Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

assign findings to elements #86

Merged
merged 1 commit into from
Mar 31, 2020
Merged

assign findings to elements #86

merged 1 commit into from
Mar 31, 2020

Conversation

nineinchnick
Copy link
Collaborator

Assign findings to elements to allow to render them in reports grouped by assets/dataflows.

@nineinchnick nineinchnick requested a review from izar as a code owner March 15, 2020 20:40
@ghost
Copy link

ghost commented Mar 15, 2020
edited by ghost
Loading

DeepCode's analysis on #b1e001 found:

4 minor issues. ✔️ 1 issue were fixed.

👉 View analysis in DeepCode’s Dashboard

☺️ If you want to provide feedback on our bot, here is how to contact us.

@nineinchnick
Copy link
Collaborator Author

Here's an example template. Pretty ugly but works:

## Findings

{elements:repeat:{{item.findings:if:
### {{item.name}}

{{item.findings:repeat:
**Threat**: {{{{item.id}}}} - {{{{item.description}}}}

**Severity**: {{{{item.severity}}}}

**Types**: {{{{item.categories}}}}

**References**: {{{{item.references}}}}

}}}}}

Finding properties need to be double escaped since there are two loops, hence four brackets. Fortunately the if doesn't add another level of escaping. There are five closing brackets at the end since two close the inner loop, next two the if and last one closes outer loop.

I think this is as far as this templating system should be taken but grouping by asset/dataflow should make it easier to manage large number of findings.

@nineinchnick nineinchnick mentioned this pull request Mar 18, 2020
Closed
@nineinchnick nineinchnick force-pushed the element-findings branch 2 times, most recently from 5ddfe82 to 44a3a1d Compare March 24, 2020 21:18
izar
izar reviewed Mar 31, 2020
View reviewed changes
Copy link
Collaborator

@izar izar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this one looks good - can you add a sample template ?

@nineinchnick
Copy link
Collaborator Author

Done!

@izar izar merged commit 73fe5fe into OWASP:master Mar 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@izar izar izar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nineinchnick @izar