diff --git a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html
index 79b2bb7..cc1e566 100644
--- a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html
+++ b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html
@@ -30,7 +30,7 @@
-
+
diff --git a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts
index 318e289..d5e79a0 100644
--- a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts
+++ b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts
@@ -81,6 +81,7 @@ export class ExportReportDialogComponent implements OnInit {
}
onClickExport(reportFormat: string, reportLanguage: string): void {
+ console.warn('ToDo: Use format ', reportFormat);
// Get project id from dialog data
const projectId = this.dialogData.options[0].additionalData.id;
// Loading is true as long as there is a response from the reporting service
@@ -89,7 +90,7 @@ export class ExportReportDialogComponent implements OnInit {
switch (reportFormat) {
case ExportFormatOptions.PDF: {
// @ts-ignore
- this.downloadPentestReport$ = this.reportingService.getReportPDFforProjectById(projectId)
+ this.downloadPentestReport$ = this.reportingService.getReportPDFforProjectById(projectId, reportLanguage)
.pipe(
shareReplay(),
untilDestroyed(this)
diff --git a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html
index d6817c0..4d4a254 100644
--- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html
+++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html
@@ -119,7 +119,8 @@
-
diff --git a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts
index b6f2e5e..678244b 100644
--- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts
+++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts
@@ -205,10 +205,6 @@ export class ProfileSettingsComponent implements OnInit {
}
onClickCancel(): void {
- console.log(this.userFormGroup.get('firstName').dirty);
- console.log(this.userFormGroup.get('firstName')?.hasError('required'));
- console.log(this.userFirstNameControl.hasError('required'));
-
this.dialogRef.close();
}
diff --git a/security-c4po-angular/src/shared/services/reporting/reporting.service.ts b/security-c4po-angular/src/shared/services/reporting/reporting.service.ts
index b61468a..863258f 100644
--- a/security-c4po-angular/src/shared/services/reporting/reporting.service.ts
+++ b/security-c4po-angular/src/shared/services/reporting/reporting.service.ts
@@ -18,8 +18,9 @@ export class ReportingService {
/**
* Get PDF Report by project id
*/
- public getReportPDFforProjectById(projectId: string): Observable> {
- return this.http.get(`${this.reportBaseURL}/${projectId}/pdf`,
+ // ToDo: Add language here
+ public getReportPDFforProjectById(projectId: string, reportLanguage: string): Observable> {
+ return this.http.get(`${this.reportBaseURL}/${projectId}/pdf/${reportLanguage}`,
{
// @ts-ignore
responseType: 'arraybuffer',
diff --git a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt
index 3596276..2a015c8 100644
--- a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt
+++ b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt
@@ -28,12 +28,13 @@ class ReportController(private val apiService: APIService, private val reportSer
var logger = getLoggerFor()
@GetMapping(
- "/{projectId}/pdf",
+ "/{projectId}/pdf/{reportLanguage}",
produces = [MediaType.APPLICATION_PDF_VALUE]
)
- fun downloadPentestReportPDF(@PathVariable(value = "projectId") projectId: String, @AuthenticationPrincipal user: Appuser): Mono> {
+ // ToDo: Add language here
+ fun downloadPentestReportPDF(@PathVariable(value = "projectId") projectId: String, @PathVariable(value = "reportLanguage") reportLanguage: String, @AuthenticationPrincipal user: Appuser): Mono> {
return this.apiService.requestProjectReportDataById(projectId, user.token).flatMap {projectReport ->
- this.reportService.createReport(projectReport, "pdf").map { reportClassLoaderFilePath ->
+ this.reportService.createReport(projectReport, "pdf", reportLanguage).map { reportClassLoaderFilePath ->
ResponseEntity.ok().body(reportClassLoaderFilePath)
}.switchIfEmpty {
Mono.just(notFound().build())
diff --git a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt
index 5af266b..bb9e5b4 100644
--- a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt
+++ b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt
@@ -3,6 +3,7 @@ package com.securityc4po.reporting.report
import com.securityc4po.reporting.extensions.getLoggerFor
import com.securityc4po.reporting.remote.model.*
import net.sf.jasperreports.engine.*
+import net.sf.jasperreports.engine.JRParameter.REPORT_RESOURCE_BUNDLE
import net.sf.jasperreports.engine.data.JRBeanCollectionDataSource
import org.apache.pdfbox.io.MemoryUsageSetting
import org.apache.pdfbox.multipdf.PDFMergerUtility
@@ -11,6 +12,8 @@ import org.springframework.stereotype.Service
import reactor.core.publisher.Flux
import reactor.core.publisher.Mono
import java.io.*
+import java.util.*
+import kotlin.collections.HashMap
@Service
@@ -51,6 +54,10 @@ class ReportService {
@Value("\${reportDefaultPdf}")
lateinit var reportDefaultPdfPropertyPath: String
+ // Path to localization files
+ @Value("\${localization}")
+ lateinit var localizationRessourceBasePath: String
+
// Image paths
@Value("\${CDATA_WATERMARK}")
lateinit var waterMarkPath: String
@@ -68,13 +75,14 @@ class ReportService {
@Value("\${CDATA_SeverityRatingTable}")
lateinit var severityRatingTablePath: String
- fun createReport(projectReportCollection: ProjectReport, reportFormat: String): Mono {
+ fun createReport(projectReportCollection: ProjectReport, reportFormat: String, reportLanguage: String): Mono {
+ logger.info("Use: " + reportLanguage)
// Setup PDFMergerUtility
val mergedC4POPentestReport: PDFMergerUtility = PDFMergerUtility()
// Setup ByteArrayOutputStream for "on the fly" file generation
val pdfDocOutputstream = ByteArrayOutputStream()
// Try to create report files & merge them together
- return createPentestReportFiles(projectReportCollection, reportFormat, mergedC4POPentestReport).collectList()
+ return createPentestReportFiles(projectReportCollection, reportFormat, reportLanguage, mergedC4POPentestReport).collectList()
.map {
// Merge report files
mergedC4POPentestReport.destinationStream = pdfDocOutputstream
@@ -89,16 +97,20 @@ class ReportService {
private fun createPentestReportFiles(
projectReportCollection: ProjectReport,
reportFormat: String,
+ reportLanguage: String,
mergedC4POPentestReport: PDFMergerUtility
): Flux {
+ // Setup ressource bundle for localization
+ val resourceBundle = getRessourceBundle(reportLanguage)
+ // Setup Flux to create report
return Flux.just(
// Create byte arrays of report files
- createCover(projectReportCollection, reportFormat),
- createTableOfContent(projectReportCollection, reportFormat),
- createStateOfConfidentiality(projectReportCollection, reportFormat),
- createExecutiveSummary(projectReportCollection, reportFormat),
- createPentestReports(projectReportCollection, reportFormat),
- createAppendencies(reportFormat)
+ createCover(projectReportCollection, reportFormat, resourceBundle),
+ createTableOfContent(projectReportCollection, reportFormat, resourceBundle),
+ createStateOfConfidentiality(projectReportCollection, reportFormat, resourceBundle),
+ createExecutiveSummary(projectReportCollection, reportFormat, resourceBundle),
+ createPentestReports(projectReportCollection, reportFormat, resourceBundle),
+ createAppendencies(reportFormat, resourceBundle)
).map { jasperObject ->
if (jasperObject is ByteArray) {
val pdfInputSteam = ByteArrayInputStream(jasperObject)
@@ -114,7 +126,23 @@ class ReportService {
}
}
- private fun createCover(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
+ private fun getRessourceBundle(reportLanguage: String): ResourceBundle {
+ return if (reportLanguage.equals("de-DE")) {
+ // Get the language code from the report parameter or other criteria
+ val languageCode = "de"
+ val locale = Locale(languageCode)
+ ResourceBundle.getBundle(localizationRessourceBasePath, locale)
+ }
+ // Default to english
+ else {
+ // Get the language code from the report parameter or other criteria
+ val languageCode = "en"
+ val locale = Locale(languageCode)
+ ResourceBundle.getBundle(localizationRessourceBasePath, locale)
+ }
+ }
+
+ private fun createCover(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileCoverStream = javaClass.getResourceAsStream(reportCoverDesignTemplate)
// Open file stream
@@ -129,6 +157,8 @@ class ReportService {
val parameters = HashMap()
parameters["CDATA_WATERMARK"] = waterMarkPath
parameters["CDATA_C4POCoverBackground"] = coverBackgroundPath
+ // Adds the resource bundle into the report
+ parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintCover: JasperPrint = JasperFillManager.fillReport(jasperReportCover, parameters, dataSource)
// Create File
@@ -144,7 +174,7 @@ class ReportService {
}
}
- private fun createTableOfContent(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
+ private fun createTableOfContent(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileContentStream = javaClass.getResourceAsStream(reportContentDesignTemplate)
// Open file stream
@@ -159,6 +189,8 @@ class ReportService {
val parameters = HashMap()
parameters["ProjectPentestReportDataSource"] = projectPentestReportDataSource
parameters["CDATA_WATERMARK"] = waterMarkPath
+ // Adds the resource bundle into the report
+ parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintContent: JasperPrint =
JasperFillManager.fillReport(jasperReportContent, parameters, JREmptyDataSource())
@@ -175,7 +207,7 @@ class ReportService {
}
}
- private fun createStateOfConfidentiality(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
+ private fun createStateOfConfidentiality(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileStateOfConfidentialityStream = javaClass.getResourceAsStream(reportStateOfConfidentialityDesignTemplate)
// Open file stream
@@ -189,6 +221,8 @@ class ReportService {
// Setup Parameter & add Sub-datasets
val parameters = HashMap()
parameters["CDATA_WATERMARK"] = waterMarkPath
+ // Adds the resource bundle into the report
+ parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintStateOfConfidentiality: JasperPrint =
JasperFillManager.fillReport(jasperReportContent, parameters, dataSource)
@@ -204,7 +238,7 @@ class ReportService {
}
}
- private fun createExecutiveSummary(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
+ private fun createExecutiveSummary(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileExecutiveSummaryStream = javaClass.getResourceAsStream(reportExecutiveSummaryDesignTemplate)
// Open file stream
@@ -332,6 +366,8 @@ class ReportService {
parameters["CategoryFindingsPieChartDataSource"] = categoryFindingsDataSource
parameters["SeverityFindingsPieChartDataSource"] = severityFindingsDataSource
parameters["CDATA_WATERMARK"] = waterMarkPath
+ // Adds the resource bundle into the report
+ parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintExecutiveSummary: JasperPrint =
JasperFillManager.fillReport(jasperReportContent, parameters, dataSource)
@@ -347,7 +383,7 @@ class ReportService {
}
}
- private fun createPentestReports(projectReportCollection: ProjectReport, reportFormat: String): List {
+ private fun createPentestReports(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): List {
// Create List of Files
var finalFiles: List = emptyList()
// Load Jasper Files
@@ -388,6 +424,8 @@ class ReportService {
parameters["CDATA_WATERMARK"] = waterMarkPath
parameters["CDATA_FindingsSubreport"] = findingsSubreportPath
parameters["CDATA_CommentsSubreport"] = commentsSubreportPath
+ // Adds the resource bundle into the report
+ parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
// Print one report for each objective and merge them together afterwards
val jasperPrintPentests: JasperPrint =
@@ -427,7 +465,7 @@ class ReportService {
return finalFiles
}
- private fun createAppendencies(reportFormat: String): ByteArray {
+ private fun createAppendencies(reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileAppendenciesStream = javaClass.getResourceAsStream(reportAppendenciesDesignTemplate)
// Open file stream
@@ -440,6 +478,8 @@ class ReportService {
parameters["SeverityRatingDefinition"] = JREmptyDataSource()
parameters["CDATA_WATERMARK"] = waterMarkPath
parameters["CDATA_SeverityRatingTable"] = severityRatingTablePath
+ // Adds the resource bundle into the report
+ parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintAppendencies: JasperPrint =
JasperFillManager.fillReport(jasperReportCover, parameters, JREmptyDataSource())
diff --git a/security-c4po-reporting/src/main/resources/application-COMPOSE.properties b/security-c4po-reporting/src/main/resources/application-COMPOSE.properties
index bd86a5c..c5803a2 100644
--- a/security-c4po-reporting/src/main/resources/application-COMPOSE.properties
+++ b/security-c4po-reporting/src/main/resources/application-COMPOSE.properties
@@ -13,6 +13,8 @@ api.client.pentests.path=pentests
# Ressource variables for jrxml files #
CDATA_WATERMARK=BOOT-INF/classes/jasper/Watermark.png
CDATA_C4POCoverBackground=BOOT-INF/classes/jasper/C4POCoverBackground#1.jpeg
+# Localization files #
+localization=jasper/localization/labels
# Subreports #
CDATA_FindingsSubreport=BOOT-INF/classes/jasper/subReports/FindingsSubreport.jasper
CDATA_CommentsSubreport=BOOT-INF/classes/jasper/subReports/CommentsSubreport.jasper
diff --git a/security-c4po-reporting/src/main/resources/application.properties b/security-c4po-reporting/src/main/resources/application.properties
index 884b849..8a244ac 100644
--- a/security-c4po-reporting/src/main/resources/application.properties
+++ b/security-c4po-reporting/src/main/resources/application.properties
@@ -39,7 +39,9 @@ reportPentestsCommentsOnlyDesignTemplate=/jasper/reports/c4po_pentests_comments_
reportAppendenciesDesignTemplate=/jasper/reports/c4po_appendencies.jrxml
# Path to default pdf file #
reportDefaultPdf=/jasper/DEFAULT.pdf
-# Ressource variables for jrxml files #
+# Localization files #
+localization=jasper/localization/labels
+# Resource variables for jrxml files #
CDATA_WATERMARK=./src/main/resources/jasper/Watermark.png
CDATA_C4POCoverBackground=./src/main/resources/jasper/C4POCoverBackground#1.jpeg
# Subreports #
diff --git a/security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties b/security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties
new file mode 100644
index 0000000..f30474e
--- /dev/null
+++ b/security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties
@@ -0,0 +1,72 @@
+## de-DE translation for labels $R{translationKey}
+# Cover
+title.cover_one=Penetrationstest
+title.cover_two=Ergebnisbericht
+hint=Kein Teil dieses Dokuments darf ohne die ausdrückliche schriftliche Genehmigung des Testers an externe Quellen weitergegeben werden
+
+# Table of contents
+title.content=Inhaltsverzeichnis
+
+# State of confidentiality
+title.confidentiality=Zustand der Vertraulichkeit
+text.confidentiality=Der Inhalt dieses Dokuments wird als geschützte und vertrauliche Geschäftsinformation betrachtet. Diese Informationen dürfen nur im Rahmen der bestimmungsgemäßen Verwendung verwendet werden. Dieses Dokument darf ohne vorherige schriftliche Zustimmung nicht an andere Lieferanten, Geschäftspartner oder Auftragnehmer weitergegeben werden. Darüber hinaus darf kein Teil dieses Dokuments ohne vorherige Zustimmung weitergegeben, vervielfältigt, kopiert oder verteilt werden. Der Inhalt dieses Dokuments stellt keine Rechtsberatung dar. Das Angebot von Dienstleistungen, die sich auf Compliance, Rechtsstreitigkeiten oder andere rechtliche Interessen beziehen, ist nicht als Rechtsberatung gedacht und sollte nicht als solche verstanden werden. Die hierin beschriebene Bewertung richtet sich zu Prüfungszwecken gegen das Unternehmen, und die in diesem Dokument enthaltenen Schwachstellen sollten gemindert werden, um die externe und / oder interne Infrastruktur zu schützen.
+
+# Executive Summary
+title.summary=Zusammenfassung
+text.summary=Das Unternehmen beauftragte den Tester mit der Durchführung eines Penetrationstests, um Sicherheitslücken zu identifizieren, die Auswirkungen zu bestimmen, alle Ergebnisse klar und wiederholbar zu dokumentieren und Abhilfeempfehlungen zu geben.
+title.assessment_overview_and_recommendations=Bewertungsübersicht und Empfehlungen
+title.number_of_findings_per_category=Anzahl der Funde pro Kategorie
+title.severity_overview_of_findings=Schweregradübersicht der Funde
+
+# Pentestreport
+title.reports=Technische Details für Funde und Kommentare
+title.finding=Fund:
+title.comment=Kommentar:
+# Headlines
+title=Titel:
+description=Beschreibung:
+impact=Auswirkung:
+reproduction_steps=Reproduktion:
+mitigation=Minderung:
+no_mitigation=Keine Schadensminderung zur Vermeidung, Minimierung oder Kompensation des festgestellten oder erforderlichen Befunds.
+affected_urls=Betroffene URL's:
+no_affected_urls=Keine spezifischen URLs betroffen.
+
+# Appendencies
+title.appendencies=Anhänge
+title.findings_severities=Schweregrade der Funde
+text.findings_severities=Jedem Befund wurde eine Schweregradbewertung von kritisch hoch, mittel oder niedrig zugewiesen. Die Bewertung basiert auf einer Bewertung der Priorität, mit der jeder Befund betrachtet werden sollte, und der potenziellen Auswirkungen, die jeder auf die Vertraulichkeit, Integrität und Verfügbarkeit hat.
+title.risk_matrix=Risiko Matrix
+text.risk_matrix=Die Risikomatrix wird verwendet, um den potenziellen Schaden einer Gefahr basierend auf den Faktoren Wahrscheinlichkeit und Schweregrad zu bewerten. Die Wahrscheinlichkeits- und Schweregradbewertungen werden multipliziert, um einen Bewertungswert zu erhalten. Diese Punktzahl wird in den Risikobereichen nachgeschlagen, um das Risikoniveau zu bestimmen. Ein Beispiel für eine Gefahren-Risiko-Matrix ist unten angegeben:
+example.risk_matrix=Beispiel: Wenn Wahrscheinlichkeit = Möglich (3) und Schweregrad = Erheblich (4), wird die Risikostufe durch Schweregrad * Wahrscheinlichkeit bestimmt, was 3*4 = 12 ist. Die Punktzahl 12 fällt in den Risikobereich 'Hoch'.
+# Risk Matrix Table Properties
+risk_score=Risiko-Score
+to=bis
+risk_level_cat=Risikostufen
+#
+severity=Schwere
+insignificant=Unbedeutend
+minor=Unerheblich
+moderate=Mäßig
+major=Wesentlich
+catastrophic=Katastrophal
+#
+likelihood=Wahrscheinlichkeit
+rare=Selten
+unlikely=Unwahrscheinlich
+possible=Möglich
+likely=Wahrscheinlich
+almost_certain=Fast sicher
+# Severity Definitions Table Properties
+title.severity_definitions=Definitionen der Schweregradbewertung
+text.severity_definitions.critical=Die Ausnutzung der technischen oder prozeduralen Schwachstelle wird erheblichen Schaden anrichten. Erheblicher politischer, finanzieller und/oder rechtlicher Schaden ist wahrscheinlich die Folge. Die Gefährdung ist kritisch, und es gibt einen öffentlich verfügbaren Mechanismus, um die Schwachstelle auszunutzen. Sicherheitskontrollen werden nicht effektiv implementiert, um die Schwere der Auswirkungen zu verringern, wenn die Schwachstelle ausgenutzt wird.
+text.severity_definitions.high=Die Ausnutzung der technischen oder prozeduralen Schwachstelle wird erheblichen Schaden anrichten. Erheblicher politischer, finanzieller und/oder rechtlicher Schaden ist wahrscheinlich die Folge. Die Bedrohungslage ist hoch, wodurch die Eintrittswahrscheinlichkeit steigt. Sicherheitskontrollen werden nicht effektiv implementiert, um die Schwere der Auswirkungen zu verringern, wenn die Schwachstelle ausgenutzt wird.
+text.severity_definitions.medium=Die Ausnutzung der technischen oder verfahrenstechnischen Schwachstelle wirkt sich erheblich auf die Vertraulichkeit, Integrität und/oder Verfügbarkeit des Systems, der Anwendung oder der Daten aus. Die Ausnutzung der Schwachstelle kann zu moderaten finanziellen Verlusten oder öffentlicher Blamage führen. Die Gefährdung ist moderat bis hoch, wodurch die Eintrittswahrscheinlichkeit steigt. Es sind Sicherheitskontrollen vorhanden, um die Schwere der Auswirkungen zu begrenzen, wenn die Schwachstelle ausgenutzt wird, sodass kein weiterer politischer, finanzieller oder rechtlicher Schaden entsteht. - ODER - Die Schwachstelle ist derart, dass sie andernfalls als hohes Risiko eingestuft würde, aber die Gefährdung ist so begrenzt, dass die Wahrscheinlichkeit des Auftretens minimal ist.
+text.severity_definitions.low=Die Ausnutzung der technischen oder verfahrenstechnischen Schwachstelle hat nur minimale Auswirkungen auf den Betrieb. Die Vertraulichkeit, Integrität und Verfügbarkeit (CIA) sensibler Informationen sind nicht gefährdet. Die Ausnutzung der Schwachstelle kann zu leichten finanziellen Verlusten oder öffentlicher Blamage führen. Die Bedrohungslage ist moderat bis gering. Es sind Sicherheitskontrollen vorhanden, um die Schwere der Auswirkungen zu begrenzen, wenn die Schwachstelle ausgenutzt wird, sodass kein weiterer politischer, finanzieller oder rechtlicher Schaden entsteht. - ODER - Die Schwachstelle ist derart, dass sie andernfalls als mittleres Risiko angesehen würde, aber die Bedrohung ist so begrenzt, dass die Wahrscheinlichkeit des Auftretens minimal ist.
+rating=Schwere
+
+# Severities
+low=Low
+medium=Medium
+high=High
+critical=Critical
\ No newline at end of file
diff --git a/security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties b/security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties
new file mode 100644
index 0000000..10fd22f
--- /dev/null
+++ b/security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties
@@ -0,0 +1,74 @@
+## en-US translation for labels $R{translationKey}
+# Cover
+title.cover_one=Penetration Test
+title.cover_two=Report of Findings
+hint=No part of this document may be disclosed to outside sources without the explicit written authorization of the tester
+
+# Table of contents
+title.content=Table of Contents
+
+# State of confidentiality
+title.confidentiality=State of Confidentiality
+text.confidentiality=The contents of this document are considered to be proprietary and business confidential information. This information is to be used only in the performance of its intended use. This document may not be released to another vendor, business partner or contractor without prior written consent. Additionally, no portion of this document may be communicated, reproduced, copied or distributed without the prior consent. The contents of this document do not constitute legal advice. The offer of services that relate to compliance, litigation or other legal interests are not intended as legal counsel and should not be taken as such. The assessment detailed herein is against the company for examination purposes, and the vulnerabilities included in this document should be mitigated in order to secure external and / or internal infrastructure.
+
+# Executive Summary
+title.summary=Executive Summary
+text.summary=The company contracted the tester to perform a Penetration Test to identify security weaknesses, determine the impact, document all findings in a clear and repeatable manner, and provide remediation recommendations.
+title.assessment_overview_and_recommendations=Assessment Overview and Recommendations
+title.number_of_findings_per_category=Number of Findings per Category
+title.severity_overview_of_findings=Severity Overview of Findings
+
+# Pentestreport
+title.reports=Technical Findings and Comments Details
+title.finding=Finding:
+title.comment=Comment:
+# Headlines
+title=Title:
+description=Description:
+impact=Impact:
+reproduction_steps=Reproduction Steps:
+mitigation=Mitigation:
+no_mitigation=No mitigation to avoid, minimize or compensate the finding found or needed.
+affected_urls=Affected URL's:
+no_affected_urls=No specific URL's affected.
+
+# Appendencies
+title.appendencies=Appendencies
+title.findings_severities=Findings Severities
+text.findings_severities=Each finding has been assigned a severity rating of critical high, medium, or low. The rating is based off of an assessment of the priority with which each finding should be viewed and the potential impact each has on the confidentiality, integrity, and availability.
+title.risk_matrix=Risk Matrix
+text.risk_matrix=The risk matrix is used to assess the potential damage of a hazard, based on the likelihood and severity factors. The likelihood and severity scores are multiplied to obtain a score value. This score is looked up in the risk ranges to determine the risk level. An example of a hazard risk matrix is given below:
+example.risk_matrix=Example, if Likelihood = Possible (3) and Severity = Major (4), the risk level is determined by severity * likelihood, which is 3*4 = 12. The score 12 falls in 'High' risk range.
+# Risk Matrix Table Properties
+risk_score=Risk score
+to=to
+risk_level_cat=Risk level category
+#
+severity=Severity
+insignificant=Insignificant
+minor=Minor
+moderate=Moderate
+major=Major
+catastrophic=Catastrophic
+#
+likelihood=Likelihood
+rare=Rare
+unlikely=Unlikely
+possible=Possible
+likely=Likely
+almost_certain=Almost certain
+# Severity Definitions Table Properties
+title.severity_definitions=Severity Rating Definitions
+text.severity_definitions.critical=Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political, financial, and/or legal damage is likely to result. The threat exposure is critical, and a publicly available mechanism exists to exploit the vulnerability. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability were exploited.
+text.severity_definitions.high=Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political, financial, and/or legal damage is likely to result. The threat exposure is high, thereby increasing the likelihood of occurrence. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability were exploited.
+text.severity_definitions.medium=Exploitation of the technical or procedural vulnerability will significantly impact the confidentiality, integrity, and/or availability of the system, application, or data. Exploitation of the vulnerability may cause moderate financial loss or public embarrassment. The threat exposure is moderate-to-high, thereby increasing the likelihood of occurrence. Security controls are in place to contain the severity of impact if the vulnerability were exploited, such that further political, financial, or legal damage will not occur. - OR - The vulnerability is such that it would otherwise be considered High Risk, but the threat exposure is so limited that the likelihood of occurrence is minimal.
+text.severity_definitions.low=Exploitation of the technical or procedural vulnerability will cause minimal impact to operations. The Confidentiality, Integrity and Availability (CIA) of sensitive information are not at risk of compromise. Exploitation of the vulnerability may cause slight financial loss or public embarrassment. The threat exposure is moderate-to-low. Security controls are in place to contain the severity of impact if the vulnerability were exploited, such that further political, financial, or legal damage will not occur. - OR - The vulnerability is such that it would otherwise be considered Medium Risk, but the threat exposure is so limited that the likelihood of occurrence is minimal.
+rating=Rating
+
+
+
+# Severities
+low=Niedrig
+medium=Mittel
+high=Hoch
+critical=Kritisch
\ No newline at end of file
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml
index 2205b2c..401be43 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml
@@ -30,43 +30,25 @@
-
-
+
+
-
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
@@ -87,7 +69,7 @@
-
+
@@ -97,7 +79,7 @@
-
+
@@ -147,7 +129,7 @@
-
+
@@ -157,7 +139,7 @@
-
+
@@ -439,118 +421,138 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml
index 45ca269..1c4b165 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml
@@ -59,13 +59,6 @@
-
-
-
-
-
-
-
@@ -76,6 +69,13 @@
+
+
+
+
+
+
+
@@ -95,101 +95,98 @@
-
-
+
+
-
+
-
-
+
+
-
-
+
+
-
+
-
-
-
-
+
+
+
+
-
+
-
-
-
-
+
+
+
+
-
+
-
-
-
-
+
+
+
+
-
+
-
-
+
+
-
-
+
+
-
+
-
-
-
-
+
+
+
+
-
+
-
-
-
-
+
+
+
+
-
+
-
-
-
-
+
+
+
+
-
+
-
-
-
-
-
-
+
+
+
+
-
-
+
-
-
+
+
@@ -224,7 +221,7 @@
-
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml
index cc77495..1b898bf 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml
@@ -122,14 +122,14 @@
-
+
-
+
@@ -176,13 +176,13 @@
-
-
+
+
-
+
-
-
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml
index c35a721..3e1a9cb 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml
@@ -141,13 +141,6 @@
-
-
-
-
-
-
-
@@ -158,6 +151,13 @@
+
+
+
+
+
+
+
@@ -167,33 +167,19 @@
-
+
-
-
-
+
+
+
-
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -269,6 +255,20 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml
index 9b683f2..cdc598c 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml
@@ -223,6 +223,9 @@
+
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml
index 4be7fd3..75a8547 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml
@@ -316,11 +316,17 @@
+
+
+
+
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml
index 48fc15a..83d44ca 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml
@@ -271,6 +271,9 @@
+
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml
index 25747b8..2b5a44a 100644
--- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml
@@ -58,30 +58,23 @@
-
-
+
+
-
-
+
+
-
+
-
-
-
-
-
-
-
-
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jasper b/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jasper
index daf0f3c..8d7810d 100644
Binary files a/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jasper and b/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jasper differ
diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml b/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml
index 9407796..e29d6e7 100644
--- a/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml
@@ -35,20 +35,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -82,13 +68,27 @@
-
-
+
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jasper b/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jasper
index 30fc2a1..580c6a3 100644
Binary files a/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jasper and b/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jasper differ
diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml b/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml
index 019a19d..cd3bb24 100644
--- a/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml
@@ -86,20 +86,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -107,13 +93,6 @@
-
-
-
-
-
-
-
@@ -128,27 +107,13 @@
-
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
@@ -192,22 +157,57 @@
-
+
-
-
-
-
-
-
-
-
-
+
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jasper b/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jasper
index 53213f6..fa87993 100644
Binary files a/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jasper and b/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jasper differ
diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml b/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml
index cee523c..43a291a 100644
--- a/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml
+++ b/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml
@@ -40,9 +40,9 @@
-
+
-
+
@@ -56,44 +56,47 @@
-
-
-
+
+
+
+
+
+
-
-
+
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
@@ -104,82 +107,60 @@
-
-
-
-
-
+
+
+
-
-
-
+
+
-
+
-
+
-
+
-
+
-
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-