From 6e55e61ce5cc595413d4641c4e8c34624cfc2f2f Mon Sep 17 00:00:00 2001 From: Marcel Haag Date: Wed, 3 May 2023 15:16:31 +0200 Subject: [PATCH] feat: As a user I want the japser report to support english and german --- .../export-report-dialog.component.html | 2 +- .../export-report-dialog.component.ts | 3 +- .../profile-settings.component.html | 8 +- .../profile-settings.component.ts | 4 - .../services/reporting/reporting.service.ts | 5 +- .../reporting/report/ReportController.kt | 7 +- .../reporting/report/ReportService.kt | 68 ++++++++-- .../resources/application-COMPOSE.properties | 2 + .../src/main/resources/application.properties | 4 +- .../jasper/localization/labels_de.properties | 72 +++++++++++ .../jasper/localization/labels_en.properties | 74 +++++++++++ .../jasper/reports/c4po_appendencies.jrxml | 120 +++++++++--------- .../jasper/reports/c4po_content.jrxml | 119 +++++++++-------- .../resources/jasper/reports/c4po_cover.jrxml | 14 +- .../reports/c4po_executive_summary.jrxml | 54 ++++---- .../reports/c4po_pentests_comments_only.jrxml | 3 + .../c4po_pentests_findings_and_comments.jrxml | 6 + .../reports/c4po_pentests_findings_only.jrxml | 3 + .../c4po_state_of_confidentiality.jrxml | 19 +-- .../subReports/CommentsSubreport.jasper | Bin 19863 -> 20140 bytes .../jasper/subReports/CommentsSubreport.jrxml | 36 +++--- .../subReports/FindingsSubreport.jasper | Bin 30781 -> 31375 bytes .../jasper/subReports/FindingsSubreport.jrxml | 96 +++++++------- .../SeverityRatingTableSubreport.jasper | Bin 28392 -> 27819 bytes .../SeverityRatingTableSubreport.jrxml | 93 ++++++-------- 25 files changed, 496 insertions(+), 316 deletions(-) create mode 100644 security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties create mode 100644 security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties diff --git a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html index 79b2bb7..cc1e566 100644 --- a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html +++ b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html @@ -30,7 +30,7 @@ - + diff --git a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts index 318e289..d5e79a0 100644 --- a/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts +++ b/security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts @@ -81,6 +81,7 @@ export class ExportReportDialogComponent implements OnInit { } onClickExport(reportFormat: string, reportLanguage: string): void { + console.warn('ToDo: Use format ', reportFormat); // Get project id from dialog data const projectId = this.dialogData.options[0].additionalData.id; // Loading is true as long as there is a response from the reporting service @@ -89,7 +90,7 @@ export class ExportReportDialogComponent implements OnInit { switch (reportFormat) { case ExportFormatOptions.PDF: { // @ts-ignore - this.downloadPentestReport$ = this.reportingService.getReportPDFforProjectById(projectId) + this.downloadPentestReport$ = this.reportingService.getReportPDFforProjectById(projectId, reportLanguage) .pipe( shareReplay(), untilDestroyed(this) diff --git a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html index d6817c0..4d4a254 100644 --- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html +++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html @@ -119,7 +119,8 @@ - diff --git a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts index b6f2e5e..678244b 100644 --- a/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts +++ b/security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts @@ -205,10 +205,6 @@ export class ProfileSettingsComponent implements OnInit { } onClickCancel(): void { - console.log(this.userFormGroup.get('firstName').dirty); - console.log(this.userFormGroup.get('firstName')?.hasError('required')); - console.log(this.userFirstNameControl.hasError('required')); - this.dialogRef.close(); } diff --git a/security-c4po-angular/src/shared/services/reporting/reporting.service.ts b/security-c4po-angular/src/shared/services/reporting/reporting.service.ts index b61468a..863258f 100644 --- a/security-c4po-angular/src/shared/services/reporting/reporting.service.ts +++ b/security-c4po-angular/src/shared/services/reporting/reporting.service.ts @@ -18,8 +18,9 @@ export class ReportingService { /** * Get PDF Report by project id */ - public getReportPDFforProjectById(projectId: string): Observable> { - return this.http.get(`${this.reportBaseURL}/${projectId}/pdf`, + // ToDo: Add language here + public getReportPDFforProjectById(projectId: string, reportLanguage: string): Observable> { + return this.http.get(`${this.reportBaseURL}/${projectId}/pdf/${reportLanguage}`, { // @ts-ignore responseType: 'arraybuffer', diff --git a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt index 3596276..2a015c8 100644 --- a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt +++ b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt @@ -28,12 +28,13 @@ class ReportController(private val apiService: APIService, private val reportSer var logger = getLoggerFor() @GetMapping( - "/{projectId}/pdf", + "/{projectId}/pdf/{reportLanguage}", produces = [MediaType.APPLICATION_PDF_VALUE] ) - fun downloadPentestReportPDF(@PathVariable(value = "projectId") projectId: String, @AuthenticationPrincipal user: Appuser): Mono> { + // ToDo: Add language here + fun downloadPentestReportPDF(@PathVariable(value = "projectId") projectId: String, @PathVariable(value = "reportLanguage") reportLanguage: String, @AuthenticationPrincipal user: Appuser): Mono> { return this.apiService.requestProjectReportDataById(projectId, user.token).flatMap {projectReport -> - this.reportService.createReport(projectReport, "pdf").map { reportClassLoaderFilePath -> + this.reportService.createReport(projectReport, "pdf", reportLanguage).map { reportClassLoaderFilePath -> ResponseEntity.ok().body(reportClassLoaderFilePath) }.switchIfEmpty { Mono.just(notFound().build()) diff --git a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt index 5af266b..bb9e5b4 100644 --- a/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt +++ b/security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt @@ -3,6 +3,7 @@ package com.securityc4po.reporting.report import com.securityc4po.reporting.extensions.getLoggerFor import com.securityc4po.reporting.remote.model.* import net.sf.jasperreports.engine.* +import net.sf.jasperreports.engine.JRParameter.REPORT_RESOURCE_BUNDLE import net.sf.jasperreports.engine.data.JRBeanCollectionDataSource import org.apache.pdfbox.io.MemoryUsageSetting import org.apache.pdfbox.multipdf.PDFMergerUtility @@ -11,6 +12,8 @@ import org.springframework.stereotype.Service import reactor.core.publisher.Flux import reactor.core.publisher.Mono import java.io.* +import java.util.* +import kotlin.collections.HashMap @Service @@ -51,6 +54,10 @@ class ReportService { @Value("\${reportDefaultPdf}") lateinit var reportDefaultPdfPropertyPath: String + // Path to localization files + @Value("\${localization}") + lateinit var localizationRessourceBasePath: String + // Image paths @Value("\${CDATA_WATERMARK}") lateinit var waterMarkPath: String @@ -68,13 +75,14 @@ class ReportService { @Value("\${CDATA_SeverityRatingTable}") lateinit var severityRatingTablePath: String - fun createReport(projectReportCollection: ProjectReport, reportFormat: String): Mono { + fun createReport(projectReportCollection: ProjectReport, reportFormat: String, reportLanguage: String): Mono { + logger.info("Use: " + reportLanguage) // Setup PDFMergerUtility val mergedC4POPentestReport: PDFMergerUtility = PDFMergerUtility() // Setup ByteArrayOutputStream for "on the fly" file generation val pdfDocOutputstream = ByteArrayOutputStream() // Try to create report files & merge them together - return createPentestReportFiles(projectReportCollection, reportFormat, mergedC4POPentestReport).collectList() + return createPentestReportFiles(projectReportCollection, reportFormat, reportLanguage, mergedC4POPentestReport).collectList() .map { // Merge report files mergedC4POPentestReport.destinationStream = pdfDocOutputstream @@ -89,16 +97,20 @@ class ReportService { private fun createPentestReportFiles( projectReportCollection: ProjectReport, reportFormat: String, + reportLanguage: String, mergedC4POPentestReport: PDFMergerUtility ): Flux { + // Setup ressource bundle for localization + val resourceBundle = getRessourceBundle(reportLanguage) + // Setup Flux to create report return Flux.just( // Create byte arrays of report files - createCover(projectReportCollection, reportFormat), - createTableOfContent(projectReportCollection, reportFormat), - createStateOfConfidentiality(projectReportCollection, reportFormat), - createExecutiveSummary(projectReportCollection, reportFormat), - createPentestReports(projectReportCollection, reportFormat), - createAppendencies(reportFormat) + createCover(projectReportCollection, reportFormat, resourceBundle), + createTableOfContent(projectReportCollection, reportFormat, resourceBundle), + createStateOfConfidentiality(projectReportCollection, reportFormat, resourceBundle), + createExecutiveSummary(projectReportCollection, reportFormat, resourceBundle), + createPentestReports(projectReportCollection, reportFormat, resourceBundle), + createAppendencies(reportFormat, resourceBundle) ).map { jasperObject -> if (jasperObject is ByteArray) { val pdfInputSteam = ByteArrayInputStream(jasperObject) @@ -114,7 +126,23 @@ class ReportService { } } - private fun createCover(projectReportCollection: ProjectReport, reportFormat: String): ByteArray { + private fun getRessourceBundle(reportLanguage: String): ResourceBundle { + return if (reportLanguage.equals("de-DE")) { + // Get the language code from the report parameter or other criteria + val languageCode = "de" + val locale = Locale(languageCode) + ResourceBundle.getBundle(localizationRessourceBasePath, locale) + } + // Default to english + else { + // Get the language code from the report parameter or other criteria + val languageCode = "en" + val locale = Locale(languageCode) + ResourceBundle.getBundle(localizationRessourceBasePath, locale) + } + } + + private fun createCover(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray { // Load Jasper Files val fileCoverStream = javaClass.getResourceAsStream(reportCoverDesignTemplate) // Open file stream @@ -129,6 +157,8 @@ class ReportService { val parameters = HashMap() parameters["CDATA_WATERMARK"] = waterMarkPath parameters["CDATA_C4POCoverBackground"] = coverBackgroundPath + // Adds the resource bundle into the report + parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle // Fill Reports val jasperPrintCover: JasperPrint = JasperFillManager.fillReport(jasperReportCover, parameters, dataSource) // Create File @@ -144,7 +174,7 @@ class ReportService { } } - private fun createTableOfContent(projectReportCollection: ProjectReport, reportFormat: String): ByteArray { + private fun createTableOfContent(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray { // Load Jasper Files val fileContentStream = javaClass.getResourceAsStream(reportContentDesignTemplate) // Open file stream @@ -159,6 +189,8 @@ class ReportService { val parameters = HashMap() parameters["ProjectPentestReportDataSource"] = projectPentestReportDataSource parameters["CDATA_WATERMARK"] = waterMarkPath + // Adds the resource bundle into the report + parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle // Fill Reports val jasperPrintContent: JasperPrint = JasperFillManager.fillReport(jasperReportContent, parameters, JREmptyDataSource()) @@ -175,7 +207,7 @@ class ReportService { } } - private fun createStateOfConfidentiality(projectReportCollection: ProjectReport, reportFormat: String): ByteArray { + private fun createStateOfConfidentiality(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray { // Load Jasper Files val fileStateOfConfidentialityStream = javaClass.getResourceAsStream(reportStateOfConfidentialityDesignTemplate) // Open file stream @@ -189,6 +221,8 @@ class ReportService { // Setup Parameter & add Sub-datasets val parameters = HashMap() parameters["CDATA_WATERMARK"] = waterMarkPath + // Adds the resource bundle into the report + parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle // Fill Reports val jasperPrintStateOfConfidentiality: JasperPrint = JasperFillManager.fillReport(jasperReportContent, parameters, dataSource) @@ -204,7 +238,7 @@ class ReportService { } } - private fun createExecutiveSummary(projectReportCollection: ProjectReport, reportFormat: String): ByteArray { + private fun createExecutiveSummary(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray { // Load Jasper Files val fileExecutiveSummaryStream = javaClass.getResourceAsStream(reportExecutiveSummaryDesignTemplate) // Open file stream @@ -332,6 +366,8 @@ class ReportService { parameters["CategoryFindingsPieChartDataSource"] = categoryFindingsDataSource parameters["SeverityFindingsPieChartDataSource"] = severityFindingsDataSource parameters["CDATA_WATERMARK"] = waterMarkPath + // Adds the resource bundle into the report + parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle // Fill Reports val jasperPrintExecutiveSummary: JasperPrint = JasperFillManager.fillReport(jasperReportContent, parameters, dataSource) @@ -347,7 +383,7 @@ class ReportService { } } - private fun createPentestReports(projectReportCollection: ProjectReport, reportFormat: String): List { + private fun createPentestReports(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): List { // Create List of Files var finalFiles: List = emptyList() // Load Jasper Files @@ -388,6 +424,8 @@ class ReportService { parameters["CDATA_WATERMARK"] = waterMarkPath parameters["CDATA_FindingsSubreport"] = findingsSubreportPath parameters["CDATA_CommentsSubreport"] = commentsSubreportPath + // Adds the resource bundle into the report + parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle // Fill Reports // Print one report for each objective and merge them together afterwards val jasperPrintPentests: JasperPrint = @@ -427,7 +465,7 @@ class ReportService { return finalFiles } - private fun createAppendencies(reportFormat: String): ByteArray { + private fun createAppendencies(reportFormat: String, resourceBundle: ResourceBundle): ByteArray { // Load Jasper Files val fileAppendenciesStream = javaClass.getResourceAsStream(reportAppendenciesDesignTemplate) // Open file stream @@ -440,6 +478,8 @@ class ReportService { parameters["SeverityRatingDefinition"] = JREmptyDataSource() parameters["CDATA_WATERMARK"] = waterMarkPath parameters["CDATA_SeverityRatingTable"] = severityRatingTablePath + // Adds the resource bundle into the report + parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle // Fill Reports val jasperPrintAppendencies: JasperPrint = JasperFillManager.fillReport(jasperReportCover, parameters, JREmptyDataSource()) diff --git a/security-c4po-reporting/src/main/resources/application-COMPOSE.properties b/security-c4po-reporting/src/main/resources/application-COMPOSE.properties index bd86a5c..c5803a2 100644 --- a/security-c4po-reporting/src/main/resources/application-COMPOSE.properties +++ b/security-c4po-reporting/src/main/resources/application-COMPOSE.properties @@ -13,6 +13,8 @@ api.client.pentests.path=pentests # Ressource variables for jrxml files # CDATA_WATERMARK=BOOT-INF/classes/jasper/Watermark.png CDATA_C4POCoverBackground=BOOT-INF/classes/jasper/C4POCoverBackground#1.jpeg +# Localization files # +localization=jasper/localization/labels # Subreports # CDATA_FindingsSubreport=BOOT-INF/classes/jasper/subReports/FindingsSubreport.jasper CDATA_CommentsSubreport=BOOT-INF/classes/jasper/subReports/CommentsSubreport.jasper diff --git a/security-c4po-reporting/src/main/resources/application.properties b/security-c4po-reporting/src/main/resources/application.properties index 884b849..8a244ac 100644 --- a/security-c4po-reporting/src/main/resources/application.properties +++ b/security-c4po-reporting/src/main/resources/application.properties @@ -39,7 +39,9 @@ reportPentestsCommentsOnlyDesignTemplate=/jasper/reports/c4po_pentests_comments_ reportAppendenciesDesignTemplate=/jasper/reports/c4po_appendencies.jrxml # Path to default pdf file # reportDefaultPdf=/jasper/DEFAULT.pdf -# Ressource variables for jrxml files # +# Localization files # +localization=jasper/localization/labels +# Resource variables for jrxml files # CDATA_WATERMARK=./src/main/resources/jasper/Watermark.png CDATA_C4POCoverBackground=./src/main/resources/jasper/C4POCoverBackground#1.jpeg # Subreports # diff --git a/security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties b/security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties new file mode 100644 index 0000000..f30474e --- /dev/null +++ b/security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties @@ -0,0 +1,72 @@ +## de-DE translation for labels $R{translationKey} +# Cover +title.cover_one=Penetrationstest +title.cover_two=Ergebnisbericht +hint=Kein Teil dieses Dokuments darf ohne die ausdrückliche schriftliche Genehmigung des Testers an externe Quellen weitergegeben werden + +# Table of contents +title.content=Inhaltsverzeichnis + +# State of confidentiality +title.confidentiality=Zustand der Vertraulichkeit +text.confidentiality=Der Inhalt dieses Dokuments wird als geschützte und vertrauliche Geschäftsinformation betrachtet. Diese Informationen dürfen nur im Rahmen der bestimmungsgemäßen Verwendung verwendet werden. Dieses Dokument darf ohne vorherige schriftliche Zustimmung nicht an andere Lieferanten, Geschäftspartner oder Auftragnehmer weitergegeben werden. Darüber hinaus darf kein Teil dieses Dokuments ohne vorherige Zustimmung weitergegeben, vervielfältigt, kopiert oder verteilt werden. Der Inhalt dieses Dokuments stellt keine Rechtsberatung dar. Das Angebot von Dienstleistungen, die sich auf Compliance, Rechtsstreitigkeiten oder andere rechtliche Interessen beziehen, ist nicht als Rechtsberatung gedacht und sollte nicht als solche verstanden werden. Die hierin beschriebene Bewertung richtet sich zu Prüfungszwecken gegen das Unternehmen, und die in diesem Dokument enthaltenen Schwachstellen sollten gemindert werden, um die externe und / oder interne Infrastruktur zu schützen. + +# Executive Summary +title.summary=Zusammenfassung +text.summary=Das Unternehmen beauftragte den Tester mit der Durchführung eines Penetrationstests, um Sicherheitslücken zu identifizieren, die Auswirkungen zu bestimmen, alle Ergebnisse klar und wiederholbar zu dokumentieren und Abhilfeempfehlungen zu geben. +title.assessment_overview_and_recommendations=Bewertungsübersicht und Empfehlungen +title.number_of_findings_per_category=Anzahl der Funde pro Kategorie +title.severity_overview_of_findings=Schweregradübersicht der Funde + +# Pentestreport +title.reports=Technische Details für Funde und Kommentare +title.finding=Fund: +title.comment=Kommentar: +# Headlines +title=Titel: +description=Beschreibung: +impact=Auswirkung: +reproduction_steps=Reproduktion: +mitigation=Minderung: +no_mitigation=Keine Schadensminderung zur Vermeidung, Minimierung oder Kompensation des festgestellten oder erforderlichen Befunds. +affected_urls=Betroffene URL's: +no_affected_urls=Keine spezifischen URLs betroffen. + +# Appendencies +title.appendencies=Anhänge +title.findings_severities=Schweregrade der Funde +text.findings_severities=Jedem Befund wurde eine Schweregradbewertung von kritisch hoch, mittel oder niedrig zugewiesen. Die Bewertung basiert auf einer Bewertung der Priorität, mit der jeder Befund betrachtet werden sollte, und der potenziellen Auswirkungen, die jeder auf die Vertraulichkeit, Integrität und Verfügbarkeit hat. +title.risk_matrix=Risiko Matrix +text.risk_matrix=Die Risikomatrix wird verwendet, um den potenziellen Schaden einer Gefahr basierend auf den Faktoren Wahrscheinlichkeit und Schweregrad zu bewerten. Die Wahrscheinlichkeits- und Schweregradbewertungen werden multipliziert, um einen Bewertungswert zu erhalten. Diese Punktzahl wird in den Risikobereichen nachgeschlagen, um das Risikoniveau zu bestimmen. Ein Beispiel für eine Gefahren-Risiko-Matrix ist unten angegeben: +example.risk_matrix=Beispiel: Wenn Wahrscheinlichkeit = Möglich (3) und Schweregrad = Erheblich (4), wird die Risikostufe durch Schweregrad * Wahrscheinlichkeit bestimmt, was 3*4 = 12 ist. Die Punktzahl 12 fällt in den Risikobereich 'Hoch'. +# Risk Matrix Table Properties +risk_score=Risiko-Score +to=bis +risk_level_cat=Risikostufen +# +severity=Schwere +insignificant=Unbedeutend +minor=Unerheblich +moderate=Mäßig +major=Wesentlich +catastrophic=Katastrophal +# +likelihood=Wahrscheinlichkeit +rare=Selten +unlikely=Unwahrscheinlich +possible=Möglich +likely=Wahrscheinlich +almost_certain=Fast sicher +# Severity Definitions Table Properties +title.severity_definitions=Definitionen der Schweregradbewertung +text.severity_definitions.critical=Die Ausnutzung der technischen oder prozeduralen Schwachstelle wird erheblichen Schaden anrichten. Erheblicher politischer, finanzieller und/oder rechtlicher Schaden ist wahrscheinlich die Folge. Die Gefährdung ist kritisch, und es gibt einen öffentlich verfügbaren Mechanismus, um die Schwachstelle auszunutzen. Sicherheitskontrollen werden nicht effektiv implementiert, um die Schwere der Auswirkungen zu verringern, wenn die Schwachstelle ausgenutzt wird. +text.severity_definitions.high=Die Ausnutzung der technischen oder prozeduralen Schwachstelle wird erheblichen Schaden anrichten. Erheblicher politischer, finanzieller und/oder rechtlicher Schaden ist wahrscheinlich die Folge. Die Bedrohungslage ist hoch, wodurch die Eintrittswahrscheinlichkeit steigt. Sicherheitskontrollen werden nicht effektiv implementiert, um die Schwere der Auswirkungen zu verringern, wenn die Schwachstelle ausgenutzt wird. +text.severity_definitions.medium=Die Ausnutzung der technischen oder verfahrenstechnischen Schwachstelle wirkt sich erheblich auf die Vertraulichkeit, Integrität und/oder Verfügbarkeit des Systems, der Anwendung oder der Daten aus. Die Ausnutzung der Schwachstelle kann zu moderaten finanziellen Verlusten oder öffentlicher Blamage führen. Die Gefährdung ist moderat bis hoch, wodurch die Eintrittswahrscheinlichkeit steigt. Es sind Sicherheitskontrollen vorhanden, um die Schwere der Auswirkungen zu begrenzen, wenn die Schwachstelle ausgenutzt wird, sodass kein weiterer politischer, finanzieller oder rechtlicher Schaden entsteht. - ODER - Die Schwachstelle ist derart, dass sie andernfalls als hohes Risiko eingestuft würde, aber die Gefährdung ist so begrenzt, dass die Wahrscheinlichkeit des Auftretens minimal ist. +text.severity_definitions.low=Die Ausnutzung der technischen oder verfahrenstechnischen Schwachstelle hat nur minimale Auswirkungen auf den Betrieb. Die Vertraulichkeit, Integrität und Verfügbarkeit (CIA) sensibler Informationen sind nicht gefährdet. Die Ausnutzung der Schwachstelle kann zu leichten finanziellen Verlusten oder öffentlicher Blamage führen. Die Bedrohungslage ist moderat bis gering. Es sind Sicherheitskontrollen vorhanden, um die Schwere der Auswirkungen zu begrenzen, wenn die Schwachstelle ausgenutzt wird, sodass kein weiterer politischer, finanzieller oder rechtlicher Schaden entsteht. - ODER - Die Schwachstelle ist derart, dass sie andernfalls als mittleres Risiko angesehen würde, aber die Bedrohung ist so begrenzt, dass die Wahrscheinlichkeit des Auftretens minimal ist. +rating=Schwere + +# Severities +low=Low +medium=Medium +high=High +critical=Critical \ No newline at end of file diff --git a/security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties b/security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties new file mode 100644 index 0000000..10fd22f --- /dev/null +++ b/security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties @@ -0,0 +1,74 @@ +## en-US translation for labels $R{translationKey} +# Cover +title.cover_one=Penetration Test +title.cover_two=Report of Findings +hint=No part of this document may be disclosed to outside sources without the explicit written authorization of the tester + +# Table of contents +title.content=Table of Contents + +# State of confidentiality +title.confidentiality=State of Confidentiality +text.confidentiality=The contents of this document are considered to be proprietary and business confidential information. This information is to be used only in the performance of its intended use. This document may not be released to another vendor, business partner or contractor without prior written consent. Additionally, no portion of this document may be communicated, reproduced, copied or distributed without the prior consent. The contents of this document do not constitute legal advice. The offer of services that relate to compliance, litigation or other legal interests are not intended as legal counsel and should not be taken as such. The assessment detailed herein is against the company for examination purposes, and the vulnerabilities included in this document should be mitigated in order to secure external and / or internal infrastructure. + +# Executive Summary +title.summary=Executive Summary +text.summary=The company contracted the tester to perform a Penetration Test to identify security weaknesses, determine the impact, document all findings in a clear and repeatable manner, and provide remediation recommendations. +title.assessment_overview_and_recommendations=Assessment Overview and Recommendations +title.number_of_findings_per_category=Number of Findings per Category +title.severity_overview_of_findings=Severity Overview of Findings + +# Pentestreport +title.reports=Technical Findings and Comments Details +title.finding=Finding: +title.comment=Comment: +# Headlines +title=Title: +description=Description: +impact=Impact: +reproduction_steps=Reproduction Steps: +mitigation=Mitigation: +no_mitigation=No mitigation to avoid, minimize or compensate the finding found or needed. +affected_urls=Affected URL's: +no_affected_urls=No specific URL's affected. + +# Appendencies +title.appendencies=Appendencies +title.findings_severities=Findings Severities +text.findings_severities=Each finding has been assigned a severity rating of critical high, medium, or low. The rating is based off of an assessment of the priority with which each finding should be viewed and the potential impact each has on the confidentiality, integrity, and availability. +title.risk_matrix=Risk Matrix +text.risk_matrix=The risk matrix is used to assess the potential damage of a hazard, based on the likelihood and severity factors. The likelihood and severity scores are multiplied to obtain a score value. This score is looked up in the risk ranges to determine the risk level. An example of a hazard risk matrix is given below: +example.risk_matrix=Example, if Likelihood = Possible (3) and Severity = Major (4), the risk level is determined by severity * likelihood, which is 3*4 = 12. The score 12 falls in 'High' risk range. +# Risk Matrix Table Properties +risk_score=Risk score +to=to +risk_level_cat=Risk level category +# +severity=Severity +insignificant=Insignificant +minor=Minor +moderate=Moderate +major=Major +catastrophic=Catastrophic +# +likelihood=Likelihood +rare=Rare +unlikely=Unlikely +possible=Possible +likely=Likely +almost_certain=Almost certain +# Severity Definitions Table Properties +title.severity_definitions=Severity Rating Definitions +text.severity_definitions.critical=Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political, financial, and/or legal damage is likely to result. The threat exposure is critical, and a publicly available mechanism exists to exploit the vulnerability. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability were exploited. +text.severity_definitions.high=Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political, financial, and/or legal damage is likely to result. The threat exposure is high, thereby increasing the likelihood of occurrence. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability were exploited. +text.severity_definitions.medium=Exploitation of the technical or procedural vulnerability will significantly impact the confidentiality, integrity, and/or availability of the system, application, or data. Exploitation of the vulnerability may cause moderate financial loss or public embarrassment. The threat exposure is moderate-to-high, thereby increasing the likelihood of occurrence. Security controls are in place to contain the severity of impact if the vulnerability were exploited, such that further political, financial, or legal damage will not occur. - OR - The vulnerability is such that it would otherwise be considered High Risk, but the threat exposure is so limited that the likelihood of occurrence is minimal. +text.severity_definitions.low=Exploitation of the technical or procedural vulnerability will cause minimal impact to operations. The Confidentiality, Integrity and Availability (CIA) of sensitive information are not at risk of compromise. Exploitation of the vulnerability may cause slight financial loss or public embarrassment. The threat exposure is moderate-to-low. Security controls are in place to contain the severity of impact if the vulnerability were exploited, such that further political, financial, or legal damage will not occur. - OR - The vulnerability is such that it would otherwise be considered Medium Risk, but the threat exposure is so limited that the likelihood of occurrence is minimal. +rating=Rating + + + +# Severities +low=Niedrig +medium=Mittel +high=Hoch +critical=Kritisch \ No newline at end of file diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml index 2205b2c..401be43 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml @@ -30,43 +30,25 @@ - - + + - - + + - - - - - - - - - - - - - - - + + + + - - - - - - - @@ -87,7 +69,7 @@ - + @@ -97,7 +79,7 @@ - + @@ -147,7 +129,7 @@ - + @@ -157,7 +139,7 @@ - + @@ -439,118 +421,138 @@ - - - - - - - - - - - - - - - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml index 45ca269..1c4b165 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml @@ -59,13 +59,6 @@ - - - - - - - @@ -76,6 +69,13 @@ + + + + + + + @@ -95,101 +95,98 @@ - - + + - + - - + + - - + + - + - - - - + + + + - + - - - - + + + + - + - - - - + + + + - + - - + + - - + + - + - - - - + + + + - + - - - - + + + + - + - - - - + + + + - + - - - - - - + + + + - - + - - + + @@ -224,7 +221,7 @@ - + diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml index cc77495..1b898bf 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml @@ -122,14 +122,14 @@ - + - + @@ -176,13 +176,13 @@ - - + + - + - - + + diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml index c35a721..3e1a9cb 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml @@ -141,13 +141,6 @@ - - - - - - - @@ -158,6 +151,13 @@ + + + + + + + @@ -167,33 +167,19 @@ - + - - - + + + - - + + - - - - - - - - - - - - - - @@ -269,6 +255,20 @@ + + + + + + + + + + + + + + diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml index 9b683f2..cdc598c 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml @@ -223,6 +223,9 @@ + + + diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml index 4be7fd3..75a8547 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml @@ -316,11 +316,17 @@ + + + + + + diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml index 48fc15a..83d44ca 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml @@ -271,6 +271,9 @@ + + + diff --git a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml index 25747b8..2b5a44a 100644 --- a/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml @@ -58,30 +58,23 @@ - - + + - - + + - + - - - - - - - - + diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jasper b/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jasper index daf0f3c8cdb5abe0f99837687dcc56209a1e6668..8d7810db67302fc3233ca918a5e99ec629b9cbc7 100644 GIT binary patch delta 5207 zcmbVQ4Qx}_6@J(Ga}p;cabi18i4*4sN)jg!=LhoZBu+@;kPsV6=)f_tLrmiz?3a;N zS^{b-wG<)2QMaPDsFSuL2HT*X1f#!f(lk`Ml}XhQ)uy3Vnph!-cAB(R+IG)<&(D75 zWkWnE_q}_*bI;Ti+W8krxPJEObdogE>%pK&GxF!du_D6?#&%A#| z?C1HT6W&>SV4u(H^?60(8h_NuNBqzDTyr$h{`go8nxCEbd0oCmUUbd%M|T9hzR0{k z=wqhXsODH2>5ko8Lr4Z%8h{jDhf8a#;dkm9I9YTJ?yuEDL_3xhW>*xp=WhUGaV=>E zTk+B5W(Suw@0;Z(d_f#ONxNZ>*Xs}N$1X+F!V;p1`1jB86EavW*d(7EJ`|RFWTHjH z7sKIbgli7^cuREFa=;UXZ*>)Lpk!}G+hT;<01tHQ;O`|{NH;X!;qg-2L`>-vXkRh&g0Z1&=rp2vmziC36AQ^ij^GTu(=Mt)R$@%KqxTm zs-=qLpkBkY3_(^FYRScVIK!S9QMPtCZqN}c{MhiFZVGFn0%V)zeGyUCJki$Yn+-)+ zEzyzp>~m7Np7MKnwhWq~r_@O7v3JTtDpC*T%DS~n7+{d+G6o&vHdlP&BW%hJ@Kly9 zZ?pAs94j_94A?H*b|h={ECyl?FQ899j4CK83=@F8N+Z}>pH@IbF8kt~d5I%^Kz~lW zXcxK7GU{{GSh9fqdHO_{EeLzfl_Wxo<)F*>6Z7Y!3(i)R!QH}O+AE7;I9+X=dKrWL zr{zcgj%UFTL)gIwQLihP-wCV#viZwrcK)H@IsM2rjytp>(tJvs0ZX_IgWN;7`?MMGwb?>$PQ2Q)8r|dTWX;sT|?Mf1dmB_S1j<=Hjah z@13=41YQCy+caF!wk{(xr4pY;fHkivlvqF&N}LSHN}LQ#Cn{_dlbojFGG0=NUxT{Z zh&542U1}le9;@mQw}!rSI3>Gaq%G|Kd#B#-DvKJ}DQ3Eqx5} zCX2@SC~0#6eOPl|K^p;Oz_NTNNkTZ8ILSbgIAW3ul#N^)wrL474kMShaUQtN@S=9K zp>jh@9KHkkROvE!E|2%~^FGT=C=j5Vkr+$7E#dfsJg4s8;c~m|yIc?|)h!bP3(s+z zSo}hC+Q4`TE4Zp|ARY#xROw&1c1C@8-KB3zn~uJ6?5(XI%cSp>Xs;^$vM{Zy7@IZk zD`+pE0wCLllL49Z$-s1CU5Yub(iw@;_tQtr{eFCscwa?#L3YDKvcts+9Xo2@l`FdV zNQy3CMx-F_KyMHHDtPy&d#vAo?#Nx!iGI^#D*7pgWX*L2MFmtr(PTiTXfhyER0JMU z^g7Nfe*I5HOCMI$ZLT2i#?4vX+=n|w?+95S<)9D{US-yq44OQe06j&lnnVG}4D=H+6ePX$iMjGIyO*d$}yZJ^5zMSgRIl*na3EbA549!+RjqvmKEcnWr zrz%{cCyEIUTQi`%rPqw%3Q`A1+vF1cdV+&RmGHxst^N7QI@4k7LYkxq4>CG^JhO;F zC_DzvNezrV&0+L1i6uq1Tm?6Q@bT7yHY>WX!{*6E zYG7r`c?xa<sxuf4 z7melclMdtB03m|^h|M`+pL9>!C&nkmFY9}7yTeLH={ij`Lo00qu(Pwg03#%p1vS3V zSwS6ccT~Y|I}2(5R%f}G=HSM1DC;Usq!Hq~9pn8rhh11!_h5V16LeIttC~gu+6Lfq zS2=zDBW(llkFF{)T4i=Qbaor4ZAUl0jWeyHIT=vO0r~6yXVDHh=_)|SNJM6!~`WJf4BA=^TZ5H#VUJrUu zq{3blX=AU2K2P`JtiIRVC<%5p?)+Y_RWb@kBMF?ewQi0p8@GwY$sKWyZXr8!q`QcDU~*Ar6=taCS;t z5q^*mJ5zHhp6%A=_S5S4)QpDJ>p4h9H+?J_OB2Rhi#%8C-q_mSys6FF-qy6ax!v8qxvi<4 Q2amoS&JAb7(XqV$0_K$j0ssI2 delta 4680 zcma)AeN0=|6@S-!1~6b_V{8M)CVT{f310z&jWNa$h`|h-q^;5)cYx#yhUx$i#1wb#*0uc9Aoir@`h&GYXUTZ3GfVHQdM8bCdaw(JR2eQPCuh&lhe^T->DO^Xfzh3M%XB=Y{pOtn+$Sa zosUJy#sa;VP0lVvV~KfoAx2H9nzFSV)Sr4&ix6mvTi~6FU)NSJh);xx3g4Y^!q$+X z1)i;2RQs0W1bR^4Iueh=1>NW6-~Z_4$gBVO;Ui5S2e16+$dnE)>O=6BtpiS2TcEzO z5!qp)^4zN3&lJqZ=D6wD0@-aAFXQ28lwCMUmKe>6i%3a=J^2JTErSbro5(5R7UOb8 zKCuY+ay*_)FkK5V&YqmJKN(KKnpuk_hqxh}*R`C$)oA*g;Y))9^+R7(47J0>D!=+L z$%PKX@g!W{!hYjC*0s z)Z)To6cMS$amN;D2eGA?v@RGAM+C*X{Y;s}6l9;FjctePrXxh`k|fXd%yF@VAhBAo z4aepd6O>MfT=+x~OLv%!a!&}vLcvB$)MGJ)%7^Jp7&s>%BWnnQde9+7rvk?cqZ7XIB-vC6NrbW93_l{@erkt_f{UnE8>ojyww5(bVb z8Hpt$2{z8LiwpfpKze$T97VVDh}U4sQ5->Z+6nKJtkGE;oYA%F2z(&Dsh|m**BkZ| zAgur&=AqS7f$4CTR3G8jS*n);vg)OPta<^+to|(AsWqoo%pnz8fWF-hdW(hCg5-ioYA6fkwlENCEA!<9H1M%iM z)w4CS~_rOmq*R2k6POyVDeT}Nzc*Q(;@ZfX0g%>`nGc|art>?;@ z!eODOU(s^A)ogf7ICs=JK-@@5SK+wTYkea#7SoL5{8Jw5@g2o_?GKl{i^cN|_nU5Y zUwnBI-%U%O3hHFf;4PZa5)9Z{glcfu|69#Dn|Xi0b9|?d?@vjcbV$+e^Xn|#mjbfx zO95H;1t7EgDOjpcv~P94Qqg^mQL)ik9o4^_T5o<`g*>T!tx<&BuvXof`qf?&%KsbH4W6}|4IB8%=g12q{Y`7%gs-#> z(F^e2db=L}+?ESVb}QO|SMVqYRm^=bwC}-~r(K6OQ-|8$%|U~p>G}|ln_VC3$#Ywn z**Q4vv%tOXLloVmKvAEytdNZ!^9E+8LbxncumW#4Ti|_N9{iwZh{mku%hslvOnOdQ zOWYg6ZGfY_mTfXC$=rl0l$n`Y!9sn#jm~UYX%*C?eU&(sGkp!)q*AKz%qCKqf<;7f zJ4}sJ+0v;{&{rKeoz#ntzaV^~uDNY+VW0v<;QBzlc@qoAG3qD7PlxSiICkDX8RpxA z@lOVJW4^}e#Pcbq8PDymdU(#M!Rt#-3tqp6#|UgVYs<+#Tg}2owX2RgbT>v2qCv`M zeA9uM(6OL*W_&v2_X$5-_zc>?qppT4E+cmRg^R@cldBrfzi^Qpst0%Dxo5Bz&yV9V z0;_}ddDIiEyK3RaU=_CA8N^S_y4zZp88PIWoc4P{z94^+Ho@brGp9+#L6X$yxX(W# z;$L%{D${uW=(s=Rn@PJ~bNATNkXESZ(D+Pf*5e<4OiHss!w^x~F=WG89~r8_^Jj*L zY8UVrfp>@OIk*B?u^Wp}dPgff?=eBMM_rW`^b!p$5*jJtq(`ew6H+1px5o@uJw~w^ zX$Wq4jN*ph6#29(4Rk}(utw=MFkCHqeK(uew-sItxv?tX=fm9yUuTu*H>q9T+Xzj< zUq^yY@v0!dqL3Q@ehxkw#Jv%Yj`Ut&6leIfudB5hyYP}rj+(eDv3-=@3vT&pZFje) zm5tU6ZcmfkSSU+oR`|}S&WW?jo%W3R9u`z`IjXX3qP!e)6fE-GyT-IV56xH-BUj;_ z?QY3autw0srhIy~r%|1}PzNTgl)eLtrJr zIO*j;-bjBx(2I_ztm8AteAmxtqhT(bjB)ra9B1caBY1^fn7eR(qQP{}J%nE{__Ksh z2vbgG%k+(V4}LdsuKF(d6Pd8nyei78!!!dV54NFcxO_0N+JM&x(^TYrq}oF~RK%u| zFLNl+M2w9hCs)oPFL_m)h~~@D0y$d9qvU@DG~O;bT*Sj^v{;T32_?Cz~aY8g!Y#EP;MxAJ6z9$;>TgJb%7 diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml b/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml index 9407796..e29d6e7 100644 --- a/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml @@ -35,20 +35,6 @@ - - - - - - - - - - - - - - @@ -82,13 +68,27 @@ - - + + - - + + + + + + + + + + + + + + + + diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jasper b/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jasper index 30fc2a18489db134872be9a3cdb84619cb399ddf..580c6a3d76807daf65f38cda17576e937493b338 100644 GIT binary patch delta 4624 zcmds3eN0=|6+idc!GP_=F)^6Wl8Af|Re*s2S>pg9kdi=2!^gr`TmuG7jBV^kfprUN zX_F{vLz>%#(vNg))kaNeQjL}*o0`&g>7;&a>mqgQ8YzjYE}AAKt*S+vR82eg-p4bT zmn!{tmVA8fIlp($`Tg#F_xhc0$oRj=o2NF@N6Ysc9~*#ugqug`d!-36Voa|&67CXi zFw78EfE!am{HXB9DA|!_=N}5AFLes0W>04X!=}=`db!_z-DSMEcqr8q7^E$%S zsH0$59R(9z=P0kUweoG_i)?;wPVo7~n9na4J=3MWR>s|$#M-d~+vXwC6?{5^8-y6jA+Gczwcvote|4Z?Fv zWH9>!u70oV?QzTAfM0}(40`&v>SF3HUQY*hoR!G$>H3=E68V(AUo%YmORJ4vFoN7% z;snK*6BMonK?Q>ZW9H!7(&;~HUy#U$^w51n61h%wb^9dpPdZlj8Tl*CYf3kfTdWc{ zH+dy7=9Pr2QAxpIrF9A>TFRSjZzvyD;2L$_mrhsSe-_JrTW()1889l0UKCh1Z_g=N z`fzQ+T>`kci8;(bLqdtbFmZ`-{xo{g0Z+{BR!Ia|d5P}Hx6{{m^=8@FkQ+&(8RWzhQNJZClQqK)(P&0wc{9S*Xhy+c zGj;_NwLTJITiv)~5KF-`01$^8*+z>R6E|3L!rq^Gw6?MZx3ast+tVp~x?F=HUzm}A z=lE{UZX72)^t-0Ibr)h+eekZ~tBSV=8!sF-)#Zrw;C#Ev9{@lR@G-voGO|h;Rc`Ll zpenMQs&F-^Dj1|1r(l9X`m6esC9DYFb?r8lB@rF7*HZS%K2J`!*Wcy!_b3}x`Ps)F z9hD)rqOrl%P`SH-H{ZjEpi(PkA1V|`>bcnPeoC3u^G5&)u1G@oRV-gC@C05Nx?)@YGstHNsB1a zlFe!9Kg{4iTb!07&I_3b0vBJqesbiE^QX7H5yimIX5gkzgMr9$2Ex@~pkNpS1ryDn zk1?pSFJd4=jJH4N?v#Jbs@$w{T7FwFHFojp=HKNu1#i?|-5M9g=@*O>HzOLHM3!?B zt_CLs!#F9JXig)HQ%kZ2Cu_(P3-)!?aM7*7Qg&GR7RnVO=(GhW>5bhgTt@&j+t z$Bj-XQ%` z+p1%&E#k>bG}QWpa4*xOw&TM6nqF)h7w(N|Uwek0tfhzDm1sY6??vnE@JnlPqUL1! zVMieY+9X}+w6*hqUb+>e4*Tlq*&Y)i68*IIWpaiNcihNRezu=bVclV7 z4zc4-$70gLp^hgGvfu#~qhE+&hq>;EnvGeQWq(6-M}~)aerzxVQtOtf?{*~pJ0`Z_ zssu0`1TgwO`tNTpVD&=q8$cqkrb^sF;rhW2d~pIH+2trIDabD_EGf?0xS_zcG2c;C zSYQA>fxGFon6&Bhdz*EI3;$QfpxFd1P)9(|F8o+%Be3X(kB27MV*(dEK&Jz1VmeIF30?F`pcpUv zq~L0Op9%I(mjz!X%bx;0=uqbjQk!}Tf0JqHU}|wP^CDlEoafJ?2$$Et1xsh3a286e zKbe6|=b)_iBwVCV4%%?>Tp`=&~(+p(IyYX;m@3U6wkghkuw_)0N2^rL&diJ6t40-lId+l0qb#f`FiS)P#?fsBR&t947Ku51mC>BOwRgXX zbm^2_gepIeD!+&-zl18kiYlMJBb9x3s`CHwF5Uj%rqNmWGwSy_>h~Aa?@QG0t2@%K z9~VFZi5+IrnbI;G0oaFP(PrY;#?HC}{QP4^9Ieb_*Qo9gGfyycq=?yZHF%TgH|;tff}@7 zX@}n<=Y+d+`rP55Cq%Er#$q4wvAaCsz+kA;LtR5jqw)QoaM<1B+2I+%ra&4F;*V6V z&XdT!S6Hw`4JJi`UNvZs1jW6f&Fme^8M1uLp)#p{#y G;{O24=S0*1 delta 4452 zcmd^Ddr(y86+hqIWkD8sEg%Ac8wV0dE$*TLT-fjkAxampfGvtVmfZy|!tSzrQ80<* zHL)gb6M7n>ICi4#ghp+uL9t^@sxvWdlWC{1Gu4h`l0IgdKRSJ7oM~t5<9l3|y~{O! z^}p^6=brEU&b_~Le&7ARZ5 zP3})yvw1^umzjJG&$i!FLSAO&b2Dqu zmq1xx{lYcqD;Ci8r2+AM%`WxCt}0l%6m`t+#Md7>Q2Z(@hMQvs#R!xY(;{4hVqyVZ zF&YqG%rQJ$*JCqK5-)eU(ihHr`^|vzv-eyHo}AZ@xYy{#OCdjG^>T9xdmo-$b4uS@ z;@0ty$E!N=gT_KEsaJ|GvV3kX81yGl-k)#{`ilj0{b@jae-~(fWmw&CzWAq%o13c! z+ydp?!ZqNI1$5jR5YK&;bHCEKIe(?T=ftWbxqQ_<`@+ko-kq-ev^RP2kGFDLPv~_{ zB-dH(*YQ?!u0?a%N)xU@p|OCjPz{JL^jG?6vvv4G;h=BQ%a)qlsro|^vEYWa1y{;9 z5B#W6E&d&=jGK=QR23*!Rk#Ml#sa!xH6Xs&kGZOM9!@3+nAlV{;4L5X2Zq&=(lXiQ zlI>-3oxH9sD32?uGE8?w+JPFBJ$r(RZ#@kLlyPOBUk-+4Z*V;14@5kwUsgx_@{khn zDS=^mC^#ALF+AY+`~1H0b?9rVDq>yUeG*6bBp&)p^3@*{9{nWwjVphcyS(Ki{Unx< zf3k;gbK5{FfikIl!Zna87SKth0r67Z*3YZ8HL8gd2dch+SDP+Kl7#yoIV4F*nA1F! zz)EBrW1%&Zx)L|3cxAiIBF1>uZ7UM)%KAilCf?g=%hht?Dw0yM`_YqPC` zFR!)MvmiGv&ML;7Rk#MMS`KBc7A`-RtTBh167Q}|Jpczc<#MFm3>xup#HFU5BQw;8U_I9lW2w7 zTmB>~mYc_Uv0}`N6|OMQ-7&K z^76h*ISLl;^xZZkui~vh9U(|E^6}Na1kCpqkX2ai-A(QHya8!d2q*g1;un3J__MMl z)4dDRz5`}*V}U3YB%y}&g{$*q>>i!To2{!C=jYxedQE5k6q8w+#lMZdLZ5JO_nR{# zG)idDG|tQz!%ZwE>4zo`jIy8-%`xk9*uH4uP4FjJ^k^bSr+5V>|6~}Xp2pLkHLdxF zC8_HZiIx@uuzKJB_r-T8`z9Do1c^Y2HY<_N$-%Hc6b!5Vj>_td4##GD^@DbYy}#PA zX`_ANKVy%XX1?@4JkJuLlYnj1v&XYxQdPz_G=#&RX}1zllc58)r@&XBoq(CG+$88G zkWZ=C-EGmbTXv>E59~tg#C?{&6zGQmteU7IUJOo@n1@nec;WEGYb4|AU*THAXGM&QRV1~*_FZo&k~f@$#3ZVDjv4m2ggU^e|^ZB2w~ zldYauvIeO~8>c_S>>z=IW}4}!0_ZV940W4{(TwSLH{JYky3v}cnmpPZ)oMN_x+NOb zbmh4#be&=06~eOMvaob?S79|wFRTbI39F5kbZuRKhPEluU#$R*fCYQX?U&#fRrxqo z`2BmkyN(VDSZE9Mr^Ij3q)f<=7lPmorng*Jje{+W5<}s&fAz>H6;>;a{O?25xzfF z!FTV~Ja->WBPXL4*HxhcGx7>>dSA|e E0c(0PGynhq diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml b/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml index 019a19d..cd3bb24 100644 --- a/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml @@ -86,20 +86,6 @@ - - - - - - - - - - - - - - @@ -107,13 +93,6 @@ - - - - - - - @@ -128,27 +107,13 @@ - - - - - - - - + - - - - - - - @@ -192,22 +157,57 @@ - + - - - - - - - - - + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jasper b/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jasper index 53213f63c12d4bd9911d0e08f7aed25a6f202ae5..fa87993e01684a46c87b7ae19f29a1d37c9517a0 100644 GIT binary patch delta 4002 zcmaJ^YfKbZ6uvVH%VR-Q-niu@)E5W{f(?owuz+sXM^{mc#Vri%=sw2TSzQwXnzS{k zX^UQK8)KtsG^v%ErW=Dl8fw!tO`6tLlUhybgQSTzq_!qaliG*9=iXsYw?{e=Ym2w|MlS_};xXI{fWoxo^QVPka0-vZ}@_zltRxW@?EA7!A z*Iwd?Th)?{&o$lPCTZ}c^%pqeR<$g($fz2w$Z`u2#UTp5enfvu?(irV&#$+SbfNU; zg2DZMkG$V0929&T&^+Ow#~1b}Vldzq{lW&6;XNz~vQG@`cYEYPLD_)PV-W)FM%iNM zX+;*4K5w_EcsCyu~F+dva`DLwJKX^8F49cwFz51gR?7q24(7C znY5q?a!5h7_#?hp=$xTsi${eToye|TuuT{cWFgQudr>DU(B`;n)^-*#Oyg(hsEuN~78=<9tUpR!D3rp}7 zsf&;mIVUby$Ts{&_3keMpE~NYcD#U>K62$C^k7Vq0ORsn znh}yD2_I=+Y`X{%YR+JfBXfj}*~D^okp%0qITsmF`F}u_37}@JVV5?MTRWAlc!tz4 z^Meel$;I=>*u75+9F{@I3_A|yC#D;2AUtKyOR%^$cVpMH1^I~zvdUyH1O{i8WB-To z-mD_HI5kEeew>_}lH9u8-Ro}O>BbM&EwYV6a%xTi1zXwJgaSQapg<28C}04tZVlV6 zLl$Z#aC2itIvcB5@chPdL!=TSRyGHJ+fk9vT&mxbdXgvb@wQTK0v}zQjbB@vfp4{~ z=OS>xaJO+)yJDM!wA9?8`m(V}b9%tgoE|VVrvjS3gmg%DM<)V|S1Tx?Qylb0ASrHk zpOv9KbS>!epvd}2qYl}*G`J()$!Wz+T4%uK)0l|RB; zbQ(!&wRGdD8eV}W(JLgB76$Jm@i-bgMK)V8oKGu555n9@`Z1{??31IecNAIKe#!^W2TM^N~gwQQaVFv>8cCrFxRAX6);oB zp(k%nby7{#c|xyFnNc0`3Z-A$Aj~f4j+!=;?ifnDQ(X{-xhCB)z$gseE8J27+^Ep&*#3z6zZG^OJv%cSuEPKQDiE_x7$s>ZnkU1eKD zhSsR@n6$=F+M4Q;*6NsR(i#KEin>#)kUsh*aQ`lcwmTy9>>6T4L1XIie>8q~9J_ya zO?8TIe9`s4uU`9O<2c(LFGAJS44YKVP+GO>f*{N_sagdzL11n5>>AedHm4xzCV~{| zcSpH#cX-KjU%$9vdz^q0s2MV8kD;_Z)g|pUFxR9#29OnXqRt%_&TvpG#Tt))}Nt|thT+MZWnT{SA?BQ&Ahmy&2ubBMJ!}q*L{FWR7 zTC$1Z7gCSzA$Y~GfM>}Bvrr2r80RFyFi%6RMl{KYCWr8s$$8lCO&bXX!!r3s(Y~KZ zI`V^$L(Yj({p5R%d>3sJ4wD5C&svUZSyI5W6cWQ9Ach-@jdyC3Y_VXi7EDuvCFIf^ zEt(#iIvR=4K?c4lcIK>VsA;HvsYHUsF3ftAbWhO>YHq{sY$02;cw! delta 4927 zcmcIodu$v>8Q;B&FV3A)6H>PcHeuvAkd(9IhtfPS*lr&7IgZn$j#4FUt@ZBQdC1=G zW_K?>i{fiQs3PLwFi-(1QCbD0$R&dKk18snYNJZ2kXrg*r~nyNDn+OvRgowK8oqDl z9=rDDfq;|z-8cKq&G(z%e2-br{YHJ~ck0iUx2ooRee07c^~(Hg`_B5r6~}XxG(X+> znTz*dPN+xtY!`p&7KZXVdkdovB{I(*2#v}?;} z9p|_*qrB&#ocZzi-htU)cJ<%g_%^-1ai~sFu07{CXj9h=^z#dublcN75aKCmxKBqx`X{O7}~bvaSaX1q4ZigLGbkH;Ev|_ z%R{Z|96#CH#Aiq9_>G~AY9RIMWuDFWZLgvuAzq0fQ(BSCVW~!JCuj(5r)*eE<}3W@ zaCh4q=vRo#5q_l={SHbs!f((J@+%FnzOqX2@dZUu44&GXO}&Xug}5qMm1DtbSw&XM zDzYlorL11%heulZk>LjZjou{x_Q-nPpQ(r79^c=*QoSZ41pzGZ3%ed$|GuxpoMKUg zQWGww%$z#Y_KWW6hktnKk3aeQckQ7zKK^jm2K58PC&cv#Qlu40DM>Ygl%OF*O4(37 zj4CrR8RFL~@r~bp?D^eA$F!LbL2g^b&Jur;5})dm7SlDeL~NHhuB}s};A$p0Q7|p) zY7@+4{xq3lrb#@Ovse};TfR9>Sl-ceUo4{AR+bsm@|lLS(}Y<*&AF&1HOtrxD{Ch- zW>!`!`}U?ipXSp);oc`*s`-Q#9os9ETuPW%U8vo++b3CWGL0K_=>+W8 z(qXy>1p*%>O?Hf$Y|^$3q|(;)g6mRCryb-W3ObSowD_)VdPKvuE#jD(4qk0x(BJ_c zfJaYIoDKYEE1WWUHsQ@q0gNPI#UrFfns^0$5>|i>WD72WB#sU2<5{Ljl?K75NpnDm zq2;w4l}BmWzQo*-Y$y8_I;)@qY$Y3P*U005xJ z{r>P{>)}eYxW}D6`h$y`dfztBB#y0$pWO2r^tkTS4#X@(x4?P17J<%tUI~TXNOr^bH_>zHOYumUp zGq4FuxksTgmM~bL^k;21FWWA*0t_W6+b+~foT=M+=(~BSs2$0uErr69)Owz0LdAvZ ze~XS+x@F4~8I-KFPV9K5J$1AAzg_=|Y+t3|72^NfzaraL=|AXS`>4SR`TwGWMKrL6 zB^~Sm3}hiXMXt!P$Zx4e#&2h42w3f3i_0C13r}$f*+~h$1LCR zU@gllFKjP7``1TiF0H=j@xFNe-Nf*-OM4OSqKW^uueBj|2z4Pw#E#@xWWQ7+b`&&( zc2qV*W&cP8I(#E~s7{}FsC;=M^39FxqL2;H5NxXmUitS%?@c|5@Prr^@Z=cb?UQN* zyr3ZjPa0sw0O9KdnmL|3yhjvM18Hx_Nwhds7E`lEvs!*(c=63YjotOD9p_JN+VGu| z7cf@~E5Mx;)8HN8e|-fgExokM zJHV~(>GCE~NzLT#@98)1^Mg^1{to(l5^wH{`}{N>vk*CP%yNv!{Ge1LjyY%u9kVoq z!_p98dDU@>{PpbG`Tiqs#Nb~&AAhtfk>JjZt90_08e6!%wr>85`f@cj2ftPaQCyvW z+;~JyHB8k*$@m!j)$_OL6Q$Tki1=SPxI_zc0u6%^tP0XGnjRiDK{6Pt=7;J8xsm8S8o`?vKhas|bvTM%~ESi#Sj GEB_5>lCFFJ diff --git a/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml b/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml index cee523c..43a291a 100644 --- a/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml +++ b/security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml @@ -40,9 +40,9 @@ - + - + @@ -56,44 +56,47 @@ - - - + + + + + + - - + + - + - + - + - + - + - + - + - + @@ -104,82 +107,60 @@ - - - - - + + + - - - + + - + - + - + - + - - + - + - + - + - + - + - + - + - + - +