-
Notifications
You must be signed in to change notification settings - Fork 3
/
report-template.html
171 lines (156 loc) · 5.37 KB
/
report-template.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>ColdFusion 2016 Security Analyzer Report</title>
<link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css"/>
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.11/css/dataTables.bootstrap.min.css"/>
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/responsive/2.0.2/css/responsive.bootstrap.min.css"/>
</head>
<body>
<div class="container">
<div class="row">
<h1>Security Analyzer Report</h1>
</div>
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Report Information</h3>
</div>
<div class="panel-body">
<dl class="dl-horizontal">
<dt>Date</dt><dd>${reportDate}</dd>
<dt>Directory</dt><dd>${scanDirectory}</dd>
<dt>Duration</dt><dd>${scanDuration}</dd>
</dl>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Breakdown of Vulnerabilities</h3>
</div>
<div class="panel-body">
<div id="canvas-holder">
<canvas id="vulnerabilityChart" style="height: 300px; !important"/>
</div>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Vulnerabilties</h3>
</div>
<div class="panel-body">
<table id="reportDataTable" class="table table-striped table-bordered table-hover">
<thead>
<tr>
<th>Filename</th>
<th>Vulnerability</th>
<th>Type</th>
<th>Line</th>
<th>Column</th>
<th>Fragment</th>
</tr>
</thead>
<tbody>
${vulnerabilityList}
</tbody>
</table>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Files Not Scanned</h3>
</div>
<div class="panel-body">
<table id="unscanableDataTable" class="table table-striped table-bordered table-hover">
<thead>
<tr>
<th>Filename</th>
<th>Reason</th>
</tr>
</thead>
<tbody>
${unscanableList}
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript" src="https://code.jquery.com/jquery-2.2.0.min.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.11/js/jquery.dataTables.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/1.10.11/js/dataTables.bootstrap.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/responsive/2.0.2/js/dataTables.responsive.min.js"></script>
<script type="text/javascript" src="https://cdn.datatables.net/responsive/2.0.2/js/responsive.bootstrap.min.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/1.0.2/Chart.min.js"></script>
<script>
var securityAnalyzerData = ${securityAnalyzerResult};
$(document).ready(function() {
// vulnerability counters
counter = { 'xss': 0,
'csrf': 0,
'sqlinjection': 0,
'htmltopdfxss': 0,
'cookiesvalidations': 0,
'cflocationvalidations': 0,
'passwords': 0,
'fileupload': 0,
'getvspost': 0,
'fileinjection': 0,
'unnamedapp': 0,
'error': 0,
'warning': 0};
// generate data table for vulnerability report
$('#reportDataTable').DataTable({
lengthMenu: [
[ 25, 50, 100, -1 ],
[ '25', '50', '100', 'All' ]
]
});
// generate data table for unscanable files
$('#unscanableDataTable').DataTable({
lengthMenu: [
[ 25, 50, 100, -1 ],
[ '25', '50', '100', 'All' ]
]
});
// count vulnerabilities and types
$.each(securityAnalyzerData.errors, function(id, item) {
counter[item.Error]++;
counter[item.type]++;
});
// generate vulnerability chart
var vulnerabilityData = {
labels: ["SQL Injection", "XSS", "PDF XSS", "CSRF", "Cookies", "CF Location", "Passwords", "File Upload", "Get vs Post", "File Injection", "Unnamed App"],
datasets: [
{
label: "Vulnerability Types",
fillColor: "#F7464A",
highlightFill: "#FF5A5E",
data: [counter.sqlinjection, counter.xss, counter.htmltopdfxss, counter.csrf, counter.cookiesvalidations, counter.cflocationvalidations, counter.passwords, counter.fileupload, counter.getvspost, counter.fileinjection, counter.unnamedapp]
}
]
};
var vulnerabilityChartCanvas = $("#vulnerabilityChart").get(0).getContext("2d");
var vulnerabilityChart = new Chart(vulnerabilityChartCanvas).Bar(vulnerabilityData, {responsive: true, maintainAspectRatio: false});
} );
</script>
</body>
</html>