`, `` and `` tags. I tried to describe what was what and is now something else, but it became way too confusing. To keep it simple, just know this:
- `` is for **terminal output and code blocks**, just like the triple back-tick (```) in markdown
- `` is for the **inline monospace font**, just like the single back-tick (`) in markdown
January 12th, 2017
------------------
### Pie charts
You can now generate pie charts for any countable data that might be in the report. You can do so using the element ``, where `x` is the attribute value of any element `y` in the document (useful charts would be `threatLevel` for `x` and `finding` for `y` to show a pie chart of the share of findings by threat level, or `type` for `x` and `finding` for `y` to show a pie chart of the share of findings by type). The height (and width) of the pie is set in the pieHeight attribute, where `z` is the height of the pie chart in px.
August 25th, 2016
-----------------
### More configurable contract snippet selection
You can now configure contract types and the snippets they use in `snippets/snippetselection.xml`. The selected snippets will be used when generating the contract from `contract_info.xml` (see Aug 19 release notes). If you define no snippet group, all snippets will be generated one after the other in the resulting contract. If you do define snippet groups, these can then be referenced from the xslt so that you generate a group at a time (useful if there should be something in between them or if they go in different sections or something like that). In due time this will also be generated for offertes (so as to configure offertes generated from the `quickscope.xml`)
### Generic Document footnotes
You can now use footnotes (`This is a niceAnd by nice I mean that it contains a footnote sentence.
`) in generic documents. In due time these will also be added to pentest reports and offertes.
### Generic Document bibliography
You can now use bibliography references and entries in generic documents. In due time these will also be added to pentest reports and offertes.
#### Example:
This is a nice book
`
Bibliography
Guy
Some
Books are cool
pages 207–228
We Publish Everything
Amsterdam
2016
http://www.noqualitycontrol.com/someguysbook
2016-08-25
August 19th, 2016
-----------------
### Contracts
Added a contract document type; it works as follows:
1. fill out the fields (elements) in contract_info.xml
2. Create contract.xml from contract_info.xml using info2contract.xsl
3. contract.xml --> contract.pdf (using generate_contract.xsl + fop)
In general there shoudl be no need to edit contract.xml, it is an intermediate document. The idea is to go straight from contract_info.xml to contract.pdf (in two steps)
July 30, 2016
-------------
### Finding status
New feature for retests: finding status to indicate if, in context of a follow-up pentest, a finding is new, resolved, still unresolved or not retested.
The `` element now has an optional `@status` attribute. Possible values are:
- `new`
- `unresolved`
- `resolved`
- `not_retested`
The `` element in `` in the `waiver.xml` snippet.
UNLESS: you have added an optional `` element below `` (still in ``) and have given it a `Ref` attribute that refers to the `id` of the client/party for which this alternative waiver needs to be used (just add an `id` if the client or party doesn't have one yet).
So to summarize:
1. xslt checks if an alternative waiver has been defined for a specific client or party in the offer,
2. if not, it uses the standard waiver
Now isn't that simple!
Note: to support this functionality, a bunch of waiver-only placeholders have been introduced, to wit: ``, ``, ``, ``, ``, ``. Don't use them anywhere else though (they will fail and anyway it wouldn't make sense).
May 23, 2016
------------
### Offerte --> Pentest-report
Last step in the document chain has been completed: you can now generate a (bare bones) Pentest report from any offerte the client has accepted, using the following command:
`java -jar saxon9he.jar -s:source/offerte.xml -xsl:xslt/off2rep.xsl -o:source/report.xml`
This makes the document workflow as follows:
1. Fill in quickscope.xml
2. Create offerte.xml from quickscope.xml using qs2offerte.xsl
3. If client accepts offerte, create report.xml from offerte.xml using off2rep.xsl
4. After pentest has concluded, create invoice from offerte using either the direct route or the roundabout one (see March 24, 2016 in the release notes for more info)
April 25, 2016
-------------
### Hidden elements
It is now possible to hide `section`, `appendix` and `annex` elements from the generated report, offerte or generic document. To do so, add the optional attribute `visibility="hidden"` to whatever it is you want to hide in the generated PDF.
Links to hidden targets will give an error (in the document), as will links to non-existing targets in general.
### Client Placeholder renaming
All placeholders that used to start with `c_*` (c_short, c_poc1, etc) now start with `client_`.
April 21, 2016
-------------
### Generic Documents
We now have a generic document type, which can be used for (drumroll) generic documents (whitepapers, training notes, presentation notes, whatever).
It is a super-simple template: it contains a a sparse meta section, an optional ToC and then any number of sections and elements. All the general text elements (tables, lists, pre, code, a, etc etc) can be used. It's so simple I'm not even going to document it. Check the example doc in `doc/examples` if you're lost, but if you've ever written an offer or a pentest report using this system it should be a piece of cake. :)
Usage: `genericdocument.xml --> genericdocument.pdf (using generate_doc.xsl + fop)`
April 4, 2016
-------------
### Associating targets with parties
You can now associate certain targets with certain parties. The `` and <`party`> element now have an optional `id` attribute. Each `target` element now has an optional `Ref` attribute.
In waivers, only the targets associated with the party/client that needs to sign the waiver will be shown.
`` element now has an optional `` child.
March 10, 2016
-------------
### Fee denomination
The `` element in `` now has an optional `denomination` attribute, which can be set to `euro` (default) or `dollar`. Yay for globalization! No, wait.
Anyway, the denomination is added automatically whenever you reference the fee using the `` element has been extracted from the document and now exists all by itself in the file `client_info.xml`, which is located in the `source` directory. This gives us the possibility to have a 'client library' and to easily reuse client info - just replace the file with the proper one for the current client.
Note that there are some new fields in the client section, `` and `` for use in the... (see next section)
### Invoices!
w00t. You can now generate a pdf invoice directly from offerte.xml. Use:
`java -jar saxon9he.jar -s:/path/to/offerte/source/offerte.xml -xsl:/path/to/offerte/xslt/generate_invoice.xsl -o:/path/to/report/target/invoice.fo INVOICE_NO=[invoice number] -xi`
And then:
`fop -c conf/rosfop.xconf /path/to/offerte/target/invoice.fo path/to/offerte/target/invoice.pdf`
March 9, 2016
-------------
### An essay on placeholders
#### Universality
Placeholders can now be used in both offertes and pentest reports. Within reason, though! Pentest reports only have access to a limited set as the other placeholders are not relevant:
- c_long, c_short, c_street, c_city, c_country (i.e. client data)
- company_long, company_short (i.e. company data)
- p_duration, p_boxtype, p_testingduration, p_reportwritingduration, p_reportdue (i.e. pentest info)
- t_app, t_app_producer (i.e. tested app name & producer)
To accommodate for especially those last two bullets, we now have room for an optional `pentestinfo` tag in the report meta section, following the `` element. It's the same as the `pentestinfo` for offertes, except it doesn't hold financial info.
#### Robustness
When you insert a placeholder, there is now a check to see if
a. The element you're referring to exists
b. The element you're referring to contains text
If either a or b are not the case, you'll end up with a red XXXXX. Which should hopefully get your, or somebody else's, attention during review time.
#### Title Case
Uppercase is now forced on titles that should be in uppercase (i.e. report and offerte title pages, plus offerte titles in general).
Forcing title case for pentest report titles is unfortunately not possible from a style point of view as xsl-fo can only capitalize every word, which is not really what we want. But Peter Mosmans's validation script has your back on this.
### Finally, we have a `` element!
#### What does `` do?
Nothing. `` just *is*.
#### Sigh. Ok, why *is* ``?
You can use `` as a container for other block elements. This is basically only (but very) useful for snippets, as snippets need to be well-formed XML documentlets and can therefore only have one root element. If the snippet is a complete section, this is not a problem. If the snippet is a bunch of paragraphs or something, you're out of luck. Or rather, you used to be out of luck, because there was no ``. But now there is ``. So your snippet can be `` (root element), containing everything you want. Well, everything that's allowed, anyway.
#### So what's allowed in ``?
All block elements: p, ul, ol, table, img, pre, code
#### And what elements can *contain* ``?
Sections, Annexes and Appendices. NOTHING ELSE. DON'T EVEN TRY.