FuseSoft Developer/Security Blog


Report Designer Tags


Match and Replace Variables

The Faction Report Designer supports the below variables. Entering these into your DOCX reports will auto replace assessment and vulnerability text when the report is generated. You can even add the same variables into many of the user input fields and will auto populate the fields when the report is generated.





General Variables

These can be used any where in the report
  • ${assessment.ID} - Internal Database ID
  • ${assessment.APPID} - The assigned Application ID
  • ${assessment.NAME} - The Assessment Name
  • ${assessment.ASSESSOR} - The first assessor assigned to the assessment
  • ${assessment.ASSESSORS_LINES} - All Assessors split into lines
  • ${assessment.ASSESSORS_COMMA} - All Assessors split into a comma delimited list
  • ${assessment.ASSESSORS_BULLETS} - All Assessors split into a bulleted list
  • ${assessment.REMED} - The Remediation Person assigned to the assessment
  • ${assessment.RISKLEVELCOUNT*} - The number of findings at the RiskLevel 0-9
  • ${assessment.TEAM} - The Assessor Team Name
  • ${assessment.TYPE} - The Type of the Assessment
  • ${assessment.START} - The Start date of the assessment
  • ${assessment.END} - The End date of the assessment
  • ${assessment.ACCESSKEY} - Guid to access the client retest queue.
  • ${TODAY} - Day the report is generated

Vulnerability Summary Table Variables

  • ${vulntable} - This defines a table to be a vulnerability listing table.
  • ${vulnname} - The Vulnerability name
  • ${category} - Category of the vulnerability
  • ${severity} - Severity of each vulnerability.
  • ${likelyhood} - Likelyhood of the vulnerability
  • ${impact} - Impact of the vulnerability
  • ${cvss} - cvss score of the vulnerability
  • ${status} - CVSS Score of the vulnerability
  • ${count} - Row Count of the vulnerability
  • ${tracking} - Tracking number of the vulnerability
  • ${vid} - Vulnerability internal database id
  • ${color  key=value,key=value} - The color of the cell based on key value pairs. If you want all cells with the text Critical to be red and High's to be blue then the variable will be ${color Critical=FF0000,High=0000FF}
Example Table:
  
${vulntable}
${color Critical=C00000,High=FFC000}


ID
Finding Name
Score CVSS
Severity
${count}
${vulnname}
${cvss}
${severity}





Vulnerability Findings Variables

These are used inside the template.FINDINGS templates.
  • ${vulnerablity.NAME} - Name of the vulnerability
  • ${vulnerablity.CAT} - Vulnerability Category.
  • ${vulnerability.DESC} - Vulnerability Description
  • ${vulnerability.REC} - Vulnerability Fix Recommendation
  • ${vulnerablity.SEVERITY} - Overall severity of the vulnerability
  • ${vulnerablity.IMPACT} - Impact rating of the vulnerability
  • ${vulnerablity.LIKELYHOOD} - Likelyhood of the vulnerability
  • ${vulnerablity.VID} - Internal Database ID of the vulnerability
  • ${vulnerablity.STATUS} - Status of the Vulnerability (open or closed)
  • ${vulnerablity.TRACKING} - Vulnerability Tracking Id
  • ${vulnerablity.CVSS} - Vulnerability CVSS Score
  • ${vulnerability.DESC} - Vulnerability Description
  • ${vulnerability.REC} - Vulnerability Fix Recommendation


Exploit Step/Evidence Variables

These are used inside template.FINDINGS_DETAIL templates.

  • ${vulnerability.EXPLOIT} - Vulnerability Exploit Steps and screenshots.


Template Variables

These will insert DOCX templates into an existing base document.
  • ${template.FINDINGS} - List all findings details and recommendations
  • ${template.FINDINGS_DETAIL_HDR} - This is a base page that includes the ${template.FINDINGD_DETAIL} .This page is repeated for each vulnerability.
  • ${template.FINDINGS_DETAIL} - This includes the exploit steps and evidence for the each vulnerability. 


All of the text generate from Faction is HTML. You can control how it is rendered in the DOCX format using the CSS editor in the Report Designer. You will need to set the css to match your report templates. Things like font and size will need to match. Images will need to forced to resize to the correct dimensions to fit in your reports.







No comments:

Post a Comment