string AddFinding(int Id, StringBuilder HB, StringBuilder RB, string LastHash, FindingStatsHolder Stat)
{
ReportedFindingsCount++;
Finding F = IronDB.GetPluginResultFromDB(Id);
string FindingHash = GetFindingHash(F);
if (FindingHash == LastHash)
{
StepProgressBar();
return FindingHash;
}
ReportedFindingsCounter++;
HB.AppendLine(string.Format("<div class='finding' id='finding{0}'>", ReportedFindingsCounter));
string AffectedUrl = "";
if (F.FinderType == "ActivePlugin")
{
if (F.BaseRequest != null)
{
AffectedUrl = F.BaseRequest.Url;
}
}
else
{
if (F.Triggers.Count > 0)
{
Trigger T = F.Triggers.GetTrigger(0);
if (T.Request != null)
{
AffectedUrl = T.Request.Url;
}
}
}
//Title
if (F.Type == FindingType.Vulnerability)
{
if (F.Severity == FindingSeverity.High)
{
HB.Append("<div class='high_finding_title'>"); HB.Append(Tools.HtmlEncode(F.Title)); HB.AppendLine("</div>");
RB.Append(Tools.RtfSafe(string.Format("<i<cr>><i<b>>{0}<i</b>><i</cr>><i<br>><i<br>>", F.Title)));
if (F.Confidence == FindingConfidence.High)
{
Stat.HighSevHighConf = Stat.HighSevHighConf + 1;
if (!Stat.HighSevHighConfTitles.ContainsKey(F.Title)) Stat.HighSevHighConfTitles[F.Title] = new Dictionary<int, string>();
Stat.HighSevHighConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
else if (F.Confidence == FindingConfidence.Medium)
{
Stat.HighSevMedConf = Stat.HighSevMedConf + 1;
if (!Stat.HighSevMedConfTitles.ContainsKey(F.Title)) Stat.HighSevMedConfTitles[F.Title] = new Dictionary<int, string>();
Stat.HighSevMedConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
else
{
Stat.HighSevLowConf = Stat.HighSevLowConf + 1;
if (!Stat.HighSevLowConfTitles.ContainsKey(F.Title)) Stat.HighSevLowConfTitles[F.Title] = new Dictionary<int, string>();
Stat.HighSevLowConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
}
else if (F.Severity == FindingSeverity.Medium)
{
HB.Append("<div class='medium_finding_title'>"); HB.Append(Tools.HtmlEncode(F.Title)); HB.AppendLine("</div>");
RB.Append(Tools.RtfSafe(string.Format("<i<co>><i<b>>{0}<i</b>><i</co>><i<br>>", F.Title)));
if (F.Confidence == FindingConfidence.High)
{
Stat.MedSevHighConf = Stat.MedSevHighConf + 1;
if (!Stat.MedSevHighConfTitles.ContainsKey(F.Title)) Stat.MedSevHighConfTitles[F.Title] = new Dictionary<int, string>();
Stat.MedSevHighConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
else if (F.Confidence == FindingConfidence.Medium)
{
Stat.MedSevMedConf = Stat.MedSevMedConf + 1;
if (!Stat.MedSevMedConfTitles.ContainsKey(F.Title)) Stat.MedSevMedConfTitles[F.Title] = new Dictionary<int, string>();
Stat.MedSevMedConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
else
{
Stat.MedSevLowConf = Stat.MedSevLowConf + 1;
if (!Stat.MedSevLowConfTitles.ContainsKey(F.Title)) Stat.MedSevLowConfTitles[F.Title] = new Dictionary<int, string>();
Stat.MedSevLowConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
}
else
{
HB.Append("<div class='low_finding_title'>"); HB.Append(Tools.HtmlEncode(F.Title)); HB.AppendLine("</div>");
RB.Append(Tools.RtfSafe(string.Format("<i<cy>><i<b>>{0}<i</b>><i</cy>><i<br>>", F.Title)));
if (F.Confidence == FindingConfidence.High)
{
Stat.LowSevHighConf = Stat.LowSevHighConf + 1;
if (!Stat.LowSevHighConfTitles.ContainsKey(F.Title)) Stat.LowSevHighConfTitles[F.Title] = new Dictionary<int, string>();
Stat.LowSevHighConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
else if (F.Confidence == FindingConfidence.Medium)
{
Stat.LowSevMedConf = Stat.LowSevMedConf + 1;
if (!Stat.LowSevMedConfTitles.ContainsKey(F.Title)) Stat.LowSevMedConfTitles[F.Title] = new Dictionary<int, string>();
Stat.LowSevMedConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
else
{
Stat.LowSevLowConf = Stat.LowSevLowConf + 1;
if (!Stat.LowSevLowConfTitles.ContainsKey(F.Title)) Stat.LowSevLowConfTitles[F.Title] = new Dictionary<int, string>();
Stat.LowSevLowConfTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
}
}
else if (F.Type == FindingType.Information)
{
HB.Append("<div class='info_finding_title'>"); HB.Append(Tools.HtmlEncode(F.Title)); HB.AppendLine("</div>");
RB.Append(Tools.RtfSafe(string.Format("<i<cb>><i<b>>{0}<i</b>><i</cb>><i<br>>", F.Title)));
Stat.Info = Stat.Info + 1;
if (!Stat.InfoTitles.ContainsKey(F.Title)) Stat.InfoTitles[F.Title] = new Dictionary<int, string>();
Stat.InfoTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
else
{
HB.Append("<div class='lead_finding_title'>"); HB.Append(Tools.HtmlEncode(F.Title)); HB.AppendLine("</div>");
RB.Append(Tools.RtfSafe(string.Format("<i<cg>><i<b>>{0}<i</b>><i</cg>><i<br>>", F.Title)));
Stat.Leads = Stat.Leads + 1;
if (!Stat.LeadsTitles.ContainsKey(F.Title)) Stat.LeadsTitles[F.Title] = new Dictionary<int, string>();
Stat.LeadsTitles[F.Title].Add(ReportedFindingsCounter, AffectedUrl);
}
//Navigation Links
HB.Append("<div class='finding_nav_links'>");
if (ReportedFindingsCount > 1)
{
HB.Append(string.Format("<a href='#finding{0}'><<<</a>", ReportedFindingsCounter - 1));
}
if (ReportedFindingsCount < FindingsId.Count)
{
HB.Append(string.Format("<a href='#finding{0}'>>>></a>", ReportedFindingsCounter + 1));
}
HB.AppendLine("</div>");
//Content
if (F.Type == FindingType.Vulnerability)
{
HB.AppendLine("<table cellpadding='2' cellspacing='2'>");
HB.Append("<tr>");
HB.Append("<div class='type'><td><span class='fname'>Type:</td><td></span>Vulnerability</td></div>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Type: <i</b>><i</cb>>Vulnerability<i<br>>"));
HB.AppendLine("</tr>");
HB.Append("<tr>");
HB.Append("<div class='severity'><td><span class='fname'>Severity:</span></td>");
if (F.Severity == FindingSeverity.High)
{
HB.Append("<td><span class='icr'>High");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Severity: <i</b>><i</cb>><i<cr>>High<i</cr>><i<br>>"));
}
else if (F.Severity == FindingSeverity.Medium)
{
HB.Append("<td><span class='ico'>Medium");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Severity: <i</b>><i</cb>><i<co>>Medium<i</co>><i<br>>"));
}
else
{
HB.Append("<td><span class='icy'>Low");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Severity: <i</b>><i</cb>><i<cy>>Low<i</cy>><i<br>>"));
}
HB.Append("</span></td></div>");
HB.AppendLine("</tr>");
HB.Append("<tr>");
HB.Append("<div class='confidence'><td><span class='fname'>Confidence:</span></td>");
if (F.Confidence == FindingConfidence.High)
{
HB.Append("<td>High</td>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Confidence: <i</b>><i</cb>>High<i<br>>"));
}
else if (F.Confidence == FindingConfidence.Medium)
{
HB.Append("<td>Medium</td>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Confidence: <i</b>><i</cb>>Medium<i<br>>"));
}
else
{
HB.Append("<td>Low</td>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Confidence: <i</b>><i</cb>>Low<i<br>>"));
}
HB.AppendLine("</div>");
HB.AppendLine("</tr>");
}
else if (F.Type == FindingType.Information)
{
HB.AppendLine("<table cellpadding='2' cellspacing='2'>");
HB.AppendLine("<tr><div class='type'><td><span class='fname'>Type:</span></td><td><span class='icb'>Information</span></td></div></tr>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Type: <i</b>><i</cb>>Information<i<br>>"));
}
else
{
HB.AppendLine("<table cellpadding='2' cellspacing='2'>");
HB.AppendLine("<tr><div class='type'><td><span class='fname'>Type:</span></td><td><span class='icg'>Test Lead</span></td></div></tr>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Type: <i</b>><i</cb>>Test lead<i<br>>"));
}
if (F.FinderType.Length > 0)
{
if (F.FinderType == "ActivePlugin")
{
HB.AppendLine("<tr><div class='type'><td><span class='fname'>Found By:</span></td><td>Active Scanning</td></div></tr>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Found By: <i</b>><i</cb>>Active Scanning<i<br>>"));
}
else if (F.FinderType == "PassivePlugin")
{
HB.AppendLine("<tr><div class='type'><td><span class='fname'>Found By:</span></td><td>Passive Analysis</td></div></tr>");
RB.Append(Tools.RtfSafe("<i<cb>><i<b>>Found By: <i</b>><i</cb>>Passive Analysis<i<br>>"));
}
else
{
HB.AppendLine(string.Format("<tr><div class='type'><td><span class='fname'>Found By:</span></td><td>{0}</td></div></tr>", Tools.HtmlEncode(F.FinderName)));
RB.Append(Tools.RtfSafe(string.Format("<i<cb>><i<b>>Found By: <i</b>><i</cb>>{0}<i<br>>", F.FinderName)));
}
}
HB.AppendLine("</table>");
HB.AppendLine("<br>");
HB.AppendLine("<table cellpadding='2' cellspacing='2'>");
HB.AppendLine(string.Format("<tr><div class='affected_host'><td><span class='fname'>Affected Site:</span></td><td>{0}</td></div></tr>", Tools.HtmlEncode(F.AffectedHost)));
if (F.FinderType == "ActivePlugin")
{
if (F.BaseRequest != null)
{
HB.AppendLine(string.Format("<tr><div class='affected_url'><td><span class='fname'>Affected Url:</span></td><td><span class='affected_url'>{0}</span></td></div></tr>", Tools.HtmlEncode(F.BaseRequest.Url)));
}
HB.AppendLine(string.Format("<tr><div class='affected_parameter'><td><span class='fname'>Affected Parameter:</span></td><td>{0}</td></div></tr>", Tools.HtmlEncode(F.AffectedParameter)));
RB.Append(Tools.RtfSafe(string.Format("<i<cb>><i<b>>Affected Parameter: <i</b>><i</cb>>{0}<i<br>>", F.AffectedParameter)));
HB.AppendLine(string.Format("<tr><div class='affected_section'><td><span class='fname'>Parameter Location:</span></td><td>{0}</td></div></tr>", Tools.HtmlEncode(F.AffectedSection)));
RB.Append(Tools.RtfSafe(string.Format("<i<cb>><i<b>>Affected Section: <i</b>><i</cb>>{0}<i<br>>", F.AffectedSection)));
}
else
{
if (F.Triggers.Count > 0)
{
Trigger T = F.Triggers.GetTrigger(0);
if (T.Request != null)
{
HB.AppendLine(string.Format("<tr><div class='affected_url'><td><span class='fname'>Affected Url:</span></td><td><span class='affected_url'>{0}</span></td></div></tr>", Tools.HtmlEncode(T.Request.Url)));
}
}
}
HB.AppendLine("</table>");
HB.Append("<div class='desc'><div class='desc_title'>Description:</div>");
HB.Append(Tools.ConvertForHtmlReport(F.Summary));
RB.Append(Tools.RtfSafe(string.Format("<i<cb>><i<b>>Summary: <i</b>><i</cb>><i<br>>{0}<i<br>><i<br>><i<br>>", F.Summary)));
HB.AppendLine("</div>");
if (F.FinderType == "ActivePlugin")
{
if (F.Reasons.Count > 0)
{
HB.AppendLine("<div class='reason_section_title'>Reasons:</div>");
RB.Append(Tools.RtfSafe("<i<hh>>Reasons: <i</hh>><i<br>><i<br>>"));
}
if (F.Reasons.Count == 1)
{
HB.AppendLine("IronWASP has reported this issue because of the following reason:<br>");
RB.Append(Tools.RtfSafe("IronWASP has reported this issue because of the following reason:<i<br>><i<br>>"));
}
else if (F.Reasons.Count > 1)
{
HB.AppendLine("IronWASP has reported this issue because of the following reasons:<br>");
RB.Append(Tools.RtfSafe("IronWASP has reported this issue because of the following reasons:<i<br>><i<br>>"));
}
List<int> TriggerIdsAssociatedWithReasons = new List<int>();
for (int i = 0; i < F.Reasons.Count; i++)
{
if (F.Reasons.Count > 1)
{
HB.AppendLine(string.Format("<div class='reason'><div class='reason_title'>Reason {0}:</div>", i + 1));
RB.Append(Tools.RtfSafe(string.Format("<i<cg>><i<b>>Reason {0}: <i</b>><i</cg>><i<br>><i<br>>", i + 1)));
}
else
{
HB.AppendLine("<div class='reason'><div class='reason_title'>Reason:</div>");
RB.Append(Tools.RtfSafe("<i<cg>><i<b>>Reason: <i</b>><i</cg>><i<br>><i<br>>"));
}
HB.AppendLine(Tools.ConvertForHtmlReport(F.Reasons[i].Reason));
if (F.Reasons[i].FalsePositiveCheck.Length > 0)
{
HB.AppendLine("<div class='fpa_check'><div class='fpa_check_title'>False Positive Check Assistance:</div>");
HB.AppendLine(Tools.ConvertForHtmlReport(F.Reasons[i].FalsePositiveCheck));
HB.AppendLine("</div>");
RB.AppendLine(Tools.RtfSafe("<i<cg>><i<b>>False Positive Check Assistance:<i</b>><i</cg>><i<br>><i<br>>"));
RB.AppendLine(Tools.RtfSafe(F.Reasons[i].FalsePositiveCheck));
}
RB.Append(Tools.RtfSafe(F.Reasons[i].Reason));
RB.AppendLine("<i<br>>");
if (F.Reasons[i].TriggerIds.Count > 0)
{
HB.AppendLine("<div class='trigger_desc'>The relevant parts of the requests/responses pairs associated with the check explained in this reason section are available below.</div>");
}
foreach(int Tid in F.Reasons[i].TriggerIds)
{
if (!TriggerIdsAssociatedWithReasons.Contains(Tid)) TriggerIdsAssociatedWithReasons.Add(Tid);
Trigger T = F.Triggers.GetTrigger(Tid - 1);
HB.AppendLine("<div class='trigger'>");
string THL = Finding.GetTriggerHighlighting(T, F.FinderType, false, false);
HB.AppendLine(Tools.ConvertForHtmlReport(THL));
RB.AppendLine(Tools.RtfSafe(THL));
RB.AppendLine(Tools.RtfSafe("<i<br>><i<br>>"));
HB.AppendLine("</div>");
}
HB.AppendLine("</div>");
}
if (F.Triggers.Count > TriggerIdsAssociatedWithReasons.Count)
{
HB.AppendLine("<div class='trigger_desc'>The relevant parts of the requests/responses pairs associated with the check that discovered this issue are available below.</div>");
for (int Tid=1; Tid <= F.Triggers.Count; Tid++)
{
if (!TriggerIdsAssociatedWithReasons.Contains(Tid))
{
Trigger T = F.Triggers.GetTrigger(Tid - 1);
HB.AppendLine("<div class='trigger'>");
string THL = Finding.GetTriggerHighlighting(T, F.FinderType, false, false);
HB.AppendLine(Tools.ConvertForHtmlReport(THL));
RB.AppendLine(Tools.RtfSafe(THL));
RB.AppendLine(Tools.RtfSafe("<i<br>><i<br>>"));
HB.AppendLine("</div>");
}
}
}
}
else
{
foreach (Trigger T in F.Triggers.GetTriggers())
{
HB.AppendLine("<div class='trigger'>");
string THL = Finding.GetTriggerHighlighting(T, F.FinderType, false, false);
HB.AppendLine(Tools.ConvertForHtmlReport(THL));
RB.AppendLine(Tools.RtfSafe(THL));
RB.AppendLine(Tools.RtfSafe("<i<br>><i<br>>"));
HB.AppendLine("</div>");
}
}
HB.AppendLine("</div>");
StepProgressBar();
return FindingHash;
}
void DoCreateReport()
{
ReportedFindingsCount = 0;
ReportedFindingsCounter = 0;
StringBuilder HB = new StringBuilder();
StringBuilder HSB = new StringBuilder();
StringBuilder HCB = new StringBuilder();
StringBuilder RB = new StringBuilder();
string HtmlStart = @"
<html>
<head>
<title>IronWASP Security Analysis Report</title>
<style>
body
{
font-family: Palatino, ""Palatino Linotype"", ""Palatino LT STD"", ""Book Antiqua"", Georgia, serif;
margin: 0px;
padding: 0px;
background-color: #555;
overflow: auto;
}
#report_header
{
background-color: #75D1FF;
margin-bottom: 10px;
}
#report_title
{
background-color: #555;
padding-top: 5px;
padding-bottom: 5px;
font-size: xx-large;
color: #FFF;
text-align: center;
}
#report_sub_title
{
padding-top: 5px;
padding-bottom: 5px;
color: #555;
text-align: center;
}
#report_sub_title a
{
color: #555;
font-weight: bold;
}
#report_footer
{
color: #FFF;
text-align: center;
font-size: small;
padding-bottom: 10px;
}
.report
{
width: 1000px;
margin-left: 250px;
color: #FFF;
}
#overview
{
color: #333;
background-color: #FFF;
border-style: outset;
border-color: #555;
padding: 20px;
margin: 10px;
overflow: auto;
}
#index
{
color: #333;
background-color: #FFF;
border-style: outset;
border-color: #555;
padding: 20px;
margin: 10px;
overflow: auto;
}
#index a
{
text-decoration: none;
}
#index ul
{
list-style-type: square;
}
#index ul li
{
padding-top: 15px;
padding-bottom: 3px;
}
#index ol li
{
padding: 3px;
}
.index_finding_url
{
color: #333;
}
.section_title
{
color: #555;
border-color: #75D1FF;;
border-style: solid;
border-width: thick;
background-color: #75D1FF;;
padding: 10px;
margin: 10px;
margin-top: 20px;
font-size: x-large;
font-weight: bold;
overflow: auto;
}
.finding
{
color: #333;
background-color: #FFF;
border-style: outset;
border-color: #555;
padding: 20px;
margin: 10px;
overflow: auto;
}
.finding table
{
padding: 5px;
margin: 5px;
margin-left: 20px;
}
.finding td
{
margin-left: 10px;
}
.trigger
{
color: #333;
border-style: ridge;
border-color: #AAA;
margin: 10px;
padding: 10px;
overflow: auto;
}
.trigger_desc
{
margin-top: 20px;
text-align: center;
color: #50D;
}
#quick_nav
{
position: fixed;
width: 230px;
overflow: auto;
}
#quick_nav a
{
color: #000;
text-decoration: none;
}
#quick_nav a:hover
{
color: #75D1FF;
}
.quick_nav_link
{
width: 220px;
background-color: #FFF;
padding: 2px;
padding-left: 5px;
margin: 2px;
margin-top: 5px;
}
.host
{
color: #555;
border-color: #75D1FF;;
border-style: solid;
border-width: thick;
background-color: #75D1FF;
padding: 10px;
margin: 10px;
margin-top: 20px;
font-size: x-large;
font-weight: bold;
overflow: auto;
}
.high_finding_title
{
background-color: red;
color: #FFF;
font-size: large;
font-weight: bold;
padding: 10px;
margin-bottom: 10px;
overflow: auto;
}
.medium_finding_title
{
background-color: orange;
color: #000;
font-size: large;
font-weight: bold;
padding: 10px;
margin-bottom: 10px;
overflow: auto;
}
.low_finding_title
{
background-color: yellow;
color: #000;
font-size: large;
font-weight: bold;
padding: 10px;
margin-bottom: 10px;
overflow: auto;
}
.info_finding_title
{
background-color: blue;
color: #FFF;
font-size: large;
font-weight: bold;
padding: 10px;
margin-bottom: 10px;
overflow: auto;
}
.lead_finding_title
{
background-color: green;
color: #FFF;
font-size: large;
font-weight: bold;
padding: 10px;
margin-bottom: 10px;
overflow: auto;
}
.affected_url
{
color: #0077FF;
text-decoration: underline;
overflow: auto;
}
.reason_title
{
background-color: #3C3;
padding: 3px;
margin-top: 10px;
margin-bottom: 5px;
font-weight: bold;
}
.finding_nav_links
{
color: #75D1FF;
}
.finding_nav_links a
{
font-weight: bold;
color: #75D1FF;
text-decoration: none;
padding-left: 10px;
padding-right: 10px;
padding-top: 1px;
padding-bottom: 1px;
margin: 10px;
margin-left: 0px;
border-color: #75D1FF;
border-style: solid;
border-width: 1px;
}
.finding_nav_links a:hover
{
color: #FFF;
text-decoration: none;
background-color: #75D1FF;
}
.host_nav_links
{
color: #75D1FF;
}
.host_nav_links a
{
font-weight: bold;
color: #75D1FF;
text-decoration: none;
padding-left: 10px;
padding-right: 10px;
padding-top: 1px;
padding-bottom: 1px;
margin: 10px;
border-color: #75D1FF;
border-style: solid;
border-width: 1px;
}
.host_nav_links a:hover
{
color: #FFF;
text-decoration: none;
background-color: #75D1FF;
}
.desc
{
margin-top: 15px;
margin-bottom: 15px;
overflow: auto;
}
.desc_title
{
font-weight: bold;
padding-bottom: 10px;
text-decoration: underline;
}
.reason
{
margin-top: 15px;
margin-bottom: 15px;
overflow: auto;
}
.reason_section_title
{
font-weight: bold;
padding-bottom: 10px;
text-decoration: underline;
}
.fpa_check
{
margin-top: 10px;
margin-bottom: 10px;
overflow: auto;
}
.fpa_check_title
{
font-weight: bold;
padding-bottom: 5px;
text-decoration: underline;
color: #3C3;
}
th
{
background-color: #75D1FF;
color: #555;
padding-top: 10px;
padding-bottom: 10px;
text-align: center;
}
.t_high
{
color: #FF0000;
border-style: none;
font-weight: bold;
text-align: center;
}
.t_med
{
color: #FF9900;
border-style: none;
font-weight: bold;
text-align: center;
}
.t_low
{
color: #B8B800;
border-style: none;
font-weight: bold;
text-align: center;
}
.t_info
{
color: #0099FF;
border-style: none;
font-weight: bold;
text-align: center;
}
.t_lead
{
color: #339933;
border-style: none;
font-weight: bold;
text-align: center;
}
.t_total
{
color: #000;
border-style: none;
font-weight: bold;
text-align: center;
}
.t_high_conf
{
background-color: #000;
color: #FFF;
margin-bottom: 20px;
text-align: center;
}
.t_med_conf
{
background-color: #444;
color: #AAA;
margin-bottom: 20px;
text-align: center;
}
.t_low_conf
{
background-color: #999;
color: #333;
margin-bottom: 20px;
text-align: center;
}
.t_host
{
width: 400px;
color: #0077FF;
text-decoration: underline;
text-align: left;
overflow: auto;
}
.legend
{
font-size: small;
}
.legend td
{
font-size: small;
}
.icr { color: red; }
.icb { color: #0077FF; }
.icy { color: #B8B800; }
.ico { color: orange; }
.icg { color: #3C3; }
.hlr { background-color: red; }
.hlb { background-color: #0077FF; }
.hly { background-color: #B8B800; }
.hlo { background-color: orange; }
.hlg { background-color: #3C3; }
.ihh {font-weight: bold; color: #0077FF; text-decoration: underline;}
.fname {font-weight: bold; }
</style>
</head>
<body>
<div id='report_header'>
<div id='report_title'>IronWASP Security Analysis Report</div>
<div id='report_sub_title'>Report based on the analysis performed by the open source web security software, <a href='https://ironwasp.org'>IronWASP</a></div>
</div>
";
HCB.AppendLine(@"
<span id='quick_nav'>
<a href='#overview'><div class='quick_nav_link'>Overview</div></a>
<a href='#index'><div class='quick_nav_link'>Index</div></a>
");
RB.AppendLine(@"{\rtf1{\colortbl ;\red0\green77\blue187;\red247\green150\blue70;\red255\green0\blue0;\red0\green200\blue50;}");
RB.AppendLine(Tools.RtfSafe("<i<br>><i<br>>This report contains the details of all the findings and is meant for easy Word document creation. If you are looking for a report to use as reference then use the HTML format, it has far better visual presentation and information arrangement.<i<br>><i<br>>"));
Dictionary<string, long> DictForRanking = new Dictionary<string, long>();
foreach (string Host in IncludedHosts)
{
DictForRanking[Host] = 0;
foreach (int i in FindingsId.Keys)
{
if (FindingsId[i].Host == Host)
{
if (FindingsId[i].Type == "Vuln")
{
if (FindingsId[i].Severity == "High")
{
DictForRanking[Host] = DictForRanking[Host] + 100000000;
}
else if (FindingsId[i].Severity == "Medium")
{
DictForRanking[Host] = DictForRanking[Host] + 1000000;
}
else
{
DictForRanking[Host] = DictForRanking[Host] + 10000;
}
}
else if (FindingsId[i].Type == "Info")
{
DictForRanking[Host] = DictForRanking[Host] + 100;
}
else if (FindingsId[i].Type == "Leads")
{
DictForRanking[Host] = DictForRanking[Host] + 1;
}
}
}
}
long[] TempScoreHolder = (new List<long>(DictForRanking.Values)).ToArray();
Array.Sort(TempScoreHolder);
Array.Reverse(TempScoreHolder);
List<string> HostByRank = new List<string>();
foreach (long Score in TempScoreHolder)
{
foreach (string Host in DictForRanking.Keys)
{
if (DictForRanking[Host] == Score)
{
if (!HostByRank.Contains(Host)) HostByRank.Add(Host);
}
}
}
Dictionary<string, FindingStatsHolder> FindingStatsForSummary = new Dictionary<string, FindingStatsHolder>();
Dictionary<string, int> HostStatsForSummary = new Dictionary<string, int>();
//Type, Host, Severity, Confidence, Title
int HostCount = 0;
foreach (string Host in HostByRank)
{
FindingStatsForSummary[Host] = new FindingStatsHolder();
List<int> High = new List<int>();
List<int> Medium = new List<int>();
List<int> Low = new List<int>();
List<int> Leads = new List<int>();
List<int> Infos = new List<int>();
foreach (int i in FindingsId.Keys)
{
if (FindingsId[i].Host == Host)
{
if (FindingsId[i].Type == "Vuln")
{
if (FindingsId[i].Severity == "High")
{
High.Add(i);
}
else if (FindingsId[i].Severity == "Medium")
{
Medium.Add(i);
}
else
{
Low.Add(i);
}
}
else if (FindingsId[i].Type == "Info")
{
Infos.Add(i);
}
else if(FindingsId[i].Type == "Leads")
{
Leads.Add(i);
}
}
}
if ((High.Count + Medium.Count + Low.Count + Infos.Count + Leads.Count) > 0)
{
HostCount++;
HostStatsForSummary[Host] = HostCount;
HCB.AppendLine(string.Format("<a href='#host{0}'><div class='quick_nav_link'>{1}</div></a>", HostCount, Tools.HtmlEncode(Host)));
HB.AppendLine(string.Format("<div class='host' id='host{0}'>{1}</div>", HostCount, Tools.HtmlEncode(Host)));
HB.Append("<div class='host_nav_links'>");
if (HostCount > 1)
{
HB.Append(string.Format("<a href='#host{0}'><<<</a>", HostCount - 1));
}
if (IncludedHosts.Count > HostCount)
{
HB.Append(string.Format("<a href='#host{0}'>>>></a>", HostCount + 1));
}
HB.Append("</div>");
RB.AppendLine(Tools.RtfSafe(string.Format("<i<br>><i<h>>{0}<i</h>><i<br>><i<br>><i<br>>", Host)));
AddFindings(High, HB, RB, FindingStatsForSummary[Host]);
AddFindings(Medium, HB, RB, FindingStatsForSummary[Host]);
AddFindings(Low, HB, RB, FindingStatsForSummary[Host]);
AddFindings(Infos, HB, RB, FindingStatsForSummary[Host]);
AddFindings(Leads, HB, RB, FindingStatsForSummary[Host]);
}
}
HCB.AppendLine("</span>");
HB.AppendLine("</div>");
HB.AppendLine(string.Format(@"
<div id='report_footer'>
This report was generated by IronWASP's Reporting Engine on {0} at {1}
</div>
", DateTime.Now.ToLongDateString(), DateTime.Now.ToLongTimeString()));
HB.AppendLine("</body></html>");
StringBuilder FHB = new StringBuilder();
FHB.AppendLine(HtmlStart);
FHB.AppendLine(HCB.ToString());
FHB.AppendLine(GetOverviewAndIndex(FindingStatsForSummary, HostByRank));
FHB.AppendLine(HB.ToString());
RB.AppendLine("}");
HtmlReport = FHB.ToString().Replace("*****@*****.**", "lava<span class='inv'></span>@<span class='inv'></span>ironwasp<span class='inv'></span>.<span class='inv'></span>org");
RtfReport = RB.ToString();
ResetUiStatus();
ShowHideLinkPanel(true);
}
void AddFindings(List<int> Ids, StringBuilder HB, StringBuilder RB, FindingStatsHolder Stat)
{
Dictionary<string, List<int>> ByTitleDict = new Dictionary<string, List<int>>();
foreach (int i in Ids)
{
if (ByTitleDict.ContainsKey(FindingsId[i].Title))
{
ByTitleDict[FindingsId[i].Title].Add(i);
}
else
{
ByTitleDict[FindingsId[i].Title] = new List<int>(){i};
}
}
foreach (string Title in ByTitleDict.Keys)
{
string Hash = "";
foreach (int Id in ByTitleDict[Title])
{
try
{
Hash = AddFinding(Id, HB, RB, Hash, Stat);
}
catch (ThreadAbortException) { }
catch (Exception Exp)
{
IronException.Report(string.Format("Error adding Finding ID {0} to the report", Id), Exp);
}
}
}
}