DeforaNetworks/pentext
DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity

retest status implemented

Browse Source
This commit is contained in:
skyanth 2016-07-30 14:37:58 +02:00
parent 30c1ad0f7a
commit eb62c0376b
4 changed files with 174 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
xml/RELEASE_NOTES.md
View File

@ -1,6 +1,22 @@
RELEASE NOTES
=============
July 30, 2016
-------------
### Finding status
New feature for retests: finding status to indicate if, in context of a follow-up pentest, a finding is new, resolved, still unresolved or not retested.
The `<finding>` element now has an optional `@status` attribute. Possible values are:
- `new` (default)
- `unresolved`
- `resolved`
- `not_retested`
The `<generate_findings/>` element now likewise has this optional `@status` attribute with the same possible values. You can add it to generate a finding summary table containing only the findings with a specific status.
June 15, 2016
-------------

30
xml/dtd/pentestreport.xsd
View File

@ -186,11 +186,31 @@
<xs:element name="generate_recommendations">
<xs:complexType>
<xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
<xs:attribute name="status" use="optional">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="new"/>
<xs:enumeration value="resolved"/>
<xs:enumeration value="unresolved"/>
<xs:enumeration value="not_retested"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="generate_findings">
<xs:complexType>
<xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
<xs:attribute name="status" use="optional">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="new"/>
<xs:enumeration value="resolved"/>
<xs:enumeration value="unresolved"/>
<xs:enumeration value="not_retested"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
</xs:complexType>
</xs:element>
<xs:element name="finding">
@ -225,6 +245,16 @@
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="status" use="optional">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="new"/>
<xs:enumeration value="resolved"/>
<xs:enumeration value="unresolved"/>
<xs:enumeration value="not_retested"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="type" use="required"/>
<xs:attribute name="break" use="optional">
<xs:simpleType>

85
xml/xslt/auto.xsl
View File

@ -2,7 +2,7 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs"
xmlns:fo="http://www.w3.org/1999/XSL/Format" version="2.0">
<xsl:variable name="denomination">
<xsl:choose>
<xsl:when test="/offerte/meta/pentestinfo/fee/@denomination = 'euro'"></xsl:when>
@ -16,9 +16,10 @@
<xsl:template name="generate_targets_xslt">
<xsl:param name="Ref" select="@Ref"/>
<fo:list-block xsl:use-attribute-sets="list" provisional-distance-between-starts="0.75cm"
<fo:list-block xsl:use-attribute-sets="list" provisional-distance-between-starts="0.75cm"
provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm">
<xsl:for-each select="/*/meta/targets/target[@Ref=$Ref] | /*/meta/targets/target[not(@Ref)]">
<xsl:for-each
select="/*/meta/targets/target[@Ref = $Ref] | /*/meta/targets/target[not(@Ref)]">
<fo:list-item>
<!-- insert a bullet -->
<fo:list-item-label end-indent="label-end()">
@ -39,6 +40,7 @@
<xsl:template match="generate_findings">
<xsl:variable name="Ref" select="@Ref"/>
<xsl:variable name="status" select="@status"/>
<fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table borders">
<xsl:call-template name="checkIfLast"/>
@ -66,7 +68,21 @@
</fo:table-cell>
</fo:table-row>
<xsl:choose>
<xsl:when test="@Ref">
<xsl:when test="@status and @Ref">
<!-- Only generate a table for findings in the section with this status AND this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status][ancestor::*[@id = $Ref]]">
<xsl:call-template name="findingsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@status and not(@Ref)">
<!-- Only generate a table for findings in the section with this status -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status]">
<xsl:call-template name="findingsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@Ref and not(@status)">
<!-- Only generate a table for findings in the section with this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[ancestor::*[@id = $Ref]]">
@ -118,6 +134,7 @@
<xsl:template match="generate_recommendations">
<xsl:variable name="Ref" select="@Ref"/>
<xsl:variable name="status" select="@status"/>
<fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table borders">
<xsl:call-template name="checkIfLast"/>
@ -140,7 +157,21 @@
</fo:table-cell>
</fo:table-row>
<xsl:choose>
<xsl:when test="@Ref">
<xsl:when test="@status and @Ref">
<!-- Only generate a table for findings in the section with this status AND this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status][ancestor::*[@id = $Ref]]">
<xsl:call-template name="recommendationsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@status and not(@Ref)">
<!-- Only generate a table for findings in the section with this status -->
<xsl:for-each
select="/pentest_report/descendant::finding[@status = $status]">
<xsl:call-template name="recommendationsSummaryContent"/>
</xsl:for-each>
</xsl:when>
<xsl:when test="@Ref and not(@status)">
<!-- Only generate a table for findings in the section with this Ref -->
<xsl:for-each
select="/pentest_report/descendant::finding[ancestor::*[@id = $Ref]]">
@ -209,19 +240,20 @@
</fo:table-row>
</xsl:for-each>
<xsl:for-each select="/pentest_report/meta/collaborators/pentesters/pentester">
<xsl:if test="not(./name = /pentest_report/meta/collaborators/approver/name)">
<xsl:if
test="not(./name = /pentest_report/meta/collaborators/approver/name)">
<fo:table-row xsl:use-attribute-sets="borders">
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="name"/>
</fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="bio"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="name"/>
</fo:block>
</fo:table-cell>
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block>
<xsl:apply-templates select="bio"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
</xsl:if>
</xsl:for-each>
</fo:table-body>
@ -235,7 +267,7 @@
<xsl:with-param name="latestVersionDate" select="$latestVersionDate"/>
</xsl:call-template>
</xsl:template>
<xsl:template name="generateSignatureBox">
<xsl:param name="latestVersionDate"/>
<fo:block keep-together.within-page="always" xsl:use-attribute-sets="signaturebox">
@ -413,7 +445,8 @@
</xsl:call-template>
</xsl:template>
<xsl:template match="client_legal_rep">
<xsl:param name="placeholderElement" select="/offerte/meta/permission_parties/client/legal_rep"/>
<xsl:param name="placeholderElement"
select="/offerte/meta/permission_parties/client/legal_rep"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
@ -479,7 +512,8 @@
</xsl:call-template>
</xsl:template>
<xsl:template match="t_app_producer">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/target_application_producer"/>
<xsl:param name="placeholderElement"
select="/*/meta/pentestinfo/target_application_producer"/>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
@ -498,7 +532,8 @@
</xsl:template>
<xsl:template match="p_fee">
<xsl:param name="placeholderElement" select="/*/meta/pentestinfo/fee"/>
<xsl:value-of select="$denomination"/><xsl:text>&#160;</xsl:text>
<xsl:value-of select="$denomination"/>
<xsl:text>&#160;</xsl:text>
<xsl:call-template name="checkPlaceholder">
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
@ -521,13 +556,15 @@
<xsl:with-param name="placeholderElement" select="$placeholderElement"/>
</xsl:call-template>
</xsl:template>
<xsl:template name="checkPlaceholder">
<xsl:param name="placeholderElement" select="/"/>
<xsl:choose>
<xsl:when test="normalize-space($placeholderElement)"><!-- placeholder exists and contains text -->
<xsl:when test="normalize-space($placeholderElement)">
<!-- placeholder exists and contains text -->
<xsl:choose>
<xsl:when test="self::p_fee"><!-- pretty numbering for fee -->
<xsl:when test="self::p_fee">
<!-- pretty numbering for fee -->
<xsl:variable name="fee" select="$placeholderElement * 1"/>
<xsl:number value="$fee" grouping-separator="," grouping-size="3"/>
</xsl:when>

99
xml/xslt/findings.xslt
View File

@ -1,68 +1,103 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
exclude-result-prefixes="xs" xmlns:fo="http://www.w3.org/1999/XSL/Format"
version="2.0">
xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs"
xmlns:fo="http://www.w3.org/1999/XSL/Format" version="2.0">
<xsl:template match="finding" mode="meta">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability ID: </fo:inline>
<xsl:apply-templates select="." mode="number"/>
</fo:block>
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability type: </fo:inline>
<xsl:value-of select="@type"/>
</fo:block>
<fo:block xsl:use-attribute-sets="finding-meta">
<xsl:attribute name="margin-bottom" select="$large-space"/>
<fo:inline xsl:use-attribute-sets="bold">Threat level: </fo:inline>
<xsl:value-of select="@threatLevel"/>
</fo:block>
<fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table" margin-bottom="{$large-space}">
<fo:table-column column-width="proportional-column-width(70)"/>
<fo:table-column column-width="proportional-column-width(30)"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td">
<xsl:if test="not(@status)"><xsl:attribute name="number-columns-spanned">2</xsl:attribute></xsl:if>
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability ID: </fo:inline>
<xsl:apply-templates select="." mode="number"/>
</fo:block>
</fo:table-cell>
<xsl:if test="@status">
<fo:table-cell xsl:use-attribute-sets="td">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Retest status: </fo:inline>
<xsl:value-of select="@status"/>
</fo:block>
</fo:table-cell>
</xsl:if>
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td" number-columns-spanned="2">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Vulnerability type: </fo:inline>
<xsl:value-of select="@type"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell xsl:use-attribute-sets="td" number-columns-spanned="2">
<fo:block xsl:use-attribute-sets="finding-meta">
<fo:inline xsl:use-attribute-sets="bold">Threat level: </fo:inline>
<xsl:value-of select="@threatLevel"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table>
</xsl:template>
<!-- ignore summary-table-only elements in the findings -->
<xsl:template match="description_summary|recommendation_summary"/>
<xsl:template match="description_summary | recommendation_summary"/>
<xsl:template match="description">
<fo:block xsl:use-attribute-sets="title-4">Description:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="description" mode="summarytable">
<xsl:if test="img|table">
<xsl:message>WARNING: description containing img or table may not look very good in the finding summary table. Consider using a description_summary element instead.</xsl:message>
</xsl:if>
<xsl:apply-templates mode="summarytable"/>
<xsl:if test="img | table">
<xsl:message>WARNING: description containing img or table may not look very good in the
finding summary table. Consider using a description_summary element
instead.</xsl:message>
</xsl:if>
<xsl:apply-templates mode="summarytable"/>
</xsl:template>
<xsl:template match="technicaldescription">
<fo:block xsl:use-attribute-sets="title-4">Technical description:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="impact">
<fo:block xsl:use-attribute-sets="title-4">Impact:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="recommendation">
<fo:block xsl:use-attribute-sets="title-4">Recommendation:</fo:block>
<fo:block margin-bottom="{$large-space}">
<xsl:apply-templates/>
</fo:block>
</xsl:template>
<xsl:template match="recommendation" mode="summarytable">
<xsl:if test="img|table">
<xsl:message>WARNING: recommendation containing img or table may not look very good in the finding summary table. Consider using a recommendation_summary element instead.</xsl:message>
<xsl:if test="img | table">
<xsl:message>WARNING: recommendation containing img or table may not look very good in
the finding summary table. Consider using a recommendation_summary element
instead.</xsl:message>
</xsl:if>
<xsl:apply-templates mode="summarytable"/>
</xsl:template>
</xsl:stylesheet>
</xsl:stylesheet>