Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Findings custom field #27

Closed
noraj opened this issue Mar 23, 2021 · 1 comment
Closed

Findings custom field #27

noraj opened this issue Mar 23, 2021 · 1 comment

Comments

@noraj
Copy link

noraj commented Mar 23, 2021

Ref. Ghostwriter #19

The findings/vulnerabilities database is powerful but is lacking of custom fields.

Examples of fields used in pentest report that are not available in the finding model that could be added as custom fields :

  • CVSS score and/or CVSS string
  • CWE
  • OWASP category, or any customer category
  • ID (a unique identifier or reference)
  • Ease of correctness (Easy, Complex, Project, etc.)
  • Priority of correction (Low, Urgent, etc.)
  • Impact Lelvel
  • Any field asked by customer, standard, norm, etc.

So having a way add custom field to the finding model is very useful, for us it's the reason why with stay with PwnDoc even if it less powerful.

In additions to custom fields, having several types of custom field would be nice, input (eg. as title), dictionary (eg. like severity), free text (eg. like description). Also some fields like a custom ID or reference would need a search feature, eg. if you want to assign an internal reference to all findings like INF-00234, WEB-00678, etc. you would like to have a search bar to see that you have already used all ID from WEB-00001 to WEB-00678, so you can create WEB-00679. Some field would also need a uniq switch, eg. CVSS score is not unique but the ID/ref must be.

Once you have several custom fields you also would like to display them in the finding library, it means be able to add columns on the table view (eg. you'd like to add a ref/ID column or CWE, etc.).

Finally, the most important part is being able to have the custom fields available in the template, for this reason I think custom fields name should be enforced to be unique and with only alphanumeric characters + space so it's easy to get {{ finding.cvss_score }} for example.

PwnDoc is a similar project with Custom field enabled if you need an idea of architecture.
@TheTechromancer
Copy link
Collaborator

We designed report components for this purpose. Please review the README for details on how to create custom components. It is possible to customize them with any number of extra fields and styling options, including Python functionality. Additionally, it is possible to create multiple findings groups and customize the prefix assigned to the finding numbers.

@noraj noraj mentioned this issue May 12, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@noraj @TheTechromancer