From eb62c0376be442a801f134698eed2de88fb3ea3a Mon Sep 17 00:00:00 2001
From: skyanth <skyanth@gmail.com>
Date: Sat, 30 Jul 2016 14:37:58 +0200
Subject: [PATCH] retest status implemented

---
 xml/RELEASE_NOTES.md      | 16 +++++++
 xml/dtd/pentestreport.xsd | 30 ++++++++++++
 xml/xslt/auto.xsl         | 85 +++++++++++++++++++++++----------
 xml/xslt/findings.xslt    | 99 ++++++++++++++++++++++++++-------------
 4 files changed, 174 insertions(+), 56 deletions(-)

diff --git a/xml/RELEASE_NOTES.md b/xml/RELEASE_NOTES.md
index 5329064..df868c7 100644
--- a/xml/RELEASE_NOTES.md
+++ b/xml/RELEASE_NOTES.md
@@ -1,6 +1,22 @@
 RELEASE NOTES
 =============
 
+July 30, 2016
+-------------
+
+### Finding status
+
+New feature for retests: finding status to indicate if, in context of a follow-up pentest, a finding is new, resolved, still unresolved or not retested.
+
+The `<finding>` element now has an optional `@status` attribute. Possible values are:
+
+- `new` (default)
+- `unresolved`
+- `resolved`
+- `not_retested`
+
+The `<generate_findings/>` element now likewise has this optional `@status` attribute with the same possible values. You can add it to generate a finding summary table containing only the findings with a specific status.
+
 June 15, 2016
 -------------
 
diff --git a/xml/dtd/pentestreport.xsd b/xml/dtd/pentestreport.xsd
index 4cf5029..4c5f80d 100644
--- a/xml/dtd/pentestreport.xsd
+++ b/xml/dtd/pentestreport.xsd
@@ -186,11 +186,31 @@
   <xs:element name="generate_recommendations">
     <xs:complexType>
       <xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
+      <xs:attribute name="status" use="optional">
+        <xs:simpleType> 
+          <xs:restriction base="xs:string"> 
+            <xs:enumeration value="new"/>
+            <xs:enumeration value="resolved"/>
+            <xs:enumeration value="unresolved"/>
+            <xs:enumeration value="not_retested"/>
+          </xs:restriction> 
+        </xs:simpleType>
+      </xs:attribute>
     </xs:complexType>
   </xs:element>
   <xs:element name="generate_findings">
     <xs:complexType>
       <xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
+      <xs:attribute name="status" use="optional">
+        <xs:simpleType> 
+          <xs:restriction base="xs:string"> 
+            <xs:enumeration value="new"/>
+            <xs:enumeration value="resolved"/>
+            <xs:enumeration value="unresolved"/>
+            <xs:enumeration value="not_retested"/>
+          </xs:restriction> 
+        </xs:simpleType>
+      </xs:attribute>
     </xs:complexType>
   </xs:element>
   <xs:element name="finding">
@@ -225,6 +245,16 @@
           </xs:restriction> 
         </xs:simpleType>
       </xs:attribute>
+      <xs:attribute name="status" use="optional">
+        <xs:simpleType> 
+          <xs:restriction base="xs:string"> 
+            <xs:enumeration value="new"/>
+            <xs:enumeration value="resolved"/>
+            <xs:enumeration value="unresolved"/>
+            <xs:enumeration value="not_retested"/>
+          </xs:restriction> 
+        </xs:simpleType>
+      </xs:attribute>
       <xs:attribute name="type" use="required"/>
       <xs:attribute name="break" use="optional">
         <xs:simpleType> 
diff --git a/xml/xslt/auto.xsl b/xml/xslt/auto.xsl
index 59cac32..6a473cb 100644
--- a/xml/xslt/auto.xsl
+++ b/xml/xslt/auto.xsl
@@ -2,7 +2,7 @@
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
     xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs"
     xmlns:fo="http://www.w3.org/1999/XSL/Format" version="2.0">
-    
+
     <xsl:variable name="denomination">
         <xsl:choose>
             <xsl:when test="/offerte/meta/pentestinfo/fee/@denomination = 'euro'">€</xsl:when>
@@ -16,9 +16,10 @@
 
     <xsl:template name="generate_targets_xslt">
         <xsl:param name="Ref" select="@Ref"/>
-        <fo:list-block xsl:use-attribute-sets="list"  provisional-distance-between-starts="0.75cm"
+        <fo:list-block xsl:use-attribute-sets="list" provisional-distance-between-starts="0.75cm"
             provisional-label-separation="2.5mm" space-after="12pt" start-indent="1cm">
-            <xsl:for-each select="/*/meta/targets/target[@Ref=$Ref] | /*/meta/targets/target[not(@Ref)]">
+            <xsl:for-each
+                select="/*/meta/targets/target[@Ref = $Ref] | /*/meta/targets/target[not(@Ref)]">
                 <fo:list-item>
                     <!-- insert a bullet -->
                     <fo:list-item-label end-indent="label-end()">
@@ -39,6 +40,7 @@
 
     <xsl:template match="generate_findings">
         <xsl:variable name="Ref" select="@Ref"/>
+        <xsl:variable name="status" select="@status"/>
         <fo:block>
             <fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table borders">
                 <xsl:call-template name="checkIfLast"/>
@@ -66,7 +68,21 @@
                         </fo:table-cell>
                     </fo:table-row>
                     <xsl:choose>
-                        <xsl:when test="@Ref">
+                        <xsl:when test="@status and @Ref">
+                            <!-- Only generate a table for findings in the section with this status AND this Ref -->
+                            <xsl:for-each
+                                select="/pentest_report/descendant::finding[@status = $status][ancestor::*[@id = $Ref]]">
+                                <xsl:call-template name="findingsSummaryContent"/>
+                            </xsl:for-each>
+                        </xsl:when>
+                        <xsl:when test="@status and not(@Ref)">
+                            <!-- Only generate a table for findings in the section with this status -->
+                            <xsl:for-each
+                                select="/pentest_report/descendant::finding[@status = $status]">
+                                <xsl:call-template name="findingsSummaryContent"/>
+                            </xsl:for-each>
+                        </xsl:when>
+                        <xsl:when test="@Ref and not(@status)">
                             <!-- Only generate a table for findings in the section with this Ref -->
                             <xsl:for-each
                                 select="/pentest_report/descendant::finding[ancestor::*[@id = $Ref]]">
@@ -118,6 +134,7 @@
 
     <xsl:template match="generate_recommendations">
         <xsl:variable name="Ref" select="@Ref"/>
+        <xsl:variable name="status" select="@status"/>
         <fo:block>
             <fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table borders">
                 <xsl:call-template name="checkIfLast"/>
@@ -140,7 +157,21 @@
                         </fo:table-cell>
                     </fo:table-row>
                     <xsl:choose>
-                        <xsl:when test="@Ref">
+                        <xsl:when test="@status and @Ref">
+                            <!-- Only generate a table for findings in the section with this status AND this Ref -->
+                            <xsl:for-each
+                                select="/pentest_report/descendant::finding[@status = $status][ancestor::*[@id = $Ref]]">
+                                <xsl:call-template name="recommendationsSummaryContent"/>
+                            </xsl:for-each>
+                        </xsl:when>
+                        <xsl:when test="@status and not(@Ref)">
+                            <!-- Only generate a table for findings in the section with this status -->
+                            <xsl:for-each
+                                select="/pentest_report/descendant::finding[@status = $status]">
+                                <xsl:call-template name="recommendationsSummaryContent"/>
+                            </xsl:for-each>
+                        </xsl:when>
+                        <xsl:when test="@Ref and not(@status)">
                             <!-- Only generate a table for findings in the section with this Ref -->
                             <xsl:for-each
                                 select="/pentest_report/descendant::finding[ancestor::*[@id = $Ref]]">
@@ -209,19 +240,20 @@
                         </fo:table-row>
                     </xsl:for-each>
                     <xsl:for-each select="/pentest_report/meta/collaborators/pentesters/pentester">
-                        <xsl:if test="not(./name = /pentest_report/meta/collaborators/approver/name)">
+                        <xsl:if
+                            test="not(./name = /pentest_report/meta/collaborators/approver/name)">
                             <fo:table-row xsl:use-attribute-sets="borders">
-                            <fo:table-cell xsl:use-attribute-sets="td">
-                                <fo:block>
-                                    <xsl:apply-templates select="name"/>
-                                </fo:block>
-                            </fo:table-cell>
-                            <fo:table-cell xsl:use-attribute-sets="td">
-                                <fo:block>
-                                    <xsl:apply-templates select="bio"/>
-                                </fo:block>
-                            </fo:table-cell>
-                        </fo:table-row>
+                                <fo:table-cell xsl:use-attribute-sets="td">
+                                    <fo:block>
+                                        <xsl:apply-templates select="name"/>
+                                    </fo:block>
+                                </fo:table-cell>
+                                <fo:table-cell xsl:use-attribute-sets="td">
+                                    <fo:block>
+                                        <xsl:apply-templates select="bio"/>
+                                    </fo:block>
+                                </fo:table-cell>
+                            </fo:table-row>
                         </xsl:if>
                     </xsl:for-each>
                 </fo:table-body>
@@ -235,7 +267,7 @@
             <xsl:with-param name="latestVersionDate" select="$latestVersionDate"/>
         </xsl:call-template>
     </xsl:template>
-    
+
     <xsl:template name="generateSignatureBox">
         <xsl:param name="latestVersionDate"/>
         <fo:block keep-together.within-page="always" xsl:use-attribute-sets="signaturebox">
@@ -413,7 +445,8 @@
         </xsl:call-template>
     </xsl:template>
     <xsl:template match="client_legal_rep">
-        <xsl:param name="placeholderElement" select="/offerte/meta/permission_parties/client/legal_rep"/>
+        <xsl:param name="placeholderElement"
+            select="/offerte/meta/permission_parties/client/legal_rep"/>
         <xsl:call-template name="checkPlaceholder">
             <xsl:with-param name="placeholderElement" select="$placeholderElement"/>
         </xsl:call-template>
@@ -479,7 +512,8 @@
         </xsl:call-template>
     </xsl:template>
     <xsl:template match="t_app_producer">
-        <xsl:param name="placeholderElement" select="/*/meta/pentestinfo/target_application_producer"/>
+        <xsl:param name="placeholderElement"
+            select="/*/meta/pentestinfo/target_application_producer"/>
         <xsl:call-template name="checkPlaceholder">
             <xsl:with-param name="placeholderElement" select="$placeholderElement"/>
         </xsl:call-template>
@@ -498,7 +532,8 @@
     </xsl:template>
     <xsl:template match="p_fee">
         <xsl:param name="placeholderElement" select="/*/meta/pentestinfo/fee"/>
-        <xsl:value-of select="$denomination"/><xsl:text>&#160;</xsl:text>
+        <xsl:value-of select="$denomination"/>
+        <xsl:text>&#160;</xsl:text>
         <xsl:call-template name="checkPlaceholder">
             <xsl:with-param name="placeholderElement" select="$placeholderElement"/>
         </xsl:call-template>
@@ -521,13 +556,15 @@
             <xsl:with-param name="placeholderElement" select="$placeholderElement"/>
         </xsl:call-template>
     </xsl:template>
-    
+
     <xsl:template name="checkPlaceholder">
         <xsl:param name="placeholderElement" select="/"/>
         <xsl:choose>
-            <xsl:when test="normalize-space($placeholderElement)"><!-- placeholder exists and contains text -->
+            <xsl:when test="normalize-space($placeholderElement)">
+                <!-- placeholder exists and contains text -->
                 <xsl:choose>
-                    <xsl:when test="self::p_fee"><!-- pretty numbering for fee -->
+                    <xsl:when test="self::p_fee">
+                        <!-- pretty numbering for fee -->
                         <xsl:variable name="fee" select="$placeholderElement * 1"/>
                         <xsl:number value="$fee" grouping-separator="," grouping-size="3"/>
                     </xsl:when>
diff --git a/xml/xslt/findings.xslt b/xml/xslt/findings.xslt
index 1998a1c..c3d15e6 100644
--- a/xml/xslt/findings.xslt
+++ b/xml/xslt/findings.xslt
@@ -1,68 +1,103 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-    xmlns:xs="http://www.w3.org/2001/XMLSchema"
-    exclude-result-prefixes="xs" xmlns:fo="http://www.w3.org/1999/XSL/Format"
-    version="2.0">
+    xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs"
+    xmlns:fo="http://www.w3.org/1999/XSL/Format" version="2.0">
 
     <xsl:template match="finding" mode="meta">
-        <fo:block xsl:use-attribute-sets="finding-meta">
-            <fo:inline xsl:use-attribute-sets="bold">Vulnerability ID: </fo:inline>
-            <xsl:apply-templates select="." mode="number"/>
-        </fo:block>
-        <fo:block xsl:use-attribute-sets="finding-meta">
-            <fo:inline xsl:use-attribute-sets="bold">Vulnerability type: </fo:inline>
-            <xsl:value-of select="@type"/>
-        </fo:block>
-        <fo:block xsl:use-attribute-sets="finding-meta">
-            <xsl:attribute name="margin-bottom" select="$large-space"/>
-            <fo:inline xsl:use-attribute-sets="bold">Threat level: </fo:inline>
-            <xsl:value-of select="@threatLevel"/>
-        </fo:block>
+        <fo:table width="100%" table-layout="fixed" xsl:use-attribute-sets="table" margin-bottom="{$large-space}">
+            <fo:table-column column-width="proportional-column-width(70)"/>
+            <fo:table-column column-width="proportional-column-width(30)"/>
+            <fo:table-body>
+                <fo:table-row>
+                    <fo:table-cell xsl:use-attribute-sets="td">
+                        <xsl:if test="not(@status)"><xsl:attribute name="number-columns-spanned">2</xsl:attribute></xsl:if>
+                        <fo:block xsl:use-attribute-sets="finding-meta">
+                            <fo:inline xsl:use-attribute-sets="bold">Vulnerability ID: </fo:inline>
+                            <xsl:apply-templates select="." mode="number"/>
+                        </fo:block>
+                    </fo:table-cell>
+                    <xsl:if test="@status">
+            <fo:table-cell xsl:use-attribute-sets="td">
+                <fo:block xsl:use-attribute-sets="finding-meta">
+                <fo:inline xsl:use-attribute-sets="bold">Retest status: </fo:inline>
+                <xsl:value-of select="@status"/>
+            </fo:block>
+            </fo:table-cell>
+        </xsl:if>
+                </fo:table-row>
+                <fo:table-row>
+                <fo:table-cell xsl:use-attribute-sets="td" number-columns-spanned="2">
+                        <fo:block xsl:use-attribute-sets="finding-meta">
+                            <fo:inline xsl:use-attribute-sets="bold">Vulnerability type: </fo:inline>
+                            <xsl:value-of select="@type"/>
+                        </fo:block>
+                    </fo:table-cell>
+                </fo:table-row>
+                <fo:table-row>
+                    <fo:table-cell xsl:use-attribute-sets="td" number-columns-spanned="2">
+                        <fo:block xsl:use-attribute-sets="finding-meta">
+                            <fo:inline xsl:use-attribute-sets="bold">Threat level: </fo:inline>
+                            <xsl:value-of select="@threatLevel"/>
+                        </fo:block>
+                    </fo:table-cell>
+
+                </fo:table-row>
+
+            </fo:table-body>
+        </fo:table>
+
+
+
+        
     </xsl:template>
-    
+
     <!-- ignore summary-table-only elements in the findings -->
-    <xsl:template match="description_summary|recommendation_summary"/>
-    
+    <xsl:template match="description_summary | recommendation_summary"/>
+
     <xsl:template match="description">
         <fo:block xsl:use-attribute-sets="title-4">Description:</fo:block>
         <fo:block margin-bottom="{$large-space}">
             <xsl:apply-templates/>
         </fo:block>
     </xsl:template>
-    
+
     <xsl:template match="description" mode="summarytable">
-            <xsl:if test="img|table">
-                <xsl:message>WARNING: description containing img or table may not look very good in the finding summary table. Consider using a description_summary element instead.</xsl:message>
-            </xsl:if>
-            <xsl:apply-templates mode="summarytable"/>
+        <xsl:if test="img | table">
+            <xsl:message>WARNING: description containing img or table may not look very good in the
+                finding summary table. Consider using a description_summary element
+                instead.</xsl:message>
+        </xsl:if>
+        <xsl:apply-templates mode="summarytable"/>
     </xsl:template>
-    
+
     <xsl:template match="technicaldescription">
         <fo:block xsl:use-attribute-sets="title-4">Technical description:</fo:block>
         <fo:block margin-bottom="{$large-space}">
             <xsl:apply-templates/>
         </fo:block>
     </xsl:template>
-    
+
     <xsl:template match="impact">
         <fo:block xsl:use-attribute-sets="title-4">Impact:</fo:block>
         <fo:block margin-bottom="{$large-space}">
             <xsl:apply-templates/>
         </fo:block>
     </xsl:template>
-    
+
     <xsl:template match="recommendation">
         <fo:block xsl:use-attribute-sets="title-4">Recommendation:</fo:block>
         <fo:block margin-bottom="{$large-space}">
             <xsl:apply-templates/>
         </fo:block>
     </xsl:template>
-    
+
     <xsl:template match="recommendation" mode="summarytable">
-        <xsl:if test="img|table">
-            <xsl:message>WARNING: recommendation containing img or table may not look very good in the finding summary table. Consider using a recommendation_summary element instead.</xsl:message>
+        <xsl:if test="img | table">
+            <xsl:message>WARNING: recommendation containing img or table may not look very good in
+                the finding summary table. Consider using a recommendation_summary element
+                instead.</xsl:message>
         </xsl:if>
         <xsl:apply-templates mode="summarytable"/>
     </xsl:template>
-    
-</xsl:stylesheet>
\ No newline at end of file
+
+</xsl:stylesheet>