company/vat_no"/></fo:block>
</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table>
</fo:block>
</fo:static-content>
<fo:static-content flow-name="region-before-content" xsl:use-attribute-sets="HeaderFont">
<fo:block xsl:use-attribute-sets="header"/>
</fo:static-content>
</xsl:template>
</xsl:stylesheet>

5
xml/xslt/generate_document.xsl
View File

@@ -11,13 +11,14 @@
<xsl:import href="att-set.xslt"/>
<xsl:import href="block.xslt"/>
<xsl:import href="findings.xslt"/>
<xsl:import href="auto.xsl"/>
<xsl:import href="auto.xslt"/>
<xsl:import href="table.xslt"/>
<xsl:import href="lists.xslt"/>
<xsl:import href="inline.xslt"/>
<xsl:import href="graphics.xslt"/>
<xsl:import href="generic.xslt"/>
<xsl:import href="numbering.xslt"/>
<xsl:import href="localisation.xslt"/>
<xsl:include href="styles_rep.xslt"/>
@@ -28,8 +29,10 @@
<xsl:param name="AUTO_NUMBERING_FORMAT" select="'1.1.1'"/>
<xsl:key name="rosid" match="section|appendix" use="@id"/>
<xsl:key name="biblioid" match="biblioentry" use="@id"/>
<xsl:variable name="CLASSES" select="document('../xslt/styles_doc.xslt')/*/xsl:attribute-set"/>
<xsl:variable name="lang" select="/*/@xml:lang"/>
<xsl:variable name="latestVersionDate">
<xsl:for-each select="/*/meta/version_history/version">

28
xml/xslt/generate_invoice.xsl
View File

@@ -11,7 +11,7 @@
<xsl:import href="att-set.xslt"/>
<xsl:import href="block.xslt"/>
<xsl:import href="findings.xslt"/>
<xsl:import href="auto.xsl"/>
<xsl:import href="auto.xslt"/>
<xsl:import href="table.xslt"/>
<xsl:import href="lists.xslt"/>
<xsl:import href="inline.xslt"/>
@@ -46,21 +46,13 @@
</xsl:choose>
</xsl:param>
<!-- ROOT -->
<xsl:template match="/offerte">
<xsl:template match="/offerte | /invoice">
<!-- Invoice is generated straight from offerte -->
<fo:root>
<xsl:call-template name="layout-master-set-invoice"/>
<xsl:call-template name="layout-master-set"/>
<xsl:call-template name="Content"/>
</fo:root>
</xsl:template>
<xsl:template match="/invoice">
<!-- Invoice is generated from custom invoice xml -->
<fo:root>
<xsl:call-template name="layout-master-set-invoice"/>
<xsl:call-template name="Content"/>
</fo:root>
</xsl:template>
<!-- CONTENT -->
<xsl:template name="invoice_from_offerte">
@@ -251,7 +243,7 @@
<!-- overrules for pages.xslt -->
<xsl:template name="Content">
<fo:page-sequence master-reference="Invoice">
<fo:page-sequence master-reference="Report">
<xsl:call-template name="page_header"/>
<xsl:call-template name="page_footer"/>
<fo:flow flow-name="region-body" xsl:use-attribute-sets="DefaultFont">
@@ -270,7 +262,7 @@
</xsl:template>
<xsl:template name="page_header">
<fo:static-content flow-name="region-before" xsl:use-attribute-sets="HeaderFont">
<fo:static-content flow-name="region-before-cover" xsl:use-attribute-sets="HeaderFont">
<fo:block>
<fo:table width="100%" table-layout="fixed">
<fo:table-column column-width="proportional-column-width(40)"/>
@@ -302,10 +294,18 @@
</fo:table>
</fo:block>
</fo:static-content>
<fo:static-content flow-name="region-before-content" xsl:use-attribute-sets="HeaderFont">
<fo:block xsl:use-attribute-sets="header"/>
</fo:static-content>
</xsl:template>
<xsl:template name="page_footer">
<fo:static-content flow-name="region-after" xsl:use-attribute-sets="FooterFont">
<fo:static-content flow-name="region-after-cover" xsl:use-attribute-sets="FooterFont">
<fo:block xsl:use-attribute-sets="footer">
<fo:inline xsl:use-attribute-sets="TinyFont orange-text">Please keep digital unless absolutely required. Read the (unique) terms and conditions of Radically Open Security at: https://radicallyopensecurity.com/TermsandConditions.pdf</fo:inline>
</fo:block>
</fo:static-content>
<fo:static-content flow-name="region-after-content" xsl:use-attribute-sets="FooterFont">
<fo:block xsl:use-attribute-sets="footer">
<fo:inline xsl:use-attribute-sets="TinyFont orange-text">Please keep digital unless absolutely required. Read the (unique) terms and conditions of Radically Open Security at: https://radicallyopensecurity.com/TermsandConditions.pdf</fo:inline>
</fo:block>

17
xml/xslt/generate_offerte.xsl
View File

@@ -11,13 +11,15 @@
<xsl:import href="att-set.xslt"/>
<xsl:import href="block.xslt"/>
<xsl:import href="findings.xslt"/>
<xsl:import href="auto.xsl"/>
<xsl:import href="auto.xslt"/>
<xsl:import href="table.xslt"/>
<xsl:import href="lists.xslt"/>
<xsl:import href="inline.xslt"/>
<xsl:import href="graphics.xslt"/>
<xsl:import href="generic.xslt"/>
<xsl:import href="numbering.xslt"/>
<xsl:import href="placeholders.xslt"/><!--
<xsl:import href="snippets.xslt"/>-->
<xsl:import href="waiver.xslt"/>
<xsl:include href="localisation.xslt"/>
@@ -31,11 +33,17 @@
<xsl:key name="rosid" match="section|finding|appendix|non-finding" use="@id"/>
<xsl:key name="biblioid" match="biblioentry" use="@id"/>
<!-- not used but needed because of shared code with contract; todo: clean these up -->
<xsl:variable name="fee" select="/contract/meta/contractor/hourly_fee * 1"/>
<xsl:variable name="plannedHours" select="/contract/meta/work/planning/hours * 1"/>
<xsl:variable name="total_fee" select="$fee * $plannedHours"/>
<!-- end -->
<xsl:variable name="CLASSES" select="document('../xslt/styles_off.xslt')/*/xsl:attribute-set"/>
<xsl:variable name="lang" select="/offerte/@xml:lang"/>
<xsl:variable name="lang" select="/*/@xml:lang"/>
<xsl:variable name="localDateFormat" select="$strdoc/date/format[lang($lang)]"/>
<xsl:variable name="latestVersionDate">
@@ -113,11 +121,6 @@
</fo:block>
</xsl:template>
<!-- TITLES (ALL CAPS) -->
<xsl:template match="title/text()">
<xsl:value-of select="upper-case(.)"/>
</xsl:template>
<!-- CONTACT BOX (comes at the end, is just the address, no title/table) -->
<xsl:template match="contact">
<fo:block xsl:use-attribute-sets="Contact">

15
xml/xslt/generate_report.xsl
View File

@@ -11,13 +11,16 @@
<xsl:import href="att-set.xslt"/>
<xsl:import href="block.xslt"/>
<xsl:import href="findings.xslt"/>
<xsl:import href="auto.xsl"/>
<xsl:import href="auto.xslt"/>
<xsl:import href="table.xslt"/>
<xsl:import href="lists.xslt"/>
<xsl:import href="inline.xslt"/>
<xsl:import href="graphics.xslt"/>
<xsl:import href="generic.xslt"/>
<xsl:import href="numbering.xslt"/>
<xsl:import href="localisation.xslt"/>
<xsl:import href="placeholders.xslt"/><!--
<xsl:import href="snippets.xslt"/>-->
<xsl:include href="styles_rep.xslt"/>
@@ -27,7 +30,15 @@
<!-- ****** AUTO_NUMBERING_FORMAT: value of the <xsl:number> element used for auto numbering -->
<xsl:param name="AUTO_NUMBERING_FORMAT" select="'1.1.1'"/>
<xsl:key name="rosid" match="section|finding|appendix|non-finding" use="@id"/>
<xsl:key name="rosid" match="section|finding|appendix|non-finding" use="@id"/><xsl:key name="biblioid" match="biblioentry" use="@id"/>
<!-- not used but needed because of shared code with contract; todo: clean these up -->
<xsl:variable name="fee" select="/contract/meta/contractor/hourly_fee * 1"/>
<xsl:variable name="plannedHours" select="/contract/meta/work/planning/hours * 1"/>
<xsl:variable name="total_fee" select="$fee * $plannedHours"/>
<!-- end -->
<xsl:variable name="lang" select="/*/@xml:lang"/>
<xsl:variable name="CLASSES" select="document('../xslt/styles_rep.xslt')/*/xsl:attribute-set"/>

118
xml/xslt/info2contract.xsl Normal file
View File

@@ -0,0 +1,118 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs" version="2.0">
<xsl:import href="localisation.xslt"/>
<xsl:import href="snippets.xslt"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
<xsl:variable name="lang" select="/contract_info/@xml:lang"/>
<xsl:param name="snippetBase" select="'contract'"/>
<xsl:variable name="snippetSelectionRoot"
select="document('../source/snippets/snippetselection.xml')/snippet_selection/document[@type = $docType]"/>
<xsl:variable name="docType" select="'contract'"/>
<xsl:variable name="docSubType" select="/contract_info/scope/contract_type"/>
<xsl:param name="latestVersionDate"
select="format-date(/contract_info/work/start_date, '[MNn] [D1], [Y]', 'en', (), ())"/>
<!-- we're not using versions for contracts, but the contract date will do just fine -->
<!-- ROOT -->
<xsl:template match="/">
<contract xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../dtd/contract.xsd"
xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink">
<xsl:attribute name="xml:lang" select="$lang"/>
<meta>
<xsl:element name="xi:include">
<xsl:attribute name="href">snippets/company_info.xml</xsl:attribute>
</xsl:element>
<xsl:copy-of select="contract_info/company/following-sibling::node()"/>
</meta>
<section>
<title>
<xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'contract_title'"/>
</xsl:call-template>
</title>
<xsl:for-each
select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'parties']/snippet">
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNameBase" select="."/>
<xsl:with-param name="snippetDirectory" select="$snippetBase"/>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
</xsl:for-each>
<p><xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'contract_whereas'"/>
<xsl:with-param name="caps" select="true()"/>
</xsl:call-template>:</p>
<ol type="A">
<xsl:for-each
select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'whereas']/snippet">
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNameBase" select="."/>
<xsl:with-param name="snippetDirectory" select="$snippetBase"/>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
</xsl:for-each>
</ol>
<xsl:comment>Agreement section</xsl:comment>
<section>
<title>
<xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'contract_agree'"/>
</xsl:call-template>
</title>
<ol type="1">
<xsl:for-each
select="$snippetSelectionRoot/selection[@subtype = $docSubType]/snippet_group[@set = 'agree']/snippet">
<xsl:element name="xi:include">
<xsl:attribute name="href">
<xsl:call-template name="docCheck">
<xsl:with-param name="fileNameBase" select="."/>
<xsl:with-param name="snippetDirectory" select="$snippetBase"/>
</xsl:call-template>
</xsl:attribute>
</xsl:element>
</xsl:for-each>
</ol>
</section>
<section>
<title>
<xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'signed_dupe'"/>
</xsl:call-template>
<xsl:text> </xsl:text>
<xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'waiver_signed_on'"/>
</xsl:call-template>
<xsl:text> </xsl:text>
<xsl:value-of select="$latestVersionDate"/>
<xsl:text> </xsl:text>
<xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'waiver_signed_in'"/>
</xsl:call-template>
</title>
<generate_contract_signature_box/>
</section>
</section>
</contract>
</xsl:template>
</xsl:stylesheet>

320
xml/xslt/inline.xslt
View File

@@ -1,66 +1,69 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
exclude-result-prefixes="xs" xmlns:fo="http://www.w3.org/1999/XSL/Format"
version="2.0">
xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs"
xmlns:fo="http://www.w3.org/1999/XSL/Format" version="2.0">
<xsl:template match="a">
<xsl:variable name="destination">
<xsl:choose>
<xsl:when test="starts-with(@href, '#')">
<xsl:value-of select="substring(@href, 2)"/>
<xsl:value-of select="substring(@href, 2)"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="@href"/>
<xsl:value-of select="@href"/>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:choose>
<xsl:when test="starts-with(@href, '#') and not(//*[@id=$destination])">
<fo:inline xsl:use-attribute-sets="errortext">WARNING: LINK TARGET NOT FOUND IN DOCUMENT</fo:inline>
<xsl:when test="starts-with(@href, '#') and not(//*[@id = $destination])">
<fo:inline xsl:use-attribute-sets="errortext">WARNING: LINK TARGET NOT FOUND IN
DOCUMENT</fo:inline>
</xsl:when>
<xsl:when test="starts-with(@href, '#') and //*[@id=$destination][ancestor-or-self::*[@visibility='hidden']]">
<fo:inline xsl:use-attribute-sets="errortext">WARNING: LINK TARGET IS HIDDEN</fo:inline>
<xsl:when
test="starts-with(@href, '#') and //*[@id = $destination][ancestor-or-self::*[@visibility = 'hidden']]">
<fo:inline xsl:use-attribute-sets="errortext">WARNING: LINK TARGET IS
HIDDEN</fo:inline>
</xsl:when>
<xsl:otherwise>
<fo:basic-link color="blue">
<xsl:choose>
<xsl:when test="starts-with(@href, '#')">
<xsl:attribute name="internal-destination">
<xsl:value-of select="$destination"/>
</xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="external-destination">
<xsl:value-of select="$destination"/>
</xsl:attribute>
</xsl:otherwise>
</xsl:choose>
<xsl:choose>
<xsl:when test="starts-with(@href, '#') and not(text())">
<xsl:for-each select="key('rosid',$destination)">
<xsl:if test="not(local-name() = 'appendix' or local-name() = 'finding')">
<!-- appendix already has 'appendix' as part of its numbering, findings should not be prefixed with the word 'finding' -->
<xsl:value-of select="local-name()"/>
<xsl:text> </xsl:text>
</xsl:if>
<xsl:apply-templates select="." mode="number"/>
</xsl:for-each>
</xsl:when>
<xsl:otherwise>
<xsl:apply-templates select="*|text()"/>
</xsl:otherwise>
</xsl:choose>
</fo:basic-link>
<xsl:if test="starts-with(@href, '#')">
<xsl:text> (page </xsl:text>
<fo:page-number-citation ref-id="{substring(@href, 2)}"/>
<xsl:text>)</xsl:text>
</xsl:if>
<xsl:choose>
<xsl:when test="starts-with(@href, '#')">
<xsl:attribute name="internal-destination">
<xsl:value-of select="$destination"/>
</xsl:attribute>
</xsl:when>
<xsl:otherwise>
<xsl:attribute name="external-destination">
<xsl:value-of select="$destination"/>
</xsl:attribute>
</xsl:otherwise>
</xsl:choose>
<xsl:choose>
<xsl:when test="starts-with(@href, '#') and not(text())">
<xsl:for-each select="key('rosid', $destination)">
<xsl:if
test="not(local-name() = 'appendix' or local-name() = 'finding')">
<!-- appendix already has 'appendix' as part of its numbering, findings should not be prefixed with the word 'finding' -->
<xsl:value-of select="local-name()"/>
<xsl:text> </xsl:text>
</xsl:if>
<xsl:apply-templates select="." mode="number"/>
</xsl:for-each>
</xsl:when>
<xsl:otherwise>
<xsl:apply-templates select="* | text()"/>
</xsl:otherwise>
</xsl:choose>
</fo:basic-link>
<xsl:if test="starts-with(@href, '#')">
<xsl:text> (page </xsl:text>
<fo:page-number-citation ref-id="{substring(@href, 2)}"/>
<xsl:text>)</xsl:text>
</xsl:if>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="a" mode="summarytable">
<xsl:variable name="destination">
<xsl:choose>
@@ -87,7 +90,7 @@
</xsl:choose>
<xsl:choose>
<xsl:when test="starts-with(@href, '#') and not(text())">
<xsl:for-each select="key('rosid',$destination)">
<xsl:for-each select="key('rosid', $destination)">
<xsl:if test="not(local-name() = 'appendix' or local-name() = 'finding')">
<!-- appendix already has 'appendix' as part of its numbering, findings should not be prefixed with the word 'finding' -->
<xsl:value-of select="local-name()"/>
@@ -97,41 +100,236 @@
</xsl:for-each>
</xsl:when>
<xsl:otherwise>
<xsl:apply-templates select="*|text()"/>
<xsl:apply-templates select="* | text()"/>
</xsl:otherwise>
</xsl:choose>
</fo:basic-link>
</xsl:template>
<xsl:template match="b">
<fo:inline xsl:use-attribute-sets="bold"><xsl:apply-templates/></fo:inline>
<fo:inline xsl:use-attribute-sets="bold">
<xsl:apply-templates/>
</fo:inline>
</xsl:template>
<xsl:template match="i">
<fo:inline xsl:use-attribute-sets="italic"><xsl:apply-templates/></fo:inline>
<fo:inline xsl:use-attribute-sets="italic">
<xsl:apply-templates/>
</fo:inline>
</xsl:template>
<xsl:template match="u">
<fo:inline xsl:use-attribute-sets="underline"><xsl:apply-templates/></fo:inline>
<fo:inline xsl:use-attribute-sets="underline">
<xsl:apply-templates/>
</fo:inline>
</xsl:template>
<xsl:template match="monospace">
<xsl:choose>
<xsl:when test="parent::title">
<fo:inline xsl:use-attribute-sets="monospace-title"><xsl:apply-templates/></fo:inline>
<fo:inline xsl:use-attribute-sets="monospace-title">
<xsl:apply-templates/>
</fo:inline>
</xsl:when>
<xsl:otherwise>
<fo:inline xsl:use-attribute-sets="monospace"><xsl:apply-templates/></fo:inline>
<fo:inline xsl:use-attribute-sets="monospace">
<xsl:apply-templates/>
</fo:inline>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="sup">
<fo:inline xsl:use-attribute-sets="sup"><xsl:apply-templates/></fo:inline>
<fo:inline xsl:use-attribute-sets="sup">
<xsl:apply-templates/>
</fo:inline>
</xsl:template>
<xsl:template match="sub">
<fo:inline xsl:use-attribute-sets="sub"><xsl:apply-templates/></fo:inline>
<fo:inline xsl:use-attribute-sets="sub">
<xsl:apply-templates/>
</fo:inline>
</xsl:template>
</xsl:stylesheet>
<xsl:template match="fnref">
<xsl:variable name="fnCount" select="count(preceding::fnref) + 1"/>
<fo:footnote>
<fo:inline xsl:use-attribute-sets="sup">
<xsl:value-of select="$fnCount"/>
<xsl:text>&#160;</xsl:text>
</fo:inline>
<fo:footnote-body xsl:use-attribute-sets="TinyFont">
<fo:block>
<fo:inline xsl:use-attribute-sets="sup">
<xsl:value-of select="$fnCount"/>
</fo:inline>
<xsl:apply-templates/>
</fo:block>
</fo:footnote-body>
</fo:footnote>
</xsl:template>
<xsl:template match="bibref">
<xsl:variable name="bibid" select="./@ref"/>
<xsl:variable name="bibCount" select="count(preceding::biblioentry[@id = $bibid]) + 1"/>
<xsl:choose>
<xsl:when test="starts-with(@href, '#') and not(//*[@id = $bibid])">
<fo:inline xsl:use-attribute-sets="errortext">WARNING: BIBLIOGRAPHY ENTRY NOT FOUND
IN DOCUMENT</fo:inline>
</xsl:when>
<xsl:when
test="starts-with(@href, '#') and //*[@id = $bibid][ancestor-or-self::*[@visibility = 'hidden']]">
<fo:inline xsl:use-attribute-sets="errortext">WARNING: BIBLIOGRAPHY ENTRY IS
HIDDEN</fo:inline>
</xsl:when>
<xsl:otherwise>
<fo:basic-link>
<xsl:attribute name="internal-destination">
<xsl:value-of select="$bibid"/>
</xsl:attribute>
<xsl:text>[</xsl:text>
<xsl:for-each select="key('biblioid', $bibid)">
<xsl:apply-templates select="." mode="number"/>
</xsl:for-each>
<xsl:text>]</xsl:text>
</fo:basic-link>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="author">
<xsl:value-of select="firstname"/>
<xsl:text> </xsl:text>
<xsl:value-of select="surname"/>
<xsl:if test="org">
<xsl:if test="firstname | surname">
<xsl:text> (</xsl:text>
</xsl:if>
<xsl:value-of select="org"/>
<xsl:if test="firstname | surname">
<xsl:text>)</xsl:text>
</xsl:if>
</xsl:if>
<xsl:choose>
<xsl:when test="following-sibling::author">, </xsl:when>
<xsl:otherwise>
<xsl:text>. </xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="biblioentry/title">
<xsl:choose>
<xsl:when test="../@role = 'book'">
<fo:inline xsl:use-attribute-sets="title.book">
<xsl:apply-templates/>
</fo:inline>
</xsl:when>
<xsl:when test="../@role = 'article'">
<fo:inline xsl:use-attribute-sets="title.article">
<xsl:apply-templates/>
</fo:inline>
</xsl:when>
</xsl:choose>
<xsl:choose>
<xsl:when test="following-sibling::info">
<!-- we're getting something more, place a comma -->
<xsl:text>, </xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>. </xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="journal">
<fo:inline xsl:use-attribute-sets="journal">
<xsl:apply-templates/>
</fo:inline>
<xsl:choose>
<xsl:when test="following-sibling::info or following-sibling::pubdate">
<!-- we're getting something more, place a comma -->
<xsl:text>, </xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>. </xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="website">
<fo:inline xsl:use-attribute-sets="website">
<xsl:apply-templates/>
</fo:inline>
<xsl:choose>
<xsl:when test="following-sibling::info or following-sibling::pubdate">
<!-- we're getting something more, place a comma -->
<xsl:text>, </xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>. </xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="info">
<fo:inline xsl:use-attribute-sets="info">
<xsl:apply-templates/>
</fo:inline>
<xsl:choose>
<xsl:when test="../@role = 'article' and following-sibling::pubdate">
<!-- we're getting something more, place a comma -->
<xsl:text>, </xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>. </xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="publisher">
<fo:inline xsl:use-attribute-sets="publisher">
<xsl:apply-templates/>
</fo:inline>
<xsl:choose>
<xsl:when test="following-sibling::pubdate">
<!-- we're getting something more, place a comma -->
<xsl:text>, </xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>. </xsl:text>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="publisher/name">
<xsl:apply-templates/>
<xsl:if test="following-sibling::location">
<!-- we're getting something more, place a comma -->
<xsl:text>, </xsl:text>
</xsl:if>
</xsl:template>
<xsl:template match="publisher/location">
<xsl:apply-templates/>
</xsl:template>
<xsl:template match="pubdate">
<fo:inline xsl:use-attribute-sets="pubdate">
<xsl:apply-templates/>
</fo:inline>
<xsl:text>. </xsl:text>
</xsl:template>
<xsl:template match="link">
<xsl:apply-templates select="a"/>
<xsl:text>. </xsl:text>
<xsl:if test="accessed"><xsl:apply-templates select="accessed"/></xsl:if>
</xsl:template>
<xsl:template match="accessed">
<xsl:text>Accessed: </xsl:text>
<xsl:apply-templates/>
<xsl:text>.</xsl:text>
</xsl:template>
</xsl:stylesheet>

25
xml/xslt/lists.xslt
View File

@@ -130,4 +130,29 @@
</fo:list-item>
</xsl:template>
<xsl:template match="biblioentries"><!-- div doesn't do anything, it's just there to make snippets more flexible -->
<fo:list-block provisional-distance-between-starts="0.75cm"
provisional-label-separation="2.5mm" space-after="12pt">
<xsl:call-template name="checkIfLast"/>
<xsl:apply-templates select="biblioentry"/>
</fo:list-block>
</xsl:template>
<xsl:template match="biblioentry">
<fo:list-item xsl:use-attribute-sets="li">
<xsl:attribute name="id">
<xsl:value-of select="@id"/>
</xsl:attribute>
<fo:list-item-label end-indent="label-end()">
<fo:block><xsl:number value="position()" format="[1] "/></fo:block>
</fo:list-item-label>
<fo:list-item-body start-indent="body-start()">
<fo:block xsl:use-attribute-sets="biblioentry">
<xsl:apply-templates select="*"/>
</fo:block>
</fo:list-item-body>
</fo:list-item>
</xsl:template>
</xsl:stylesheet>

11
xml/xslt/localisation.xslt
View File

@@ -12,7 +12,16 @@
<xsl:template name="getString">
<xsl:param name="stringID" select="'none'"/>
<xsl:copy-of select="$strdoc/string[@id=$stringID]/translation[lang($lang)]/node()"/>
<xsl:param name="caps" select="false()"/>
<xsl:choose>
<xsl:when test="$caps">
<xsl:value-of select="$strdoc/string[@id=$stringID]/translation[lang($lang)]/upper-case(text())"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$strdoc/string[@id=$stringID]/translation[lang($lang)]/text()"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
</xsl:stylesheet>

7
xml/xslt/numbering.xslt
View File

@@ -44,4 +44,11 @@
</xsl:choose>
</xsl:template>
<xsl:template match="biblioentry" mode="number">
<fo:inline>
<xsl:number count="biblioentry"
format="{$AUTO_NUMBERING_FORMAT}"/>
</fo:inline>
</xsl:template>
</xsl:stylesheet>

2
xml/xslt/off2rep.xsl
View File

@@ -10,7 +10,7 @@
<pentest_report xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../dtd/pentestreport.xsd"
xmlns:xi="http://www.w3.org/2001/XInclude" findingCode="???">
xmlns:xi="http://www.w3.org/2001/XInclude" xml:lang="en" findingCode="???">
<meta>
<title>Penetration Test Report</title>
<xsl:element name="xi:include">

46
xml/xslt/pages.xslt
View File

@@ -9,15 +9,15 @@
<fo:layout-master-set>
<!-- first page -->
<fo:simple-page-master master-name="Cover" xsl:use-attribute-sets="PortraitPage">
<fo:region-body region-name="region-body" xsl:use-attribute-sets="region-body"/>
<fo:region-before region-name="region-before" xsl:use-attribute-sets="region-before"/>
<fo:region-after region-name="region-after" xsl:use-attribute-sets="region-after"/>
<fo:region-body region-name="region-body" xsl:use-attribute-sets="region-body-cover"/>
<fo:region-before region-name="region-before-cover" xsl:use-attribute-sets="region-before-cover"/>
<fo:region-after region-name="region-after-cover" xsl:use-attribute-sets="region-after-cover"/>
</fo:simple-page-master>
<!-- all other pages -->
<fo:simple-page-master master-name="Content" xsl:use-attribute-sets="PortraitPage">
<fo:region-body region-name="region-body" xsl:use-attribute-sets="region-body"/>
<fo:region-before region-name="region-before" xsl:use-attribute-sets="region-before"/>
<fo:region-after region-name="region-after" xsl:use-attribute-sets="region-after"/>
<fo:region-body region-name="region-body" xsl:use-attribute-sets="region-body-content"/>
<fo:region-before region-name="region-before-content" xsl:use-attribute-sets="region-before-content"/>
<fo:region-after region-name="region-after-content" xsl:use-attribute-sets="region-after-content"/>
</fo:simple-page-master>
<!-- sequence master -->
<fo:page-sequence-master master-name="Report">
@@ -31,15 +31,15 @@
</fo:layout-master-set>
</xsl:template>
<xsl:template name="layout-master-set-invoice">
<!-- Main Page layout structure -->
<!--<xsl:template name="layout-master-set-invoice">
<!-\- Main Page layout structure -\->
<fo:layout-master-set>
<fo:simple-page-master master-name="Content" xsl:use-attribute-sets="PortraitPage">
<fo:region-body region-name="region-body" xsl:use-attribute-sets="region-body"/>
<fo:region-before region-name="region-before" xsl:use-attribute-sets="region-before"/>
<fo:region-after region-name="region-after" xsl:use-attribute-sets="region-after"/>
<fo:region-body region-name="region-body" xsl:use-attribute-sets="region-body-content"/>
<fo:region-before region-name="region-before-content" xsl:use-attribute-sets="region-before-content"/>
<fo:region-after region-name="region-after-content" xsl:use-attribute-sets="region-after-content"/>
</fo:simple-page-master>
<!-- sequence master -->
<!-\- sequence master -\->
<fo:page-sequence-master master-name="Invoice">
<fo:repeatable-page-master-alternatives>
<fo:conditional-page-master-reference master-reference="Content"
@@ -47,10 +47,15 @@
</fo:repeatable-page-master-alternatives>
</fo:page-sequence-master>
</fo:layout-master-set>
</xsl:template>
</xsl:template>-->
<xsl:template name="page_header">
<fo:static-content flow-name="region-before" xsl:use-attribute-sets="HeaderFont">
<fo:static-content flow-name="region-before-cover" xsl:use-attribute-sets="HeaderFont">
<fo:block xsl:use-attribute-sets="header">
<xsl:value-of select="/pentest_report/meta/classification"/>
</fo:block>
</fo:static-content>
<fo:static-content flow-name="region-before-content" xsl:use-attribute-sets="HeaderFont">
<fo:block xsl:use-attribute-sets="header">
<xsl:value-of select="/pentest_report/meta/classification"/>
</fo:block>
@@ -58,7 +63,16 @@
</xsl:template>
<xsl:template name="page_footer">
<fo:static-content flow-name="region-after" xsl:use-attribute-sets="FooterFont">
<fo:static-content flow-name="region-after-cover" xsl:use-attribute-sets="FooterFont">
<fo:block xsl:use-attribute-sets="footer">
<fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/>
<fo:leader leader-pattern="space"/>
<fo:inline xsl:use-attribute-sets="TinyFont"><xsl:value-of
select="*/meta/company/full_name"/> - Chamber of Commerce
<xsl:value-of select="*/meta/company/coc"/></fo:inline>
</fo:block>
</fo:static-content>
<fo:static-content flow-name="region-after-content" xsl:use-attribute-sets="FooterFont">
<fo:block xsl:use-attribute-sets="footer">
<fo:page-number/>/<fo:page-number-citation ref-id="EndOfDoc"/>
<fo:leader leader-pattern="space"/>
@@ -75,7 +89,7 @@
<xsl:call-template name="page_footer"/>
<fo:flow flow-name="region-body" xsl:use-attribute-sets="DefaultFont">
<fo:block>
<xsl:apply-templates select="pentest_report|offerte|quickscope|generic_document"/>
<xsl:apply-templates select="pentest_report|offerte|quickscope|generic_document|contract"/>
</fo:block>
<fo:block id="EndOfDoc"/>
</fo:flow>

502
xml/xslt/placeholders.xslt Normal file
View File

@@ -0,0 +1,502 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:fo="http://www.w3.org/1999/XSL/Format" xmlns:my="http://radical.sexy"
exclude-result-prefixes="xs"
version="2.0">
<!-- PLACEHOLDERS -->
<xsl:template match="client_long">
<xsl:param name="placeholderElement" select="/*/meta//client/full_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_short">
<xsl:param name="placeholderElement" select="/*/meta//client/short_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_street">
<xsl:param name="placeholderElement" select="/*/meta//client/address"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_city">
<xsl:param name="placeholderElement" select="/*/meta//client/city"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_country">
<xsl:param name="placeholderElement" select="/*/meta//client/country"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_legal_rep">
<xsl:param name="placeholderElement"
select="/offerte/meta/permission_parties/client/legal_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_waiver_rep">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/waiver_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_poc1">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/poc1"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="client_coc">
<xsl:param name="placeholderElement" select="/*/meta/permission_parties/client/coc"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_long">
<xsl:param name="placeholderElement" select="/*/meta/company/full_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_short">
<xsl:param name="placeholderElement" select="/*/meta/company/short_name"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_address">
<xsl:param name="placeholderElement" select="/*/meta/company/address"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_city">
<xsl:param name="placeholderElement" select="/*/meta/company/city"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_postalcode">
<xsl:param name="placeholderElement" select="/*/meta/company/postal_code"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_country">
<xsl:param name="placeholderElement" select="/*/meta/company/country"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_svc_long">
<xsl:param name="placeholderElement"
select="/offerte/meta/offered_service_long | /pentest_report/meta/offered_service_long"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_svc_short">
<xsl:param name="placeholderElement"
select="/offerte/meta/offered_service_short | /pentest_report/meta/offered_service_short"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_legal_rep">
<xsl:param name="placeholderElement" select="/*/meta/company/legal_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_poc1">
<xsl:param name="placeholderElement" select="/*/meta/company/poc1"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="company_email">
<xsl:param name="placeholderElement" select="/*/meta/company/email"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="t_app">
<xsl:param name="placeholderElement"
select="/offerte/meta/pentestinfo/target_application | /pentest_report/meta/pentestinfo/target_application"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="t_app_producer">
<xsl:param name="placeholderElement"
select="/offerte/meta/pentestinfo/target_application_producer | /pentest_report/meta/pentestinfo/target_application_producer"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_duration">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/duration"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_boxtype">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/type"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_fee">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/fee"/>
<xsl:value-of select="$denomination"/>
<xsl:text>&#160;</xsl:text>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_testingduration">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/test_planning"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="p_reportdue">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/report_due"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="engagement_description">
<xsl:param name="placeholderElement" select="/contract/meta/scope/engagement_description"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="secondpartyrole">
<xsl:param name="placeholderElement" select="/contract/meta/scope/secondpartyrole"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contract_start_date">
<xsl:param name="placeholderElement" select="/contract/meta/work/start_date"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contract_end_date">
<xsl:param name="placeholderElement" select="/contract/meta/work/end_date"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contract_period">
<xsl:variable name="startDate" select="xs:date(/contract/meta/work/start_date)"/>
<xsl:variable name="endDate" select="xs:date(/contract/meta/work/end_date)"/>
<!--<xsl:variable name="startDay" as="xs:integer" select="day-from-date($startDate)"/>
<xsl:variable name="endDay" as="xs:integer" select="day-from-date($endDate)"/>-->
<xsl:value-of select="my:calculatePeriod($endDate, $startDate)"/>
</xsl:template>
<xsl:template match="contract_total_fee">
<xsl:value-of select="$denomination"/>
<xsl:text>&#160;</xsl:text>
<xsl:value-of select="$total_fee"/>
<!-- no need to check for existence as it's a calculation of two checked values below -->
</xsl:template>
<xsl:template match="contract_planned_hours">
<xsl:param name="placeholderElement" select="/contract/meta/work/planning/hours"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contract_period_unit">
<xsl:param name="placeholderElement" select="/contract/meta/work/planning/per"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contract_activities">
<xsl:choose>
<xsl:when test="/contract/meta/work/activities/activity">
<xsl:call-template name="generate_activities_xslt"/>
</xsl:when>
<xsl:otherwise>
<fo:inline xsl:use-attribute-sets="errortext">XXXXXX</fo:inline>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="contractor_name">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/name"/>
<xsl:param name="placeholderElement2" select="/contract/meta/contractor/ctcompany"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
<xsl:if test="/contract/meta/contractor/ctcompany">
<xsl:text> (</xsl:text>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement2"/>
</xsl:call-template>
<xsl:text>)</xsl:text>
</xsl:if>
</xsl:template>
<xsl:template match="contractor_address">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/address"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contractor_city">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/city"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contractor_postalcode">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/postal_code"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contractor_country">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/country"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contractor_hourly_fee">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/hourly_fee"/>
<xsl:value-of select="$denomination"/>
<xsl:text>&#160;</xsl:text>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contractor_email">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/email"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contractor_possessive_pronoun">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/@sex"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="contractor_personal_pronoun">
<xsl:param name="placeholderElement" select="/contract/meta/contractor/@sex"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template name="checkPlaceholder">
<xsl:param name="placeholderElement" select="/"/>
<xsl:choose>
<xsl:when test="normalize-space($placeholderElement)">
<!-- placeholder exists and contains text -->
<xsl:choose>
<xsl:when test="self::p_fee or self::contractor_hourly_fee">
<!-- pretty numbering for fee -->
<xsl:variable name="fee" select="$placeholderElement * 1"/>
<xsl:number value="$fee" grouping-separator="," grouping-size="3"/>
</xsl:when>
<xsl:when test="self::contract_end_date">
<!-- pretty printing for date -->
<xsl:value-of
select="format-date(/contract/meta/work/end_date, '[MNn] [D1], [Y]', 'en', (), ())"
/>
</xsl:when>
<xsl:when test="self::contract_start_date">
<!-- pretty printing for date -->
<xsl:value-of
select="format-date(/contract/meta/work/start_date, '[MNn] [D1], [Y]', 'en', (), ())"
/>
</xsl:when>
<xsl:when
test="self::contract_period_unit and /contract/meta/scope/contract_type = 'single_engagement'">
<!-- only use value for fixed term contracts; use 'engagement' for single engagement contract -->
<xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'contract_engagement'"/>
</xsl:call-template>
</xsl:when>
<xsl:when test="self::contractor_possessive_pronoun">
<!-- some sexy logic -->
<xsl:choose>
<xsl:when test="//contractor/@sex = 'M'"><xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'possessive_m'"/>
</xsl:call-template></xsl:when>
<xsl:when test="//contractor/@sex = 'F'"><xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'possessive_f'"/>
</xsl:call-template></xsl:when>
<xsl:when test="//contractor/@sex = 'O'"><xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'possessive_o'"/>
</xsl:call-template></xsl:when>
</xsl:choose>
</xsl:when>
<xsl:when test="self::contractor_personal_pronoun">
<!-- some sexy logic -->
<xsl:choose>
<xsl:when test="//contractor/@sex = 'M'"><xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'personal_m'"/>
</xsl:call-template></xsl:when>
<xsl:when test="//contractor/@sex = 'F'"><xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'personal_f'"/>
</xsl:call-template></xsl:when>
<xsl:when test="//contractor/@sex = 'O'"><xsl:call-template name="getString">
<xsl:with-param name="stringID" select="'personal_o'"/>
</xsl:call-template></xsl:when>
</xsl:choose>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$placeholderElement"/>
</xsl:otherwise>
</xsl:choose>
</xsl:when>
<xsl:otherwise>
<fo:inline xsl:use-attribute-sets="errortext">XXXXXX</fo:inline>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template name="generate_activities_xslt">
<fo:list-block xsl:use-attribute-sets="list">
<xsl:for-each select="/contract/meta/work/activities/activity">
<fo:list-item>
<!-- insert a bullet -->
<fo:list-item-label end-indent="label-end()">
<fo:block>
<fo:inline>&#8226;</fo:inline>
</fo:block>
</fo:list-item-label>
<!-- list text -->
<fo:list-item-body start-indent="body-start()">
<fo:block>
<xsl:value-of select="."/>
</fo:block>
</fo:list-item-body>
</fo:list-item>
</xsl:for-each>
</fo:list-block>
</xsl:template>
<xsl:function name="my:calculatePeriod">
<xsl:param name="enddate"/>
<xsl:param name="startdate"/>
<xsl:variable name="startYear" as="xs:integer" select="year-from-date($startdate)"/>
<xsl:variable name="startMonth" as="xs:integer" select="month-from-date($startdate)"/>
<xsl:variable name="startDay" as="xs:integer" select="day-from-date($startdate)"/>
<xsl:variable name="endYear" as="xs:integer" select="year-from-date($enddate)"/>
<xsl:variable name="endMonth" as="xs:integer" select="month-from-date($enddate)"/>
<xsl:variable name="endDay" as="xs:integer" select="day-from-date($enddate)"/>
<xsl:variable name="startMonthNumberOfDays">
<xsl:choose>
<xsl:when test="xs:string($startMonth) = '1'">31</xsl:when>
<xsl:when test="xs:string($startMonth) = '2'">
<!-- I hate february -->
<xsl:choose>
<xsl:when test="$startYear mod 4 != 0">28</xsl:when>
<xsl:when test="$startYear mod 100 != 0">29</xsl:when>
<xsl:when test="$startYear mod 400 != 0">28</xsl:when>
<xsl:otherwise>29</xsl:otherwise>
</xsl:choose>
</xsl:when>
<xsl:when test="xs:string($startMonth) = '3'">31</xsl:when>
<xsl:when test="xs:string($startMonth) = '4'">30</xsl:when>
<xsl:when test="xs:string($startMonth) = '5'">31</xsl:when>
<xsl:when test="xs:string($startMonth) = '6'">30</xsl:when>
<xsl:when test="xs:string($startMonth) = '7'">31</xsl:when>
<xsl:when test="xs:string($startMonth) = '8'">31</xsl:when>
<xsl:when test="xs:string($startMonth) = '9'">30</xsl:when>
<xsl:when test="xs:string($startMonth) = '10'">31</xsl:when>
<xsl:when test="xs:string($startMonth) = '11'">30</xsl:when>
<xsl:when test="xs:string($startMonth) = '12'">31</xsl:when>
</xsl:choose>
</xsl:variable>
<xsl:variable name="numYears">
<xsl:choose>
<xsl:when test="$endMonth > $startMonth">
<xsl:sequence select="$endYear - $startYear"/>
</xsl:when>
<xsl:when test="$endMonth &lt; $startMonth">
<xsl:sequence select="$endYear - $startYear - 1"/>
</xsl:when>
<xsl:otherwise>
<xsl:choose>
<xsl:when test="$endDay >= $startDay">
<xsl:sequence select="$endYear - $startYear"/>
</xsl:when>
<xsl:otherwise>
<!-- $endDay &lt; $startDay -->
<xsl:sequence select="$endYear - $startYear - 1"/>
</xsl:otherwise>
</xsl:choose>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:variable name="numMonths">
<xsl:choose>
<xsl:when test="$endDay &lt; $startDay">
<xsl:sequence select="$endMonth - $startMonth - 1"/>
</xsl:when>
<xsl:otherwise>
<!-- $endDay >= $startDay -->
<xsl:sequence select="$endMonth - $startMonth"/>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:variable name="numDays">
<!--<xsl:choose>
<xsl:when test="$numMonths &lt; 1 and $numYears &lt; 1">
<!-\- only displaying days if contract is for less than a month -\->
<xsl:sequence select="($enddate - $startdate) div xs:dayTimeDuration('P1D')"/>
</xsl:when>
<xsl:otherwise>
<!-\- if contract is longer than a month, don't count days -\->
<xsl:sequence select="0"/>
</xsl:otherwise>
</xsl:choose>-->
<xsl:choose>
<xsl:when test="$endDay - $startDay &lt; 0"><xsl:value-of select="$startMonthNumberOfDays - $startDay + $endDay"/></xsl:when>
<xsl:otherwise><xsl:value-of select="$endDay - $startDay"/></xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:if test="$numYears > 0">
<xsl:sequence select="$numYears"/>
<xsl:text>year</xsl:text>
<xsl:if test="$numYears > 1">
<xsl:text>s</xsl:text>
</xsl:if>
<xsl:choose><xsl:when test="($numMonths > 0 and $numDays = 0) or ($numMonths = 0 and $numDays > 0)">
<xsl:text> and</xsl:text>
</xsl:when>
<xsl:when test="$numMonths > 0 and $numDays > 0">
<xsl:text>,</xsl:text>
</xsl:when></xsl:choose>
</xsl:if>
<xsl:if test="$numMonths > 0">
<xsl:sequence select="$numMonths"/>
<xsl:text>month</xsl:text>
<xsl:if test="$numMonths > 1">
<xsl:text>s</xsl:text>
</xsl:if>
<xsl:if test="$numDays > 0">
<xsl:text> and</xsl:text>
</xsl:if>
</xsl:if>
<xsl:if test="$numDays > 0">
<xsl:sequence select="$numDays"/>
<xsl:text>day</xsl:text>
<xsl:if test="$numDays > 1">
<xsl:text>s</xsl:text>
</xsl:if>
</xsl:if>
</xsl:function>
</xsl:stylesheet>

16
xml/xslt/qs2offerte.xsl
View File

@@ -61,22 +61,6 @@
</xsl:for-each>
</targets>
<permission_parties>
<!--<client><xsl:comment>mandatory; please add client information</xsl:comment>
<full_name><xsl:value-of select="/*/customer/full_name"/></full_name><xsl:comment>long client name, e.g. Sitting Duck B.V.</xsl:comment>
<short_name><xsl:value-of select="/*/customer/short_name"/></short_name>
<xsl:comment>short client name, e.g. Sitting Duck; if no short name: same as long name</xsl:comment>
<legal_rep><xsl:value-of select="/*/customer/legal_rep"/></legal_rep><xsl:comment>customer legal representative (to sign offer)</xsl:comment>
<waiver_rep><xsl:value-of select="/*/customer/waiver_rep"/></waiver_rep><xsl:comment>customer legal representative (to sign waiver; can be same person as legal_rep)</xsl:comment>
<poc1><xsl:value-of select="/*/customer/poc1"/></poc1><xsl:comment>first point of contact for customer (during pentest); can be same person as above</xsl:comment>
<address><xsl:value-of select="/*/customer/address"/></address>
<city><xsl:value-of select="/*/customer/city"/></city>
<country><xsl:value-of select="/*/customer/country"/></country>
<coc>
<xsl:attribute name="nationality"><xsl:value-of
select="/*/customer/coc_nat"/></xsl:attribute>
<xsl:value-of select="/*/customer/coc_no"/>
</coc><xsl:comment>chamber of commerce number; if no chamber of commerce number, please delete the whole element</xsl:comment>
</client>-->
<xsl:element name="xi:include">
<xsl:attribute name="href">client_info.xml</xsl:attribute>
</xsl:element>

16
xml/xslt/snippets.xslt Normal file
View File

@@ -0,0 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
exclude-result-prefixes="xs"
version="2.0">
<!-- imported from info2contract.xsl and qs2offerte.xsl to select the proper xml snippets -->
<xsl:template name="docCheck">
<xsl:param name="snippetDirectory"/>
<xsl:param name="fileNameBase" select="'none'"/>
<xsl:variable name="file"
select="concat('snippets/', $snippetDirectory, '/', $lang, '/', $fileNameBase, '.xml')"/>
<xsl:value-of select="$file"/>
</xsl:template>
</xsl:stylesheet>

2
xml/xslt/structure.xslt
View File

@@ -15,7 +15,7 @@
</xsl:if>
</xsl:template>
<xsl:template match="title">
<xsl:template match="title[not(parent::biblioentry)]">
<xsl:variable name="LEVEL" select="count(ancestor::*) - 1"/>
<xsl:variable name="CLASS">
<!-- use title-x for all levels -->

42
xml/xslt/styles.xslt
View File

@@ -124,11 +124,25 @@
<xsl:attribute name="font-size">60%</xsl:attribute>
<xsl:attribute name="vertical-align">sub</xsl:attribute>
</xsl:attribute-set>
<!-- bibliography -->
<xsl:attribute-set name="title.book" use-attribute-sets="italic"/>
<xsl:attribute-set name="title.article"/>
<xsl:attribute-set name="journal" use-attribute-sets="italic"/>
<xsl:attribute-set name="website"/>
<xsl:attribute-set name="info"/>
<xsl:attribute-set name="publisher"/>
<xsl:attribute-set name="pubdate"/>
<!-- blocks -->
<xsl:attribute-set name="p">
<xsl:attribute name="margin-bottom">
<xsl:value-of select="$small-space"/>
</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="biblioentry">
<xsl:attribute name="margin-bottom">
<xsl:value-of select="$small-space"/>
</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="list" use-attribute-sets="p"/>
<xsl:attribute-set name="last">
<xsl:attribute name="margin-bottom">
@@ -162,15 +176,28 @@
<xsl:attribute name="page-height">29.7cm</xsl:attribute>
<xsl:attribute name="page-width">21.0cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-body">
<xsl:attribute-set name="region-body-cover">
<xsl:attribute name="margin-top">1cm</xsl:attribute>
<xsl:attribute name="margin-bottom">1cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-before">
<xsl:attribute-set name="region-before-cover">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">0.6cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-after">
<xsl:attribute-set name="region-after-cover">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">0.6cm</xsl:attribute>
<xsl:attribute name="padding">0</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-body-content">
<xsl:attribute name="margin-top">1cm</xsl:attribute>
<xsl:attribute name="margin-bottom">1cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-before-content">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">0.6cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-after-content">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">0.6cm</xsl:attribute>
<xsl:attribute name="padding">0</xsl:attribute>
@@ -193,15 +220,6 @@
<xsl:attribute name="text-align">center</xsl:attribute>
<xsl:attribute name="margin-bottom" select="$small-space"/>
</xsl:attribute-set>
<xsl:attribute-set name="logo">
<xsl:attribute name="padding-top">2cm</xsl:attribute>
<xsl:attribute name="padding-bottom">3cm</xsl:attribute>
<xsl:attribute name="src">url(../graphics/logo.png)</xsl:attribute>
<xsl:attribute name="width">70mm</xsl:attribute>
<xsl:attribute name="content-width">scale-to-fit</xsl:attribute>
<xsl:attribute name="content-height">scale-to-fit</xsl:attribute>
<xsl:attribute name="scaling">uniform</xsl:attribute>
</xsl:attribute-set>
<!-- tables -->
<xsl:attribute-set name="borders">

195
xml/xslt/styles_con.xslt Normal file
View File

@@ -0,0 +1,195 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
exclude-result-prefixes="xs" xmlns:fo="http://www.w3.org/1999/XSL/Format"
version="2.0">
<xsl:import href="styles.xslt"/>
<!-- variables -->
<xsl:variable name="medium-space">10pt</xsl:variable>
<!-- Text -->
<xsl:attribute-set name="title" use-attribute-sets="bold">
<xsl:attribute name="keep-with-next.within-page">always</xsl:attribute>
<xsl:attribute name="text-align">center</xsl:attribute>
<xsl:attribute name="color">white</xsl:attribute>
<xsl:attribute name="font-weight">bold</xsl:attribute>
<xsl:attribute name="text-transform">uppercase</xsl:attribute>
<!-- letter spacing is dodgy in fop when there are certain characters in the string (e.g. a 'V'); commenting this out until that is fixed -->
<!-- it's also dodgy in combination with centered text, btw -->
<!--<xsl:attribute name="letter-spacing.precedence">0</xsl:attribute>
<xsl:attribute name="letter-spacing.optimum">3mm</xsl:attribute>
<xsl:attribute name="letter-spacing.minimum">3mm</xsl:attribute>
<xsl:attribute name="letter-spacing.maximum">3mm</xsl:attribute>-->
</xsl:attribute-set>
<xsl:attribute-set name="title-0" use-attribute-sets="title">
<xsl:attribute name="font-size">18pt</xsl:attribute>
<xsl:attribute name="margin-bottom">1cm</xsl:attribute>
<xsl:attribute name="background-color">#FF5C00</xsl:attribute>
<xsl:attribute name="text-transform">uppercase</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="title-1" use-attribute-sets="title">
<xsl:attribute name="font-size">18pt</xsl:attribute>
<xsl:attribute name="margin-bottom">1cm</xsl:attribute>
<xsl:attribute name="background-color">#FF5C00</xsl:attribute>
<xsl:attribute name="text-transform">uppercase</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="title-2" use-attribute-sets="title">
<xsl:attribute name="font-style">italic</xsl:attribute>
<xsl:attribute name="font-size">14pt</xsl:attribute>
<xsl:attribute name="margin-bottom">0.8cm</xsl:attribute>
<xsl:attribute name="background-color">#999999</xsl:attribute>
<xsl:attribute name="text-transform">uppercase</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="title-3" use-attribute-sets="title">
<xsl:attribute name="font-size">14pt</xsl:attribute>
<xsl:attribute name="margin-bottom">0.8cm</xsl:attribute>
<xsl:attribute name="background-color">#999999</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="title-4" use-attribute-sets="title">
<xsl:attribute name="margin-bottom">5pt</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="title-client" use-attribute-sets="title-0">
<xsl:attribute name="background-color">#999999</xsl:attribute>
<xsl:attribute name="text-transform">uppercase</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="for">
<xsl:attribute name="font-size">16pt</xsl:attribute>
<xsl:attribute name="text-align">center</xsl:attribute>
<xsl:attribute name="font-weight">bold</xsl:attribute>
<xsl:attribute name="margin-bottom">1cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="p">
<xsl:attribute name="margin-bottom">
<xsl:value-of select="$medium-space"/>
</xsl:attribute>
<xsl:attribute name="line-height">18pt</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="list" use-attribute-sets="p"/>
<xsl:attribute-set name="last">
<xsl:attribute name="margin-bottom">
<xsl:value-of select="$very-large-space"/>
</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="pre" use-attribute-sets="borders TableFont">
<xsl:attribute name="border-style">double</xsl:attribute>
<xsl:attribute name="border-width">2pt</xsl:attribute>
<xsl:attribute name="margin-bottom">
<xsl:value-of select="$medium-space"/>
</xsl:attribute>
<xsl:attribute name="white-space-collapse">false</xsl:attribute>
<xsl:attribute name="linefeed-treatment">preserve</xsl:attribute>
<xsl:attribute name="white-space-treatment">preserve</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="code" use-attribute-sets="borders pre">
<xsl:attribute name="font-family">LiberationMono</xsl:attribute>
<xsl:attribute name="font-size">9pt</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="finding-meta">
<xsl:attribute name="margin-bottom" select="$small-space"/>
</xsl:attribute-set>
<!-- Pages -->
<xsl:attribute-set name="PortraitPage">
<xsl:attribute name="margin-top">0.5cm</xsl:attribute>
<xsl:attribute name="margin-bottom">1.5cm</xsl:attribute>
<xsl:attribute name="margin-left">1.5cm</xsl:attribute>
<xsl:attribute name="margin-right">1.5cm</xsl:attribute>
<xsl:attribute name="page-height">29.7cm</xsl:attribute>
<xsl:attribute name="page-width">21.0cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-body-cover">
<xsl:attribute name="margin-top">3.6cm</xsl:attribute>
<xsl:attribute name="margin-bottom">1cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-before-cover">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">2.7cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-after-cover">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">0.6cm</xsl:attribute>
<xsl:attribute name="padding">0</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-body-content">
<xsl:attribute name="margin-top">2cm</xsl:attribute>
<xsl:attribute name="margin-bottom">1cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-before-content">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">0.6cm</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="region-after-content">
<xsl:attribute name="precedence">true</xsl:attribute>
<xsl:attribute name="extent">0.6cm</xsl:attribute>
<xsl:attribute name="padding">0</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="header">
<xsl:attribute name="text-align">right</xsl:attribute>
<xsl:attribute name="font-weight">normal</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="footer">
<xsl:attribute name="text-align">center</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="logo">
<xsl:attribute name="padding-top">0cm</xsl:attribute>
<xsl:attribute name="padding-bottom">0cm</xsl:attribute>
<xsl:attribute name="src">url(../graphics/logo_alt.png)</xsl:attribute>
<xsl:attribute name="width">30mm</xsl:attribute>
<xsl:attribute name="content-width">scale-to-fit</xsl:attribute>
<xsl:attribute name="content-height">scale-to-fit</xsl:attribute>
<xsl:attribute name="scaling">uniform</xsl:attribute>
</xsl:attribute-set>
<!-- colors -->
<xsl:attribute-set name="bg-orange">
<xsl:attribute name="background-color">#FF5C00</xsl:attribute>
</xsl:attribute-set>
<!-- graphics -->
<xsl:attribute-set name="graphics-block">
<xsl:attribute name="text-align">center</xsl:attribute>
<xsl:attribute name="margin-bottom" select="$small-space"/>
</xsl:attribute-set>
<!-- tables -->
<xsl:attribute-set name="borders">
<xsl:attribute name="border-width">
<xsl:value-of select="$border-width"/>
</xsl:attribute>
<xsl:attribute name="border-style">
<xsl:value-of select="$border-style"/>
</xsl:attribute>
<xsl:attribute name="border-color">
<xsl:value-of select="$border-color"/>
</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="th" use-attribute-sets="td bg-orange"/>
<xsl:attribute-set name="td">
<xsl:attribute name="padding">2pt</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="table">
<xsl:attribute name="margin-bottom" select="$small-space"/>
</xsl:attribute-set>
<!-- lists -->
<xsl:attribute-set name="li">
<xsl:attribute name="margin-bottom" select="$small-space"/>
</xsl:attribute-set>
<!-- ToC -->
<xsl:attribute-set name="index" use-attribute-sets="break-after"/>
<!-- Breaks -->
<xsl:attribute-set name="break-before">
<xsl:attribute name="break-before">page</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="break-after">
<xsl:attribute name="break-after">page</xsl:attribute>
</xsl:attribute-set>
</xsl:stylesheet>

Some files were not shown because too many files have changed in this diff Show More