reports: HTML add sequence support

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
zaproxy · Nov 13, 2024 · 476c7ed · 476c7ed
1 parent ef7fc3e
commit 476c7ed
Show file tree

Hide file tree

Showing 13 changed files with 405 additions and 12 deletions.
diff --git a/addOns/reports/CHANGELOG.md b/addOns/reports/CHANGELOG.md
@@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## Unreleased
 ### Added
 - Stats counter to the main toolbar button (Issue 8375).
-- Sequence data to JSON reports.
+- Sequence data to JSON & HTML reports.
 
 ### Changed
 - Update automation job help.

diff --git a/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages.properties b/addOns/reports/src/main/resources/org/zaproxy/addon/reports/resources/Messages.properties
@@ -132,6 +132,18 @@ reports.report.risk.1 = Low
 reports.report.risk.2 = Medium
 reports.report.risk.3 = High
 
+reports.report.sequences.details.name = Sequence Details
+reports.report.sequences.list.name = Name
+reports.report.sequences.step.alerts = Alerts:
+reports.report.sequences.step.original = Original
+reports.report.sequences.step.replay = Replay
+reports.report.sequences.step.req.body = Request Body
+reports.report.sequences.step.req.header = Request Header
+reports.report.sequences.step.resp.body = Response Body
+reports.report.sequences.step.resp.header = Response Header
+reports.report.sequences.step.result = Result:
+reports.report.sequences.summary.name = Summary of Sequences
+
 reports.report.site = Site: {0}
 reports.report.sites = Sites: {0}
 reports.report.sites.title = Sites

diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/Messages.properties b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/Messages.properties
@@ -17,6 +17,7 @@ report.template.section.chart = Chart
 report.template.section.instancecount = Instance Count
 report.template.section.params = Parameters
 report.template.section.passingrules = Passing Rules
+report.template.section.sequencedetails = Sequence Details
 report.template.section.statistics = Statistics
 report.template.stats.auth = Authentication Statistics
 report.template.stats.auth.none = No Authentication Statistics Found

diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/report.html b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/report.html
@@ -518,6 +518,116 @@ <h3 th:text="#{report.alerts.detail}">Alert Detail</h3>
 			<div class="spacer"></div>
 		</th:block>
 	</th:block>
+
+	<th:block th:if="${reportData.isIncludeSection('sequencedetails')}">
+		<th:block
+			th:if="${reportData.reportObjects.get('seqAScanData') != null}">
+			<h3 th:text="#{report.sequences.summary.name}">Summary of
+				Sequences</h3>
+			<sup>For each step: result (Pass/Fail) - risk (of highest
+				alert(s) for the step, if any).</sup>
+
+			<th:block
+				th:each="seq, seqState: ${reportData.reportObjects.get('seqAScanData').seqData}">
+				<table class="alerts">
+					<tr>
+						<td th:text="${seq.sequenceName}">sequenceName</td>
+						<th:block th:each="step, stepState: ${seq.getSteps()}">
+							<td th:class="(${step.isPass()} ? 'pass' : 'fail')"
+								th:with="riskLvl=(${step.getHighestAlert()})"><span
+								th:text="(${step.isPass()} ? 'Pass' : 'Fail')">isPass</span> <span
+								th:if="${riskLvl &gt; 0}"
+								th:class="'alert-' + ${step.getHighestAlert() + 'a'}"
+								th:text="' - '">flag</span> <span
+								th:text="(${riskLvl &gt; 0} ? ${helper.getRiskString(riskLvl)} : '')">risk</span>
+							</td>
+						</th:block>
+					</tr>
+				</table>
+			</th:block>
+
+			<div class="spacer-lg"></div>
+
+			<th:block th:if="${reportData.isIncludeSection('sequencedetails')}">
+				<th:block
+					th:if="${reportData.reportObjects.get('seqAScanData') != null}">
+					<h3 th:text="#{report.sequences.details.name}">Sequences
+						Details</h3>
+					<sup>With the associated active scan results.</sup>
+
+					<th:block
+						th:each="seq, seqState: ${reportData.reportObjects.get('seqAScanData').seqData}">
+						<h4 th:text="${seq.sequenceName}">sequenceName</h4>
+						<div class="lm2">
+							<th:block th:each="step, stepState: ${seq.getSteps()}">
+
+								<h4
+									th:text="'Step ' + ${stepState.index + 1} + ': ' + ${step.getOriginalMsg().getRequestHeader().getMethod()} + ' - ' + ${step.getOriginalMsg().getRequestHeader().getURI().toString()}">stepDesc</h4>
+
+								<div class="lm2">
+
+									<span th:text="#{report.sequences.step.result}">Result</span> <span
+										th:text="${step.getResult()}">result</span><br> <span
+										th:if="${step.getAlerts().size() &gt; 0}"
+										th:text="#{report.sequences.step.alerts}">Alerts</span>
+									<div class="lm2" th:if="${step.getAlerts().size() &gt; 0}">
+										<th:block th:each="alert: ${step.getAlerts()}">
+											<span th:class="'alert-' + ${alert.getRisk() + 'b'}">&nbsp;<span>
+													<a th:href="'#plugin-' + ${alert.getPluginId()}"
+													th:text="${alert.getName()}" href="#plugin-pluginId">Alert
+														Name</a> <!-- <span th:text="${alert.getName()}">alertName</span> -->
+											</span></span>
+										</th:block>
+									</div>
+
+									<table>
+										<th colspan="2" th:text="#{report.sequences.step.original}">Original</th>
+										<th colspan="2" th:text="#{report.sequences.step.replay}">Replay</th>
+										<tr>
+											<td th:text="#{report.sequences.step.req.header}">reqHdr</td>
+											<td
+												th:text="${step.getOriginalMsg().getRequestHeader().toString().length()}">origReqHdrSize</td>
+											<td th:text="#{report.sequences.step.req.header}">reqHdr</td>
+											<td
+												th:text="${step.getReplayMsg().getRequestHeader().toString().length()}">replayReqHdrSize</td>
+										</tr>
+										<tr>
+											<td th:text="#{report.sequences.step.req.body}">reqBody</td>
+											<td
+												th:text="${step.getOriginalMsg().getRequestBody().length()}">origReqBodySize</td>
+											<td th:text="#{report.sequences.step.req.body}">reqBody</td>
+											<td
+												th:text="${step.getReplayMsg().getRequestBody().length()}">replayReqBodySize</td>
+										</tr>
+										<tr>
+											<td th:text="#{report.sequences.step.resp.header}">respHdr</td>
+											<td
+												th:text="${step.getOriginalMsg().getResponseHeader().toString().length()}">origRespHdrSize</td>
+											<td th:text="#{report.sequences.step.resp.header}">respHdr</td>
+											<td
+												th:text="${step.getReplayMsg().getResponseHeader().toString().length()}">replayRespHdrSize</td>
+										</tr>
+										<tr>
+											<td th:text="#{report.sequences.step.resp.body}">respBody</td>
+											<td
+												th:text="${step.getOriginalMsg().getResponseBody().length()}">origRespBodySize</td>
+											<td th:text="#{report.sequences.step.resp.body}">respBody</td>
+											<td
+												th:text="${step.getReplayMsg().getResponseBody().length()}">replayRespBodySize</td>
+										</tr>
+									</table>
+								</div>
+								<div class="spacer"></div>
+							</th:block>
+						</div>
+					</th:block>
+
+					<div class="spacer-lg"></div>
+
+				</th:block>
+			</th:block>
+		</th:block>
+	</th:block>
 </body>
 </html>
 
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/resources/common.css b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/resources/common.css
@@ -87,3 +87,58 @@ th {
 .left-header {
 	display: inline-block;
 }
+
+.pass {
+	background: green;
+	color: white
+}
+
+.fail {
+	background: red;
+	color: white
+}
+
+.alert-3b::before {
+    content: '\2691';
+    color: red
+}
+
+.alert-2b::before {
+    content: '\2691 ';
+    color: orange
+}
+
+.alert-1b::before {
+    content: '\2691';
+    color: yellow
+}
+
+.alert-0b::before {
+    content: '\2691';
+    color: blue
+}
+
+
+.alert-3a::after {
+    content: '\2691';
+    color: red
+}
+
+.alert-2a::after {
+    content: '\2691 ';
+    color: orange
+}
+
+.alert-1a::after {
+    content: '\2691';
+    color: yellow
+}
+
+.alert-0a::after {
+    content: '\2691';
+    color: blue
+}
+
+.lm2 {
+    margin-left: 2em;
+}
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/template.yaml b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html-plus/template.yaml
@@ -10,6 +10,7 @@ sections:
  - alertdetails
  - statistics
  - params
+ - sequencedetails
 themes:
  - light
  - dark
diff --git a/addOns/reports/src/main/zapHomeFiles/reports/traditional-html/Messages.properties b/addOns/reports/src/main/zapHomeFiles/reports/traditional-html/Messages.properties
@@ -2,3 +2,4 @@
 report.template.section.alertcount = Alert Count
 report.template.section.alertdetails = Alert Details
 report.template.section.instancecount = Instance Chart
+report.template.section.sequencedetails = Sequence Details