nosu
/
security-c4po
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: As a user I want the japser report to support english and german

This commit is contained in:
Marcel Haag 2023-05-03 15:16:31 +02:00
parent 061b93ff5e
commit 9031fec0ce
25 changed files with 496 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.html
View File

@ -30,7 +30,7 @@
<img src="../../assets/images/flags/{{exportLanguages.ENGLISH}}.svg" class="flag" width="25rem" height="16rem"
alt="">
</nb-radio>
<nb-radio disabled value="{{exportLanguages.GERMAN}}">
<nb-radio value="{{exportLanguages.GERMAN}}">
<img src="../../assets/images/flags/{{exportLanguages.GERMAN}}.svg" class="flag" width="25rem" height="16rem"
alt="">
</nb-radio>

3
security-c4po-angular/src/shared/modules/export-report-dialog/export-report-dialog.component.ts
View File

@ -81,6 +81,7 @@ export class ExportReportDialogComponent implements OnInit {
}
onClickExport(reportFormat: string, reportLanguage: string): void {
console.warn('ToDo: Use format ', reportFormat);
// Get project id from dialog data
const projectId = this.dialogData.options[0].additionalData.id;
// Loading is true as long as there is a response from the reporting service
@ -89,7 +90,7 @@ export class ExportReportDialogComponent implements OnInit {
switch (reportFormat) {
case ExportFormatOptions.PDF: {
// @ts-ignore
this.downloadPentestReport$ = this.reportingService.getReportPDFforProjectById(projectId)
this.downloadPentestReport$ = this.reportingService.getReportPDFforProjectById(projectId, reportLanguage)
.pipe(
shareReplay(),
untilDestroyed(this)

8
security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.html
View File

@ -119,7 +119,8 @@
</div>
</nb-card-body>
<nb-card-footer fxLayout="row" fxLayoutGap="1.5rem" fxLayoutAlign="end end">
<button nbButton size="small"
<!--Not needed for now-->
<!-- <button nbButton size="small"
class="dialog-button"
status="info"
[disabled]="!allowConfirm()"
@ -130,6 +131,11 @@
class="dialog-button"
(click)="onClickCancel()">
{{ 'global.action.cancel' | translate }}
</button>-->
<button nbButton size="small"
class="dialog-button"
(click)="onClickCancel()">
{{ 'global.action.exit' | translate }}
</button>
</nb-card-footer>
</nb-card>

4
security-c4po-angular/src/shared/modules/profile-settings/profile-settings.component.ts
View File

@ -205,10 +205,6 @@ export class ProfileSettingsComponent implements OnInit {
}
onClickCancel(): void {
console.log(this.userFormGroup.get('firstName').dirty);
console.log(this.userFormGroup.get('firstName')?.hasError('required'));
console.log(this.userFirstNameControl.hasError('required'));
this.dialogRef.close();
}

5
security-c4po-angular/src/shared/services/reporting/reporting.service.ts
View File

@ -18,8 +18,9 @@ export class ReportingService {
/**
* Get PDF Report by project id
*/
public getReportPDFforProjectById(projectId: string): Observable<Loading<ArrayBuffer>> {
return this.http.get(`${this.reportBaseURL}/${projectId}/pdf`,
// ToDo: Add language here
public getReportPDFforProjectById(projectId: string, reportLanguage: string): Observable<Loading<ArrayBuffer>> {
return this.http.get(`${this.reportBaseURL}/${projectId}/pdf/${reportLanguage}`,
{
// @ts-ignore
responseType: 'arraybuffer',

7
security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportController.kt
View File

@ -28,12 +28,13 @@ class ReportController(private val apiService: APIService, private val reportSer
var logger = getLoggerFor<ReportController>()
@GetMapping(
"/{projectId}/pdf",
"/{projectId}/pdf/{reportLanguage}",
produces = [MediaType.APPLICATION_PDF_VALUE]
)
fun downloadPentestReportPDF(@PathVariable(value = "projectId") projectId: String, @AuthenticationPrincipal user: Appuser): Mono<ResponseEntity<ByteArray>> {
// ToDo: Add language here
fun downloadPentestReportPDF(@PathVariable(value = "projectId") projectId: String, @PathVariable(value = "reportLanguage") reportLanguage: String, @AuthenticationPrincipal user: Appuser): Mono<ResponseEntity<ByteArray>> {
return this.apiService.requestProjectReportDataById(projectId, user.token).flatMap {projectReport ->
this.reportService.createReport(projectReport, "pdf").map { reportClassLoaderFilePath ->
this.reportService.createReport(projectReport, "pdf", reportLanguage).map { reportClassLoaderFilePath ->
ResponseEntity.ok().body(reportClassLoaderFilePath)
}.switchIfEmpty {
Mono.just(notFound().build<ByteArray>())

68
security-c4po-reporting/src/main/kotlin/com/securityc4po/reporting/report/ReportService.kt
View File

@ -3,6 +3,7 @@ package com.securityc4po.reporting.report
import com.securityc4po.reporting.extensions.getLoggerFor
import com.securityc4po.reporting.remote.model.*
import net.sf.jasperreports.engine.*
import net.sf.jasperreports.engine.JRParameter.REPORT_RESOURCE_BUNDLE
import net.sf.jasperreports.engine.data.JRBeanCollectionDataSource
import org.apache.pdfbox.io.MemoryUsageSetting
import org.apache.pdfbox.multipdf.PDFMergerUtility
@ -11,6 +12,8 @@ import org.springframework.stereotype.Service
import reactor.core.publisher.Flux
import reactor.core.publisher.Mono
import java.io.*
import java.util.*
import kotlin.collections.HashMap
@Service
@ -51,6 +54,10 @@ class ReportService {
@Value("\${reportDefaultPdf}")
lateinit var reportDefaultPdfPropertyPath: String
// Path to localization files
@Value("\${localization}")
lateinit var localizationRessourceBasePath: String
// Image paths
@Value("\${CDATA_WATERMARK}")
lateinit var waterMarkPath: String
@ -68,13 +75,14 @@ class ReportService {
@Value("\${CDATA_SeverityRatingTable}")
lateinit var severityRatingTablePath: String
fun createReport(projectReportCollection: ProjectReport, reportFormat: String): Mono<ByteArray> {
fun createReport(projectReportCollection: ProjectReport, reportFormat: String, reportLanguage: String): Mono<ByteArray> {
logger.info("Use: " + reportLanguage)
// Setup PDFMergerUtility
val mergedC4POPentestReport: PDFMergerUtility = PDFMergerUtility()
// Setup ByteArrayOutputStream for "on the fly" file generation
val pdfDocOutputstream = ByteArrayOutputStream()
// Try to create report files & merge them together
return createPentestReportFiles(projectReportCollection, reportFormat, mergedC4POPentestReport).collectList()
return createPentestReportFiles(projectReportCollection, reportFormat, reportLanguage, mergedC4POPentestReport).collectList()
.map {
// Merge report files
mergedC4POPentestReport.destinationStream = pdfDocOutputstream
@ -89,16 +97,20 @@ class ReportService {
private fun createPentestReportFiles(
projectReportCollection: ProjectReport,
reportFormat: String,
reportLanguage: String,
mergedC4POPentestReport: PDFMergerUtility
): Flux<Unit> {
// Setup ressource bundle for localization
val resourceBundle = getRessourceBundle(reportLanguage)
// Setup Flux to create report
return Flux.just(
// Create byte arrays of report files
createCover(projectReportCollection, reportFormat),
createTableOfContent(projectReportCollection, reportFormat),
createStateOfConfidentiality(projectReportCollection, reportFormat),
createExecutiveSummary(projectReportCollection, reportFormat),
createPentestReports(projectReportCollection, reportFormat),
createAppendencies(reportFormat)
createCover(projectReportCollection, reportFormat, resourceBundle),
createTableOfContent(projectReportCollection, reportFormat, resourceBundle),
createStateOfConfidentiality(projectReportCollection, reportFormat, resourceBundle),
createExecutiveSummary(projectReportCollection, reportFormat, resourceBundle),
createPentestReports(projectReportCollection, reportFormat, resourceBundle),
createAppendencies(reportFormat, resourceBundle)
).map { jasperObject ->
if (jasperObject is ByteArray) {
val pdfInputSteam = ByteArrayInputStream(jasperObject)
@ -114,7 +126,23 @@ class ReportService {
}
}
private fun createCover(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
private fun getRessourceBundle(reportLanguage: String): ResourceBundle {
return if (reportLanguage.equals("de-DE")) {
// Get the language code from the report parameter or other criteria
val languageCode = "de"
val locale = Locale(languageCode)
ResourceBundle.getBundle(localizationRessourceBasePath, locale)
}
// Default to english
else {
// Get the language code from the report parameter or other criteria
val languageCode = "en"
val locale = Locale(languageCode)
ResourceBundle.getBundle(localizationRessourceBasePath, locale)
}
}
private fun createCover(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileCoverStream = javaClass.getResourceAsStream(reportCoverDesignTemplate)
// Open file stream
@ -129,6 +157,8 @@ class ReportService {
val parameters = HashMap<String, Any>()
parameters["CDATA_WATERMARK"] = waterMarkPath
parameters["CDATA_C4POCoverBackground"] = coverBackgroundPath
// Adds the resource bundle into the report
parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintCover: JasperPrint = JasperFillManager.fillReport(jasperReportCover, parameters, dataSource)
// Create File
@ -144,7 +174,7 @@ class ReportService {
}
}
private fun createTableOfContent(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
private fun createTableOfContent(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileContentStream = javaClass.getResourceAsStream(reportContentDesignTemplate)
// Open file stream
@ -159,6 +189,8 @@ class ReportService {
val parameters = HashMap<String, Any>()
parameters["ProjectPentestReportDataSource"] = projectPentestReportDataSource
parameters["CDATA_WATERMARK"] = waterMarkPath
// Adds the resource bundle into the report
parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintContent: JasperPrint =
JasperFillManager.fillReport(jasperReportContent, parameters, JREmptyDataSource())
@ -175,7 +207,7 @@ class ReportService {
}
}
private fun createStateOfConfidentiality(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
private fun createStateOfConfidentiality(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileStateOfConfidentialityStream = javaClass.getResourceAsStream(reportStateOfConfidentialityDesignTemplate)
// Open file stream
@ -189,6 +221,8 @@ class ReportService {
// Setup Parameter & add Sub-datasets
val parameters = HashMap<String, Any>()
parameters["CDATA_WATERMARK"] = waterMarkPath
// Adds the resource bundle into the report
parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintStateOfConfidentiality: JasperPrint =
JasperFillManager.fillReport(jasperReportContent, parameters, dataSource)
@ -204,7 +238,7 @@ class ReportService {
}
}
private fun createExecutiveSummary(projectReportCollection: ProjectReport, reportFormat: String): ByteArray {
private fun createExecutiveSummary(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileExecutiveSummaryStream = javaClass.getResourceAsStream(reportExecutiveSummaryDesignTemplate)
// Open file stream
@ -332,6 +366,8 @@ class ReportService {
parameters["CategoryFindingsPieChartDataSource"] = categoryFindingsDataSource
parameters["SeverityFindingsPieChartDataSource"] = severityFindingsDataSource
parameters["CDATA_WATERMARK"] = waterMarkPath
// Adds the resource bundle into the report
parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintExecutiveSummary: JasperPrint =
JasperFillManager.fillReport(jasperReportContent, parameters, dataSource)
@ -347,7 +383,7 @@ class ReportService {
}
}
private fun createPentestReports(projectReportCollection: ProjectReport, reportFormat: String): List<ByteArray> {
private fun createPentestReports(projectReportCollection: ProjectReport, reportFormat: String, resourceBundle: ResourceBundle): List<ByteArray> {
// Create List of Files
var finalFiles: List<ByteArray> = emptyList()
// Load Jasper Files
@ -388,6 +424,8 @@ class ReportService {
parameters["CDATA_WATERMARK"] = waterMarkPath
parameters["CDATA_FindingsSubreport"] = findingsSubreportPath
parameters["CDATA_CommentsSubreport"] = commentsSubreportPath
// Adds the resource bundle into the report
parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
// Print one report for each objective and merge them together afterwards
val jasperPrintPentests: JasperPrint =
@ -427,7 +465,7 @@ class ReportService {
return finalFiles
}
private fun createAppendencies(reportFormat: String): ByteArray {
private fun createAppendencies(reportFormat: String, resourceBundle: ResourceBundle): ByteArray {
// Load Jasper Files
val fileAppendenciesStream = javaClass.getResourceAsStream(reportAppendenciesDesignTemplate)
// Open file stream
@ -440,6 +478,8 @@ class ReportService {
parameters["SeverityRatingDefinition"] = JREmptyDataSource()
parameters["CDATA_WATERMARK"] = waterMarkPath
parameters["CDATA_SeverityRatingTable"] = severityRatingTablePath
// Adds the resource bundle into the report
parameters[REPORT_RESOURCE_BUNDLE] = resourceBundle
// Fill Reports
val jasperPrintAppendencies: JasperPrint =
JasperFillManager.fillReport(jasperReportCover, parameters, JREmptyDataSource())

2
security-c4po-reporting/src/main/resources/application-COMPOSE.properties
View File

@ -13,6 +13,8 @@ api.client.pentests.path=pentests
# Ressource variables for jrxml files #
CDATA_WATERMARK=BOOT-INF/classes/jasper/Watermark.png
CDATA_C4POCoverBackground=BOOT-INF/classes/jasper/C4POCoverBackground#1.jpeg
# Localization files #
localization=jasper/localization/labels
# Subreports #
CDATA_FindingsSubreport=BOOT-INF/classes/jasper/subReports/FindingsSubreport.jasper
CDATA_CommentsSubreport=BOOT-INF/classes/jasper/subReports/CommentsSubreport.jasper

4
security-c4po-reporting/src/main/resources/application.properties
View File

@ -39,7 +39,9 @@ reportPentestsCommentsOnlyDesignTemplate=/jasper/reports/c4po_pentests_comments_
reportAppendenciesDesignTemplate=/jasper/reports/c4po_appendencies.jrxml
# Path to default pdf file #
reportDefaultPdf=/jasper/DEFAULT.pdf
# Ressource variables for jrxml files #
# Localization files #
localization=jasper/localization/labels
# Resource variables for jrxml files #
CDATA_WATERMARK=./src/main/resources/jasper/Watermark.png
CDATA_C4POCoverBackground=./src/main/resources/jasper/C4POCoverBackground#1.jpeg
# Subreports #

72
security-c4po-reporting/src/main/resources/jasper/localization/labels_de.properties Normal file
View File

@ -0,0 +1,72 @@
## de-DE translation for labels $R{translationKey}
# Cover
title.cover_one=Penetrationstest
title.cover_two=Ergebnisbericht
hint=Kein Teil dieses Dokuments darf ohne die ausdrückliche schriftliche Genehmigung des Testers an externe Quellen weitergegeben werden
# Table of contents
title.content=Inhaltsverzeichnis
# State of confidentiality
title.confidentiality=Zustand der Vertraulichkeit
text.confidentiality=Der Inhalt dieses Dokuments wird als geschützte und vertrauliche Geschäftsinformation betrachtet. Diese Informationen dürfen nur im Rahmen der bestimmungsgemäßen Verwendung verwendet werden. Dieses Dokument darf ohne vorherige schriftliche Zustimmung nicht an andere Lieferanten, Geschäftspartner oder Auftragnehmer weitergegeben werden. Darüber hinaus darf kein Teil dieses Dokuments ohne vorherige Zustimmung weitergegeben, vervielfältigt, kopiert oder verteilt werden. Der Inhalt dieses Dokuments stellt keine Rechtsberatung dar. Das Angebot von Dienstleistungen, die sich auf Compliance, Rechtsstreitigkeiten oder andere rechtliche Interessen beziehen, ist nicht als Rechtsberatung gedacht und sollte nicht als solche verstanden werden. Die hierin beschriebene Bewertung richtet sich zu Prüfungszwecken gegen das Unternehmen, und die in diesem Dokument enthaltenen Schwachstellen sollten gemindert werden, um die externe und / oder interne Infrastruktur zu schützen.
# Executive Summary
title.summary=Zusammenfassung
text.summary=Das Unternehmen beauftragte den Tester mit der Durchführung eines Penetrationstests, um Sicherheitslücken zu identifizieren, die Auswirkungen zu bestimmen, alle Ergebnisse klar und wiederholbar zu dokumentieren und Abhilfeempfehlungen zu geben.
title.assessment_overview_and_recommendations=Bewertungsübersicht und Empfehlungen
title.number_of_findings_per_category=Anzahl der Funde pro Kategorie
title.severity_overview_of_findings=Schweregradübersicht der Funde
# Pentestreport
title.reports=Technische Details für Funde und Kommentare
title.finding=Fund:
title.comment=Kommentar:
# Headlines
title=Titel:
description=Beschreibung:
impact=Auswirkung:
reproduction_steps=Reproduktion:
mitigation=Minderung:
no_mitigation=Keine Schadensminderung zur Vermeidung, Minimierung oder Kompensation des festgestellten oder erforderlichen Befunds.
affected_urls=Betroffene URL's:
no_affected_urls=Keine spezifischen URLs betroffen.
# Appendencies
title.appendencies=Anhänge
title.findings_severities=Schweregrade der Funde
text.findings_severities=Jedem Befund wurde eine Schweregradbewertung von kritisch hoch, mittel oder niedrig zugewiesen. Die Bewertung basiert auf einer Bewertung der Priorität, mit der jeder Befund betrachtet werden sollte, und der potenziellen Auswirkungen, die jeder auf die Vertraulichkeit, Integrität und Verfügbarkeit hat.
title.risk_matrix=Risiko Matrix
text.risk_matrix=Die Risikomatrix wird verwendet, um den potenziellen Schaden einer Gefahr basierend auf den Faktoren Wahrscheinlichkeit und Schweregrad zu bewerten. Die Wahrscheinlichkeits- und Schweregradbewertungen werden multipliziert, um einen Bewertungswert zu erhalten. Diese Punktzahl wird in den Risikobereichen nachgeschlagen, um das Risikoniveau zu bestimmen. Ein Beispiel für eine Gefahren-Risiko-Matrix ist unten angegeben:
example.risk_matrix=Beispiel: Wenn Wahrscheinlichkeit = Möglich (3) und Schweregrad = Erheblich (4), wird die Risikostufe durch Schweregrad * Wahrscheinlichkeit bestimmt, was 3*4 = 12 ist. Die Punktzahl 12 fällt in den Risikobereich 'Hoch'.
# Risk Matrix Table Properties
risk_score=Risiko-Score
to=bis
risk_level_cat=Risikostufen
#
severity=Schwere
insignificant=Unbedeutend
minor=Unerheblich
moderate=Mäßig
major=Wesentlich
catastrophic=Katastrophal
#
likelihood=Wahrscheinlichkeit
rare=Selten
unlikely=Unwahrscheinlich
possible=Möglich
likely=Wahrscheinlich
almost_certain=Fast sicher
# Severity Definitions Table Properties
title.severity_definitions=Definitionen der Schweregradbewertung
text.severity_definitions.critical=Die Ausnutzung der technischen oder prozeduralen Schwachstelle wird erheblichen Schaden anrichten. Erheblicher politischer, finanzieller und/oder rechtlicher Schaden ist wahrscheinlich die Folge. Die Gefährdung ist kritisch, und es gibt einen öffentlich verfügbaren Mechanismus, um die Schwachstelle auszunutzen. Sicherheitskontrollen werden nicht effektiv implementiert, um die Schwere der Auswirkungen zu verringern, wenn die Schwachstelle ausgenutzt wird.
text.severity_definitions.high=Die Ausnutzung der technischen oder prozeduralen Schwachstelle wird erheblichen Schaden anrichten. Erheblicher politischer, finanzieller und/oder rechtlicher Schaden ist wahrscheinlich die Folge. Die Bedrohungslage ist hoch, wodurch die Eintrittswahrscheinlichkeit steigt. Sicherheitskontrollen werden nicht effektiv implementiert, um die Schwere der Auswirkungen zu verringern, wenn die Schwachstelle ausgenutzt wird.
text.severity_definitions.medium=Die Ausnutzung der technischen oder verfahrenstechnischen Schwachstelle wirkt sich erheblich auf die Vertraulichkeit, Integrität und/oder Verfügbarkeit des Systems, der Anwendung oder der Daten aus. Die Ausnutzung der Schwachstelle kann zu moderaten finanziellen Verlusten oder öffentlicher Blamage führen. Die Gefährdung ist moderat bis hoch, wodurch die Eintrittswahrscheinlichkeit steigt. Es sind Sicherheitskontrollen vorhanden, um die Schwere der Auswirkungen zu begrenzen, wenn die Schwachstelle ausgenutzt wird, sodass kein weiterer politischer, finanzieller oder rechtlicher Schaden entsteht. - ODER - Die Schwachstelle ist derart, dass sie andernfalls als hohes Risiko eingestuft würde, aber die Gefährdung ist so begrenzt, dass die Wahrscheinlichkeit des Auftretens minimal ist.
text.severity_definitions.low=Die Ausnutzung der technischen oder verfahrenstechnischen Schwachstelle hat nur minimale Auswirkungen auf den Betrieb. Die Vertraulichkeit, Integrität und Verfügbarkeit (CIA) sensibler Informationen sind nicht gefährdet. Die Ausnutzung der Schwachstelle kann zu leichten finanziellen Verlusten oder öffentlicher Blamage führen. Die Bedrohungslage ist moderat bis gering. Es sind Sicherheitskontrollen vorhanden, um die Schwere der Auswirkungen zu begrenzen, wenn die Schwachstelle ausgenutzt wird, sodass kein weiterer politischer, finanzieller oder rechtlicher Schaden entsteht. - ODER - Die Schwachstelle ist derart, dass sie andernfalls als mittleres Risiko angesehen würde, aber die Bedrohung ist so begrenzt, dass die Wahrscheinlichkeit des Auftretens minimal ist.
rating=Schwere
# Severities
low=Low
medium=Medium
high=High
critical=Critical

74
security-c4po-reporting/src/main/resources/jasper/localization/labels_en.properties Normal file
View File

@ -0,0 +1,74 @@
## en-US translation for labels $R{translationKey}
# Cover
title.cover_one=Penetration Test
title.cover_two=Report of Findings
hint=No part of this document may be disclosed to outside sources without the explicit written authorization of the tester
# Table of contents
title.content=Table of Contents
# State of confidentiality
title.confidentiality=State of Confidentiality
text.confidentiality=The contents of this document are considered to be proprietary and business confidential information. This information is to be used only in the performance of its intended use. This document may not be released to another vendor, business partner or contractor without prior written consent. Additionally, no portion of this document may be communicated, reproduced, copied or distributed without the prior consent. The contents of this document do not constitute legal advice. The offer of services that relate to compliance, litigation or other legal interests are not intended as legal counsel and should not be taken as such. The assessment detailed herein is against the company for examination purposes, and the vulnerabilities included in this document should be mitigated in order to secure external and / or internal infrastructure.
# Executive Summary
title.summary=Executive Summary
text.summary=The company contracted the tester to perform a Penetration Test to identify security weaknesses, determine the impact, document all findings in a clear and repeatable manner, and provide remediation recommendations.
title.assessment_overview_and_recommendations=Assessment Overview and Recommendations
title.number_of_findings_per_category=Number of Findings per Category
title.severity_overview_of_findings=Severity Overview of Findings
# Pentestreport
title.reports=Technical Findings and Comments Details
title.finding=Finding:
title.comment=Comment:
# Headlines
title=Title:
description=Description:
impact=Impact:
reproduction_steps=Reproduction Steps:
mitigation=Mitigation:
no_mitigation=No mitigation to avoid, minimize or compensate the finding found or needed.
affected_urls=Affected URL's:
no_affected_urls=No specific URL's affected.
# Appendencies
title.appendencies=Appendencies
title.findings_severities=Findings Severities
text.findings_severities=Each finding has been assigned a severity rating of critical high, medium, or low. The rating is based off of an assessment of the priority with which each finding should be viewed and the potential impact each has on the confidentiality, integrity, and availability.
title.risk_matrix=Risk Matrix
text.risk_matrix=The risk matrix is used to assess the potential damage of a hazard, based on the likelihood and severity factors. The likelihood and severity scores are multiplied to obtain a score value. This score is looked up in the risk ranges to determine the risk level. An example of a hazard risk matrix is given below:
example.risk_matrix=Example, if Likelihood = Possible (3) and Severity = Major (4), the risk level is determined by severity * likelihood, which is 3*4 = 12. The score 12 falls in 'High' risk range.
# Risk Matrix Table Properties
risk_score=Risk score
to=to
risk_level_cat=Risk level category
#
severity=Severity
insignificant=Insignificant
minor=Minor
moderate=Moderate
major=Major
catastrophic=Catastrophic
#
likelihood=Likelihood
rare=Rare
unlikely=Unlikely
possible=Possible
likely=Likely
almost_certain=Almost certain
# Severity Definitions Table Properties
title.severity_definitions=Severity Rating Definitions
text.severity_definitions.critical=Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political, financial, and/or legal damage is likely to result. The threat exposure is critical, and a publicly available mechanism exists to exploit the vulnerability. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability were exploited.
text.severity_definitions.high=Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political, financial, and/or legal damage is likely to result. The threat exposure is high, thereby increasing the likelihood of occurrence. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability were exploited.
text.severity_definitions.medium=Exploitation of the technical or procedural vulnerability will significantly impact the confidentiality, integrity, and/or availability of the system, application, or data. Exploitation of the vulnerability may cause moderate financial loss or public embarrassment. The threat exposure is moderate-to-high, thereby increasing the likelihood of occurrence. Security controls are in place to contain the severity of impact if the vulnerability were exploited, such that further political, financial, or legal damage will not occur. - OR - The vulnerability is such that it would otherwise be considered High Risk, but the threat exposure is so limited that the likelihood of occurrence is minimal.
text.severity_definitions.low=Exploitation of the technical or procedural vulnerability will cause minimal impact to operations. The Confidentiality, Integrity and Availability (CIA) of sensitive information are not at risk of compromise. Exploitation of the vulnerability may cause slight financial loss or public embarrassment. The threat exposure is moderate-to-low. Security controls are in place to contain the severity of impact if the vulnerability were exploited, such that further political, financial, or legal damage will not occur. - OR - The vulnerability is such that it would otherwise be considered Medium Risk, but the threat exposure is so limited that the likelihood of occurrence is minimal.
rating=Rating
# Severities
low=Niedrig
medium=Mittel
high=Hoch
critical=Kritisch

120
security-c4po-reporting/src/main/resources/jasper/reports/c4po_appendencies.jrxml
View File

@ -30,43 +30,25 @@
<reportElement x="539" y="3" width="23" height="24" uuid="74214b7e-f089-49f2-9ef9-ef134386750c"/>
<imageExpression><![CDATA[$P{CDATA_WATERMARK}]]></imageExpression>
</image>
<staticText>
<reportElement x="0" y="0" width="432" height="30" forecolor="#FFFFFF" uuid="cb237865-2647-4ee2-a85c-ebc5c8f84f9e"/>
<textField>
<reportElement x="0" y="0" width="379" height="30" forecolor="#FFFFFF" uuid="be664645-4ffa-4b27-b58d-59adf00c2f31"/>
<textElement verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<text><![CDATA[Appendencies]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.appendencies}]]></textFieldExpression>
</textField>
</band>
</title>
<detail>
<band height="540" splitType="Stretch">
<staticText>
<reportElement x="0" y="0" width="280" height="20" forecolor="#232B44" uuid="32713af0-e0bd-432b-b369-db31f8617e26"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Findings Severities]]></text>
</staticText>
<staticText>
<reportElement x="0" y="20" width="553" height="50" uuid="e43d5ec6-84d5-4d8e-9aca-94c3c48697e8"/>
<textElement>
<font size="12"/>
</textElement>
<text><![CDATA[Each finding has been assigned a severity rating of critical high, medium, or low. The rating is based off of an assessment of the priority with which each finding should be viewed and the potential impact each has on the confidentiality, integrity, and availability.]]></text>
</staticText>
<subreport>
<reportElement positionType="Float" x="-3" y="510" width="553" height="30" uuid="ca9b0ff4-30c6-43d0-8da2-458d1960ef0b"/>
<reportElement positionType="Float" x="0" y="510" width="553" height="30" uuid="ca9b0ff4-30c6-43d0-8da2-458d1960ef0b"/>
<subreportParameter name="REPORT_RESOURCE_BUNDLE">
<subreportParameterExpression><![CDATA[$P{REPORT_RESOURCE_BUNDLE}]]></subreportParameterExpression>
</subreportParameter>
<dataSourceExpression><![CDATA[new net.sf.jasperreports.engine.JREmptyDataSource()]]></dataSourceExpression>
<subreportExpression><![CDATA[$P{CDATA_SeverityRatingTable}]]></subreportExpression>
</subreport>
<staticText>
<reportElement x="0" y="83" width="280" height="20" forecolor="#232B44" uuid="147e164e-f290-4751-82ca-e4b55508408f"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Risk Matrix]]></text>
</staticText>
<rectangle>
<reportElement x="0" y="162" width="70" height="27" backcolor="#232B44" uuid="71a50420-4cd9-4b6a-b84d-80d3f860562b"/>
</rectangle>
@ -87,7 +69,7 @@
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Risk score"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{risk_score}]]></textFieldExpression>
</textField>
<rectangle>
<reportElement x="0" y="270" width="70" height="27" backcolor="#232B44" uuid="318d3354-5dd7-4585-b609-4e56c2db0cfc"/>
@ -97,7 +79,7 @@
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Risk level category"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{risk_level_cat}]]></textFieldExpression>
</textField>
<rectangle>
<reportElement x="0" y="297" width="70" height="135" backcolor="#232B44" uuid="87004217-c837-4b5a-98a5-8007ba939214"/>
@ -147,7 +129,7 @@
<textElement textAlignment="Center" verticalAlignment="Middle" rotation="Left">
<font size="14" isBold="true" isItalic="true"/>
</textElement>
<textFieldExpression><![CDATA["Severity"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{severity}]]></textFieldExpression>
</textField>
<rectangle>
<reportElement x="190" y="162" width="345" height="81" backcolor="#232B44" uuid="fcfd3c38-9b82-4492-b52e-037be743c7b5"/>
@ -157,7 +139,7 @@
<textElement textAlignment="Center" verticalAlignment="Middle" rotation="None">
<font size="14" isBold="true" isItalic="true"/>
</textElement>
<textFieldExpression><![CDATA["Likelihood"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{likelihood}]]></textFieldExpression>
</textField>
<rectangle>
<reportElement x="190" y="243" width="69" height="55" backcolor="#232B44" uuid="d6f79cc1-0658-442e-8e95-f0af4e56043a"/>
@ -439,118 +421,138 @@
</textElement>
<textFieldExpression><![CDATA["Medium"]]></textFieldExpression>
</textField>
<staticText>
<reportElement x="1" y="450" width="553" height="50" uuid="a2abe321-3344-4e53-9e2b-67a415b68e38"/>
<textElement>
<font size="12"/>
</textElement>
<text><![CDATA[Example, if Likelihood = Possible (3) and Severity = Major (4), the risk level is determined by severity * likelihood, which is 3*4 = 12. The score 12 falls in 'High' risk range.]]></text>
</staticText>
<staticText>
<reportElement x="0" y="103" width="552" height="66" uuid="c91f1515-1d18-4c4f-91b8-6c4b957f46db"/>
<textElement>
<font size="12"/>
</textElement>
<text><![CDATA[The risk matrix is used to assess the potential damage of a hazard, based on the likelihood and severity factors. The likelihood and severity scores are multiplied to obtain a score value. This score is looked up in the risk ranges to determine the risk level. An example of a hazard risk matrix is given below:
]]></text>
</staticText>
<textField>
<reportElement x="191" y="243" width="67" height="53" forecolor="#FFFFFF" uuid="0fd887e8-76e4-4098-9a1b-3db131529904"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Rare (1)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{rare} + " (1)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="329" y="243" width="67" height="53" forecolor="#FFFFFF" uuid="2508e027-31fb-446d-b0b9-b8e580720852"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Possible (3)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{possible} + " (3)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="398" y="243" width="67" height="53" forecolor="#FFFFFF" uuid="ce5f3ba9-6844-4a80-9a42-bf83f214167c"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Likely (4)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{likely} + " (4)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="467" y="243" width="67" height="53" forecolor="#FFFFFF" uuid="a56ddfd6-2208-45ca-9520-4382473db1fe"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Almost certain (5)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{almost_certain} + " (5)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="70" y="298" width="119" height="26" forecolor="#FFFFFF" uuid="697fe7ea-d9b0-4987-b6bd-81bb86ae494b"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Catastrophic (5)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{catastrophic} + " (5)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="70" y="325" width="118" height="26" forecolor="#FFFFFF" uuid="d045b5f3-c8a3-4ccd-90e9-84665d513598"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Major (4)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{major} + " (4)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="70" y="353" width="118" height="26" forecolor="#FFFFFF" uuid="548ef559-8535-492d-a377-bfcea621c7e8"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Moderate (3)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{moderate} + " (3)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="70" y="380" width="118" height="26" forecolor="#FFFFFF" uuid="e63fdc52-3815-4bbe-982d-bc3407020a0d"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Minor (2)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{minor} + " (2)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="70" y="406" width="118" height="26" forecolor="#FFFFFF" uuid="d6b54c01-00d8-46b7-b60f-76d14573a43c"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Insignificant (1)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{insignificant} + " (1)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="189" width="70" height="26" forecolor="#FFFFFF" uuid="bca9c1cb-f112-41e2-8744-2567e75f1207"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[1 + " to " + 4]]></textFieldExpression>
<textFieldExpression><![CDATA[1 + " " + $R{to} + " " + 4]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="216" width="70" height="26" forecolor="#FFFFFF" uuid="d2414371-7103-4bd1-92a1-2ebc2b5810c8"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[5 + " to " + 10]]></textFieldExpression>
<textFieldExpression><![CDATA[5 + " " + $R{to} + " " + 10]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="244" width="70" height="26" forecolor="#FFFFFF" uuid="ff567b36-de30-4526-8e54-4a3d15ccc8db"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[11 + " to " + 18]]></textFieldExpression>
<textFieldExpression><![CDATA[11 + " " + $R{to} + " " + 18]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="270" width="70" height="26" forecolor="#FFFFFF" uuid="88308555-1cca-43b2-9e43-24ea40df5b8e"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[19 + " to " + 25]]></textFieldExpression>
<textFieldExpression><![CDATA[19 + " " + $R{to} + " " + 25]]></textFieldExpression>
</textField>
<textField>
<reportElement x="265" y="243" width="57" height="53" forecolor="#FFFFFF" uuid="8081c1bf-ddd0-4207-a9df-3337e0c84936"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Unlikely (2)"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{unlikely} + " (2)"]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="0" width="479" height="20" forecolor="#232B44" uuid="71e811b3-4732-474d-b281-86dcea50d00a"/>
<textElement textAlignment="Left" verticalAlignment="Top" markup="none">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title.findings_severities}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="83" width="479" height="20" forecolor="#232B44" uuid="1f0f483e-f47f-44a6-a9a2-62bb1ac65c5d"/>
<textElement textAlignment="Left" verticalAlignment="Top" markup="none">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title.risk_matrix}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="20" width="550" height="50" uuid="67db61b2-4576-4b74-9a44-d43c87041856"/>
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[$R{text.findings_severities}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="103" width="550" height="58" uuid="e15c8a70-988c-4a56-a057-337376fcde61"/>
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[$R{text.risk_matrix}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="440" width="550" height="58" uuid="02ad683d-233d-49c4-b9c5-d94c1499e962"/>
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[$R{example.risk_matrix}]]></textFieldExpression>
</textField>
</band>
</detail>

119
security-c4po-reporting/src/main/resources/jasper/reports/c4po_content.jrxml
View File

@ -59,13 +59,6 @@
<pen lineWidth="0.0"/>
</graphicElement>
</rectangle>
<staticText>
<reportElement x="0" y="0" width="432" height="30" forecolor="#FFFFFF" uuid="59ee1bdf-8502-4520-8bd1-4f6e4d88df61"/>
<textElement verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<text><![CDATA[Table of Contents]]></text>
</staticText>
<ellipse>
<reportElement x="537" y="0" width="30" height="30" backcolor="#232B44" uuid="afe21e22-58aa-4b83-ae86-c7ecd482d732"/>
<graphicElement>
@ -76,6 +69,13 @@
<reportElement x="539" y="3" width="23" height="24" uuid="2ca905b3-37c8-40ae-a9ea-3beb016b504c"/>
<imageExpression><![CDATA[$P{CDATA_WATERMARK}]]></imageExpression>
</image>
<textField>
<reportElement x="0" y="0" width="379" height="30" forecolor="#FFFFFF" uuid="b04484b0-30a0-42d4-af5e-920f58fee9e5"/>
<textElement verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title.content}]]></textFieldExpression>
</textField>
</band>
</title>
<detail>
@ -95,101 +95,98 @@
<jr:column width="400" uuid="e1ddda3b-a51b-4ebc-ab41-72ba37cb90fc">
<property name="com.jaspersoft.studio.components.table.model.column.name" value="Column1"/>
<jr:tableHeader style="Table_TH" height="30" rowSpan="1">
<staticText>
<reportElement x="0" y="0" width="400" height="30" uuid="dade4652-f819-4d79-8d3d-4b2b2d569f9f"/>
<textField>
<reportElement x="0" y="0" width="400" height="30" uuid="61fc1eab-0534-4abc-a3d8-4fe3a65f082e"/>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[State of Confidentiality]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.confidentiality}]]></textFieldExpression>
</textField>
</jr:tableHeader>
<jr:tableFooter style="Table_TH" height="100" rowSpan="1">
<staticText>
<reportElement x="0" y="0" width="400" height="25" uuid="75eee7d9-35ab-43f9-9a65-041cbeec379e"/>
<textField>
<reportElement x="0" y="0" width="400" height="25" uuid="8286e514-717b-453c-a3fd-407085cfc06b"/>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Appendencies]]></text>
</staticText>
<staticText>
<reportElement x="0" y="25" width="400" height="25" forecolor="#232B44" uuid="9c81fdd0-7620-4ac9-8554-a686bd61e868">
<textFieldExpression><![CDATA[$R{title.appendencies}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="25" width="400" height="25" forecolor="#232B44" uuid="ff1277d5-4d92-45d4-8bb0-33e276535ccb">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
<paragraph leftIndent="10"/>
</textElement>
<text><![CDATA[Findings Severities]]></text>
</staticText>
<staticText>
<reportElement x="0" y="50" width="400" height="25" forecolor="#232B44" uuid="c2e58188-b6bf-4184-afc4-f4fc122e4ac1">
<textFieldExpression><![CDATA[$R{title.findings_severities}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="50" width="400" height="25" forecolor="#232B44" uuid="f7916dac-ce4d-4465-a966-725da9aec246">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
<paragraph leftIndent="10"/>
</textElement>
<text><![CDATA[Risk Matrix]]></text>
</staticText>
<staticText>
<reportElement x="0" y="75" width="400" height="25" forecolor="#232B44" uuid="76a14be3-8f39-4052-a22f-2f3dac68e0ae">
<textFieldExpression><![CDATA[$R{title.risk_matrix}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="75" width="400" height="25" forecolor="#232B44" uuid="3ecdc1c6-144c-4216-8073-0cd10c433b05">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
<paragraph leftIndent="10"/>
</textElement>
<text><![CDATA[Severity Rating Definitions]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.severity_definitions}]]></textFieldExpression>
</textField>
</jr:tableFooter>
<jr:columnHeader style="Table_CH" height="170" rowSpan="1">
<staticText>
<reportElement x="0" y="0" width="400" height="34" uuid="9d638d8b-7d1c-4fe2-b494-d8ee3c337a9f"/>
<textField>
<reportElement x="0" y="0" width="400" height="34" uuid="0dcf4738-ac1b-4a51-939c-8b8048166783"/>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Executive Summary]]></text>
</staticText>
<staticText>
<reportElement x="0" y="34" width="400" height="34" forecolor="#232B44" uuid="3089a5ee-9038-4d3d-b7c7-ff7be4a1a91e">
<textFieldExpression><![CDATA[$R{title.summary}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="34" width="400" height="34" forecolor="#232B44" uuid="5445fcf0-817f-4008-bc39-fa61b6171fe7">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
<paragraph leftIndent="10"/>
</textElement>
<text><![CDATA[Assessment Overview and Recommendations]]></text>
</staticText>
<staticText>
<reportElement x="0" y="68" width="400" height="34" forecolor="#232B44" uuid="03912891-062e-41e2-88fb-1cd2dd0eb37c">
<textFieldExpression><![CDATA[$R{title.assessment_overview_and_recommendations}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="68" width="400" height="34" forecolor="#232B44" uuid="bdb51757-ecb6-41cc-9ee9-58072b3e5307">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
<paragraph leftIndent="10"/>
</textElement>
<text><![CDATA[Number of Findings per Category]]></text>
</staticText>
<staticText>
<reportElement x="0" y="102" width="400" height="34" forecolor="#232B44" uuid="cf22afbf-5690-4d33-86be-f671daa668ac">
<textFieldExpression><![CDATA[$R{title.number_of_findings_per_category}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="102" width="400" height="34" forecolor="#232B44" uuid="68058a42-5ac0-4a11-b9a3-9159d2fae966">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<font size="12" isBold="true"/>
<paragraph leftIndent="10"/>
</textElement>
<text><![CDATA[Severity Overview of Findings]]></text>
</staticText>
<staticText>
<reportElement x="0" y="136" width="400" height="34" uuid="642bc39c-e2fd-47bb-ae15-8a30fb59ad72">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textFieldExpression><![CDATA[$R{title.severity_overview_of_findings}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="136" width="400" height="34" uuid="6bc57000-98b4-4c44-90a7-23be43cc5bf0"/>
<textElement verticalAlignment="Middle">
<font fontName="SansSerif" size="12" isBold="true"/>
<paragraph leftIndent="0"/>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Technical Findings and Comments Details]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.reports}]]></textFieldExpression>
</textField>
</jr:columnHeader>
<jr:detailCell style="Table_TD" height="30">
<textField>
@ -224,7 +221,7 @@
</band>
</detail>
<columnFooter>
<band height="49" splitType="Stretch"/>
<band height="50" splitType="Stretch"/>
</columnFooter>
<pageFooter>
<band height="54" splitType="Stretch"/>

14
security-c4po-reporting/src/main/resources/jasper/reports/c4po_cover.jrxml
View File

@ -122,14 +122,14 @@
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="26" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Penetration Test"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{title.cover_one}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="107" y="61" width="340" height="40" forecolor="#232B44" uuid="edce29e2-8963-43bd-8361-69e579e4a1e1"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="26" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA["Report of Findings"]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{title.cover_two}]]></textFieldExpression>
</textField>
</band>
</columnHeader>
@ -176,13 +176,13 @@
<rectangle>
<reportElement x="-20" y="-10" width="595" height="20" forecolor="#151B2E" backcolor="#151B2E" uuid="724a02c5-82c8-4a72-bf81-b77baa72c723"/>
</rectangle>
<staticText>
<reportElement mode="Opaque" x="0" y="-9" width="551" height="18" forecolor="#FEFEFF" backcolor="#151B2E" uuid="3291af19-09ed-453c-a068-90a951d4f7b5"/>
<textField>
<reportElement x="0" y="-7" width="554" height="15" forecolor="#FFFFFF" uuid="32716a0d-4cec-4dc4-b766-f545dea11169"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font fontName="SansSerif&#xA;&#xA;" size="8" isBold="true" isItalic="false"/>
<font size="8" isBold="true"/>
</textElement>
<text><![CDATA[No part of this document may be disclosed to outside sources without the explicit written authorization of the tester]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{hint}]]></textFieldExpression>
</textField>
</band>
</pageFooter>
</jasperReport>

54
security-c4po-reporting/src/main/resources/jasper/reports/c4po_executive_summary.jrxml
View File

@ -141,13 +141,6 @@
<pen lineWidth="0.0"/>
</graphicElement>
</rectangle>
<staticText>
<reportElement x="0" y="0" width="432" height="30" forecolor="#FFFFFF" uuid="727c5a22-9505-4eee-8697-c33c25770203"/>
<textElement verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<text><![CDATA[Executive Summary]]></text>
</staticText>
<ellipse>
<reportElement x="537" y="0" width="30" height="30" backcolor="#232B44" uuid="94ae9350-4d6a-4660-a412-628324e3e766"/>
<graphicElement>
@ -158,6 +151,13 @@
<reportElement x="539" y="3" width="23" height="24" uuid="e47a59e3-90b6-43d3-9d42-930a6d497a05"/>
<imageExpression><![CDATA[$P{CDATA_WATERMARK}]]></imageExpression>
</image>
<textField>
<reportElement x="1" y="0" width="379" height="30" forecolor="#FFFFFF" uuid="4c1bb295-6c8a-4ee8-a0c7-9c9787bde39c"/>
<textElement verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title.summary}]]></textFieldExpression>
</textField>
</band>
</title>
<columnHeader>
@ -167,33 +167,19 @@
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[(($F{summary}.length() == 0) ? "" + $F{client} +" contracted " + $F{tester} + " to perform a Penetration Test to identify security weaknesses, determine the impact to " + $F{client} +", document all findings in a clear and repeatable manner, and provide remediation recommendations." : $F{summary})]]></textFieldExpression>
<textFieldExpression><![CDATA[(($F{summary}.length() == 0) ? $R{text.summary} : $F{summary})]]></textFieldExpression>
</textField>
<staticText>
<reportElement x="0" y="10" width="380" height="20" forecolor="#232B44" uuid="b508eb27-8cf7-40f3-86e8-6b7c9328d919"/>
<textElement>
<textField>
<reportElement x="1" y="11" width="479" height="19" forecolor="#232B44" uuid="13717058-8dea-4512-8807-1d2eda079aad"/>
<textElement textAlignment="Left" verticalAlignment="Top" markup="none">
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Assessment Overview and Recommendations]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.assessment_overview_and_recommendations}]]></textFieldExpression>
</textField>
</band>
</columnHeader>
<detail>
<band height="500" splitType="Stretch">
<staticText>
<reportElement x="0" y="20" width="380" height="20" forecolor="#232B44" uuid="43e826cd-e910-4ab5-a689-935baa555e58"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Number of Findings per Category]]></text>
</staticText>
<staticText>
<reportElement positionType="Float" x="0" y="300" width="380" height="20" forecolor="#232B44" uuid="daae5600-96f6-4f4c-b3ce-a12aadf2696a"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Severity Overview of Findings]]></text>
</staticText>
<pieChart>
<chart evaluationTime="Report">
<reportElement key="" positionType="Float" stretchType="ElementGroupHeight" x="0" y="40" width="553" height="239" uuid="aaf04aa7-f7c5-48b9-b422-0f210e35d7be"/>
@ -269,6 +255,20 @@
<itemLabel/>
</piePlot>
</pieChart>
<textField>
<reportElement x="0" y="20" width="480" height="19" forecolor="#232B44" uuid="8810e73b-f431-430d-86bc-10747c926be6"/>
<textElement textAlignment="Left" verticalAlignment="Top" markup="none">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title.number_of_findings_per_category}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="1" y="300" width="479" height="19" forecolor="#232B44" uuid="e21093fa-df5d-4827-a2a5-b935db9749e3"/>
<textElement textAlignment="Left" verticalAlignment="Top" markup="none">
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title.severity_overview_of_findings}]]></textFieldExpression>
</textField>
</band>
</detail>
</jasperReport>

3
security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_comments_only.jrxml
View File

@ -223,6 +223,9 @@
<band height="611" splitType="Stretch">
<subreport isUsingCache="false" runToBottom="false">
<reportElement x="0" y="0" width="554" height="610" isRemoveLineWhenBlank="true" uuid="48da877f-cf38-4fc2-9104-934c8a528d6e"/>
<subreportParameter name="REPORT_RESOURCE_BUNDLE">
<subreportParameterExpression><![CDATA[$P{REPORT_RESOURCE_BUNDLE}]]></subreportParameterExpression>
</subreportParameter>
<dataSourceExpression><![CDATA[$P{PentestCommentsDataSource}]]></dataSourceExpression>
<subreportExpression><![CDATA[$P{CDATA_CommentsSubreport}]]></subreportExpression>
</subreport>

6
security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_and_comments.jrxml
View File

@ -316,11 +316,17 @@
<subreportParameter name="PentestFindingsDataSource">
<subreportParameterExpression><![CDATA[]]></subreportParameterExpression>
</subreportParameter>
<subreportParameter name="REPORT_RESOURCE_BUNDLE">
<subreportParameterExpression><![CDATA[$P{REPORT_RESOURCE_BUNDLE}]]></subreportParameterExpression>
</subreportParameter>
<dataSourceExpression><![CDATA[$P{PentestFindingsDataSource}]]></dataSourceExpression>
<subreportExpression><![CDATA[$P{CDATA_FindingsSubreport}]]></subreportExpression>
</subreport>
<subreport isUsingCache="false" runToBottom="true">
<reportElement positionType="Float" x="0" y="350" width="554" height="339" isRemoveLineWhenBlank="true" uuid="48da877f-cf38-4fc2-9104-934c8a528d6e"/>
<subreportParameter name="REPORT_RESOURCE_BUNDLE">
<subreportParameterExpression><![CDATA[$P{REPORT_RESOURCE_BUNDLE}]]></subreportParameterExpression>
</subreportParameter>
<dataSourceExpression><![CDATA[$P{PentestCommentsDataSource}]]></dataSourceExpression>
<subreportExpression><![CDATA[$P{CDATA_CommentsSubreport}]]></subreportExpression>
</subreport>

3
security-c4po-reporting/src/main/resources/jasper/reports/c4po_pentests_findings_only.jrxml
View File

@ -271,6 +271,9 @@
<subreportParameter name="PentestFindingsDataSource">
<subreportParameterExpression><![CDATA[]]></subreportParameterExpression>
</subreportParameter>
<subreportParameter name="REPORT_RESOURCE_BUNDLE">
<subreportParameterExpression><![CDATA[$P{REPORT_RESOURCE_BUNDLE}]]></subreportParameterExpression>
</subreportParameter>
<dataSourceExpression><![CDATA[$P{PentestFindingsDataSource}]]></dataSourceExpression>
<subreportExpression><![CDATA[$P{CDATA_FindingsSubreport}]]></subreportExpression>
</subreport>

19
security-c4po-reporting/src/main/resources/jasper/reports/c4po_state_of_confidentiality.jrxml
View File

@ -58,30 +58,23 @@
<reportElement x="539" y="3" width="23" height="24" uuid="75a577b3-42df-4d40-be10-d0991b2769e2"/>
<imageExpression><![CDATA[$P{CDATA_WATERMARK}]]></imageExpression>
</image>
<staticText>
<reportElement x="0" y="0" width="432" height="30" forecolor="#FFFFFF" uuid="329f5881-cba9-4418-9ef0-99a6805906ba"/>
<textField>
<reportElement x="0" y="0" width="379" height="30" forecolor="#FFFFFF" uuid="28de72b7-9df9-4a23-af2b-1f0266caf400"/>
<textElement verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<text><![CDATA[State of Confidentiality]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.confidentiality}]]></textFieldExpression>
</textField>
</band>
</title>
<detail>
<band height="460" splitType="Stretch">
<textField textAdjust="StretchHeight">
<reportElement x="0" y="0" width="552" height="99" uuid="155d6f81-907f-49ed-ae21-2dae085f72b2"/>
<reportElement x="0" y="0" width="552" height="339" uuid="155d6f81-907f-49ed-ae21-2dae085f72b2"/>
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA["The contents of this document have been developed by " + $F{tester} + ". " + $F{tester} + " considers the contents of this document to be proprietary and business confidential information. This information is to be used only in the performance of its intended use. This document may not be released to another vendor, business partner or contractor without prior written consent from " + $F{tester} + ". Additionally, no portion of this document may be communicated, reproduced, copied or distributed without the prior consent of " + $F{tester} + "."]]></textFieldExpression>
</textField>
<textField textAdjust="StretchHeight">
<reportElement positionType="Float" x="0" y="100" width="551" height="100" uuid="6b5626a8-ff7b-450b-8c53-93c2115bd56c"/>
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA["The contents of this document do not constitute legal advice. " + $F{tester}+"s offer of services that relate to compliance, litigation or other legal interests are not intended as legal counsel and should not be taken as such. The assessment detailed herein is against the company " + $F{client} + " for examination purposes, and the vulnerabilities included in this document should be mitigated in order to secure " + $F{client} + " external or internal infrastructure."]]></textFieldExpression>
<textFieldExpression><![CDATA[$R{text.confidentiality}]]></textFieldExpression>
</textField>
</band>
</detail>

BIN
security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jasper
View File

Binary file not shown.

36
security-c4po-reporting/src/main/resources/jasper/subReports/CommentsSubreport.jrxml
View File

@ -35,20 +35,6 @@
</background>
<detail>
<band height="580" splitType="Stretch">
<staticText>
<reportElement x="0" y="50" width="100" height="19" forecolor="#232B44" uuid="27e653a4-f25c-4e14-a2dd-98639beaa958"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Title:]]></text>
</staticText>
<staticText>
<reportElement positionType="Float" x="0" y="120" width="100" height="20" forecolor="#232B44" uuid="4f0f0eaf-177b-4af7-99d8-a46b0faa9357"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Description:]]></text>
</staticText>
<textField textAdjust="StretchHeight">
<reportElement x="0" y="70" width="530" height="30" uuid="62ff1e8e-7987-4cd0-a79e-536859418d32"/>
<textElement>
@ -82,13 +68,27 @@
</textElement>
<textFieldExpression><![CDATA[$F{id}]]></textFieldExpression>
</textField>
<staticText>
<reportElement x="0" y="-12" width="80" height="32" forecolor="#FFFFFF" uuid="06c9b872-ccec-44a6-854f-ef7b5dcedec9"/>
<textField>
<reportElement x="0" y="-12" width="80" height="32" forecolor="#FFFFFF" uuid="e3a73731-aebe-4f52-b965-c33e63c03dac"/>
<textElement verticalAlignment="Middle">
<font size="14" isBold="true"/>
</textElement>
<text><![CDATA[Comment:]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.comment}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="50" width="280" height="20" forecolor="#232B44" uuid="19308a8b-8ca0-48cb-84c9-a7088027b7f3"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title}]]></textFieldExpression>
</textField>
<textField>
<reportElement positionType="Float" x="0" y="120" width="280" height="20" forecolor="#232B44" uuid="967a81ec-1f91-431f-a644-c26eecad5d34"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{description}]]></textFieldExpression>
</textField>
</band>
</detail>
</jasperReport>

BIN
security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jasper
View File

Binary file not shown.

96
security-c4po-reporting/src/main/resources/jasper/subReports/FindingsSubreport.jrxml
View File

@ -86,20 +86,6 @@
</textElement>
<textFieldExpression><![CDATA[$F{description}]]></textFieldExpression>
</textField>
<staticText>
<reportElement positionType="Float" x="0" y="120" width="100" height="20" forecolor="#232B44" uuid="cb620215-7d9a-422e-a286-d1374c29469a"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Description:]]></text>
</staticText>
<staticText>
<reportElement x="0" y="50" width="100" height="20" forecolor="#232B44" uuid="a8c19344-4ce8-4d15-919b-4cbb004aba79"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Title:]]></text>
</staticText>
<textField textAdjust="StretchHeight">
<reportElement x="0" y="70" width="430" height="30" uuid="1ac22e9e-2fe9-4fc7-94ca-5e30db7aa74f"/>
<textElement>
@ -107,13 +93,6 @@
</textElement>
<textFieldExpression><![CDATA[$F{title}]]></textFieldExpression>
</textField>
<staticText>
<reportElement positionType="Float" x="0" y="200" width="100" height="20" forecolor="#232B44" uuid="3d056116-a999-4c17-b3b0-94b26e69c9c6"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Impact:]]></text>
</staticText>
<textField textAdjust="StretchHeight">
<reportElement positionType="Float" x="0" y="220" width="530" height="40" uuid="d026c3e2-1431-4010-b0d7-bf07cb339ed7"/>
<textElement>
@ -128,27 +107,13 @@
</textElement>
<textFieldExpression><![CDATA[$F{reproduction}]]></textFieldExpression>
</textField>
<staticText>
<reportElement positionType="Float" x="0" y="280" width="180" height="20" forecolor="#232B44" uuid="5d0ab6e7-dd18-4da2-848b-95abc47936e8"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Reproduction Steps:]]></text>
</staticText>
<textField textAdjust="StretchHeight">
<reportElement positionType="Float" x="0" y="380" width="530" height="40" uuid="09dea210-c47a-486e-b461-c6fb7c27bb39"/>
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[(($F{mitigation}.length() == 0) ? "No mitigation to avoid, minimize or compensate the finding found or needed." : $F{mitigation})]]></textFieldExpression>
<textFieldExpression><![CDATA[(($F{mitigation}.length() == 0) ? $R{no_mitigation} : $F{mitigation})]]></textFieldExpression>
</textField>
<staticText>
<reportElement positionType="Float" x="0" y="360" width="180" height="20" forecolor="#232B44" uuid="0aaec1e4-9ac0-48de-96ef-0ac5ad1e9be0"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Mitigation:]]></text>
</staticText>
<rectangle>
<reportElement x="0" y="-12" width="575" height="33" forecolor="#FF3D70" backcolor="#FF3D70" uuid="cb580eb9-9492-4fb6-8eb7-304e50612c9f"/>
<graphicElement>
@ -192,22 +157,57 @@
<textElement>
<font size="12"/>
</textElement>
<textFieldExpression><![CDATA[(($F{affectedUrls}.size() == 0) ? "No specific URL's affected." : $F{affectedUrls}.toString().substring(1, $F{affectedUrls}.toString().length() - 1))]]></textFieldExpression>
<textFieldExpression><![CDATA[(($F{affectedUrls}.size() == 0) ? $R{no_affected_urls} : $F{affectedUrls}.toString().substring(1, $F{affectedUrls}.toString().length() - 1))]]></textFieldExpression>
</textField>
<staticText>
<reportElement positionType="Float" x="0" y="440" width="180" height="20" forecolor="#232B44" uuid="003646c0-fc53-4add-84d2-b3816d52789d"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<text><![CDATA[Affected URL's:]]></text>
</staticText>
<staticText>
<reportElement x="0" y="-12" width="80" height="32" forecolor="#FFFFFF" uuid="c6ec29f3-3687-4098-80b5-30fd33a7989a"/>
<textField>
<reportElement x="0" y="-12" width="80" height="32" forecolor="#FFFFFF" uuid="b57555be-8b0c-4f2e-be08-22c3bf07e343"/>
<textElement verticalAlignment="Middle">
<font size="14" isBold="true"/>
</textElement>
<text><![CDATA[Finding:]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.finding}]]></textFieldExpression>
</textField>
<textField>
<reportElement x="0" y="50" width="280" height="20" forecolor="#232B44" uuid="24833130-7baa-4959-996e-97cfce37b3d6"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{title}]]></textFieldExpression>
</textField>
<textField>
<reportElement positionType="Float" x="0" y="120" width="280" height="20" forecolor="#232B44" uuid="83f026fc-249b-41aa-9540-99661ee5010d"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{description}]]></textFieldExpression>
</textField>
<textField>
<reportElement positionType="Float" x="0" y="200" width="280" height="20" forecolor="#232B44" uuid="e7a779ad-b9ae-47ad-8e3d-be20876fc5a9"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{impact}]]></textFieldExpression>
</textField>
<textField>
<reportElement positionType="Float" x="0" y="280" width="280" height="20" forecolor="#232B44" uuid="2f5670ee-4de0-4409-bb33-ac83c5e03ec4"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{reproduction_steps}]]></textFieldExpression>
</textField>
<textField>
<reportElement positionType="Float" x="0" y="360" width="280" height="20" forecolor="#232B44" uuid="3d6c19e0-8cd3-4c39-b998-e704210d6622"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{mitigation}]]></textFieldExpression>
</textField>
<textField>
<reportElement positionType="Float" x="0" y="440" width="280" height="20" forecolor="#232B44" uuid="975e0e09-6186-4a40-9466-2f241c43b7f6"/>
<textElement>
<font size="12" isBold="true"/>
</textElement>
<textFieldExpression><![CDATA[$R{affected_urls}]]></textFieldExpression>
</textField>
</band>
</detail>
</jasperReport>

BIN
security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jasper
View File

Binary file not shown.

93
security-c4po-reporting/src/main/resources/jasper/subReports/SeverityRatingTableSubreport.jrxml
View File

@ -40,9 +40,9 @@
<band splitType="Stretch"/>
</background>
<detail>
<band height="620" splitType="Stretch">
<band height="680" splitType="Stretch">
<componentElement>
<reportElement positionType="Float" x="-20" y="-20" width="560" height="620" uuid="10d88177-713d-4c60-9266-5afb31684f19">
<reportElement positionType="Float" x="-20" y="-20" width="560" height="700" uuid="10d88177-713d-4c60-9266-5afb31684f19">
<property name="com.jaspersoft.studio.layout" value="com.jaspersoft.studio.editor.layout.VerticalRowLayout"/>
<property name="com.jaspersoft.studio.table.style.table_header" value="Table_TH"/>
<property name="com.jaspersoft.studio.table.style.column_header" value="Table_CH"/>
@ -56,44 +56,47 @@
<jr:column width="112" uuid="dd4a463a-7807-42ae-9419-7a17135a2a58">
<property name="com.jaspersoft.studio.components.table.model.column.name" value="Column1"/>
<jr:tableHeader style="Table_TH" height="30" rowSpan="1">
<staticText>
<reportElement x="0" y="0" width="112" height="30" forecolor="#FFFFFF" uuid="140fe665-f028-4805-a55f-4b4190be3140"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<textField>
<reportElement x="0" y="0" width="112" height="30" forecolor="#FFFFFF" uuid="14568593-28fa-4e16-9830-5acd6ec74634">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement verticalAlignment="Middle">
<font size="12" isBold="true"/>
<paragraph leftIndent="10"/>
</textElement>
<text><![CDATA[Rating]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{rating}]]></textFieldExpression>
</textField>
</jr:tableHeader>
<jr:tableFooter style="Table_CH" height="200" rowSpan="1">
<jr:tableFooter style="Table_CH" height="220" rowSpan="1">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="200" forecolor="#03C886" uuid="bb091668-8003-45fc-a4aa-e54a96f7fa87"/>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="220" forecolor="#03C886" uuid="bb091668-8003-45fc-a4aa-e54a96f7fa87"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<text><![CDATA[Low]]></text>
</staticText>
</jr:tableFooter>
<jr:columnHeader style="Table_CH" height="90" rowSpan="1">
<jr:columnHeader style="Table_CH" height="110" rowSpan="1">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="90" forecolor="#FF3D70" uuid="d742063f-e537-400f-bb31-bb55fa9f20fd"/>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="110" forecolor="#FF3D70" uuid="d742063f-e537-400f-bb31-bb55fa9f20fd"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<text><![CDATA[Critical]]></text>
</staticText>
</jr:columnHeader>
<jr:columnFooter style="Table_CH" height="200" rowSpan="1">
<jr:columnFooter style="Table_CH" height="220" rowSpan="1">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="200" forecolor="#35A4FE" uuid="a8b12a40-8144-4226-870f-0e0a1e5ea752"/>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="220" forecolor="#35A4FE" uuid="a8b12a40-8144-4226-870f-0e0a1e5ea752"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
<text><![CDATA[Medium]]></text>
</staticText>
</jr:columnFooter>
<jr:detailCell style="Table_TD" height="100">
<jr:detailCell style="Table_TD" height="120">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="100" forecolor="#FFAB00" uuid="4a1dd484-384f-45ca-a41a-8d1d2b5fb1e6"/>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="112" height="120" forecolor="#FFAB00" uuid="4a1dd484-384f-45ca-a41a-8d1d2b5fb1e6"/>
<textElement textAlignment="Center" verticalAlignment="Middle">
<font size="16" isBold="true"/>
</textElement>
@ -104,82 +107,60 @@
<jr:column width="448" uuid="ab851b91-c506-48d4-a4e6-77292e4c42ef">
<property name="com.jaspersoft.studio.components.table.model.column.name" value="Column2"/>
<jr:tableHeader style="Table_TH" height="30" rowSpan="1">
<staticText>
<reportElement x="0" y="0" width="448" height="30" forecolor="#FFFFFF" uuid="7c3f036d-ed06-4aa2-bba2-f45c7eb91316">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement textAlignment="Left" verticalAlignment="Middle">
<textField>
<reportElement x="0" y="0" width="448" height="30" forecolor="#FFFFFF" uuid="0ce92a8f-5a55-4977-a0f9-c5fe8b47701f"/>
<textElement verticalAlignment="Middle">
<font size="12" isBold="true"/>
<paragraph leftIndent="2"/>
</textElement>
<text><![CDATA[Severity Rating Definition]]></text>
</staticText>
<textFieldExpression><![CDATA[$R{title.severity_definitions}]]></textFieldExpression>
</textField>
</jr:tableHeader>
<jr:tableFooter style="Table_CH" height="200" rowSpan="1">
<jr:tableFooter style="Table_CH" height="220" rowSpan="1">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="448" height="200" uuid="9e066b11-0381-46ce-a05b-99b2293ce66c">
<reportElement x="0" y="0" width="448" height="220" uuid="edaaec3d-9e81-46a5-a628-05a0dd9716f4">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement>
<font size="12"/>
<paragraph leftIndent="2"/>
</textElement>
<text><![CDATA[Exploitation of the technical or procedural vulnerability will cause minimal impact to operations. The
Confidentiality, Integrity and Availability (CIA) of sensitive information are not at risk of compromise.
Exploitation of the vulnerability may cause slight financial loss or public embarrassment. The threat exposure is
moderate-to-low. Security controls are in place to contain the severity of impact if the vulnerability were
exploited, such that further political, financial, or legal damage will not occur.
- OR -
The vulnerability is such that it would otherwise be considered Medium Risk, but the threat exposure is so limited
that the likelihood of occurrence is minimal.]]></text>
<text><![CDATA[$R{text.severity_definitions.low}]]></text>
</staticText>
</jr:tableFooter>
<jr:columnHeader style="Table_CH" height="90" rowSpan="1">
<jr:columnHeader style="Table_CH" height="110" rowSpan="1">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="448" height="90" uuid="628591b9-4f90-45cf-896c-e38355ed9de8">
<property name="com.jaspersoft.studio.unit.firstLineIndent" value="pixel"/>
<reportElement x="0" y="0" width="448" height="110" uuid="ce298324-4e50-4432-91ea-01897f3749b4">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement textAlignment="Left">
<textElement>
<font size="12"/>
<paragraph lineSpacingSize="1.0" leftIndent="2"/>
<paragraph leftIndent="2"/>
</textElement>
<text><![CDATA[Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political,
financial, and/or legal damage is likely to result. The threat exposure is critical, and a publicly available mechanism exists to exploit the vulnerability. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability were exploited.]]></text>
<text><![CDATA[$R{text.severity_definitions.critical}]]></text>
</staticText>
</jr:columnHeader>
<jr:columnFooter style="Table_CH" height="200" rowSpan="1">
<jr:columnFooter style="Table_CH" height="220" rowSpan="1">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="448" height="200" uuid="b9e7a6f9-946f-4824-8a9e-24bc3279589a">
<reportElement x="0" y="0" width="448" height="220" uuid="0301e4cd-36bd-45bb-bdd7-f0740d79663f">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement>
<font size="12"/>
<paragraph leftIndent="2"/>
</textElement>
<text><![CDATA[Exploitation of the technical or procedural vulnerability will significantly impact the confidentiality, integrity,
and/or availability of the system, application, or data. Exploitation of the vulnerability may cause moderate
financial loss or public embarrassment. The threat exposure is moderate-to-high, thereby increasing the
likelihood of occurrence. Security controls are in place to contain the severity of impact if the vulnerability were
exploited, such that further political, financial, or legal damage will not occur.
- OR -
The vulnerability is such that it would otherwise be considered High Risk, but the threat exposure is so limited
that the likelihood of occurrence is minimal.]]></text>
<text><![CDATA[$R{text.severity_definitions.medium}]]></text>
</staticText>
</jr:columnFooter>
<jr:detailCell style="Table_TD" height="100">
<jr:detailCell style="Table_TD" height="120">
<staticText>
<reportElement positionType="Float" stretchType="ContainerHeight" x="0" y="0" width="448" height="100" uuid="8a292592-81b2-49a1-bfda-e9540ecb3aa9">
<reportElement x="0" y="0" width="448" height="120" uuid="12feb6c9-3269-431a-9e8a-a155563d1da4">
<property name="com.jaspersoft.studio.unit.leftIndent" value="px"/>
</reportElement>
<textElement>
<font size="12"/>
<paragraph leftIndent="2"/>
</textElement>
<text><![CDATA[Exploitation of the technical or procedural vulnerability will cause substantial harm. Significant political,
financial, and/or legal damage is likely to result. The threat exposure is high, thereby increasing the likelihood of
occurrence. Security controls are not effectively implemented to reduce the severity of impact if the vulnerability
were exploited.]]></text>
<text><![CDATA[$R{text.severity_definitions.high}]]></text>
</staticText>
</jr:detailCell>
</jr:column>