Skip to content

Commit

Permalink
Improve generate report (#2633)
Browse files Browse the repository at this point in the history
  • Loading branch information
@madelondohmen
madelondohmen authored Mar 26, 2024
1 parent 491f223 commit c0c8a62
Show file tree
Hide file tree
Showing 26 changed files with 670 additions and 349 deletions.
20 changes: 14 additions & 6 deletions rocky/reports/report_types/dns_report/report.html
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
{% load i18n %}

<h2>{% translate "Records found" %}</h2>
<h3>{% translate "Records found" %}</h3>
{% if data.records %}
<p>
{% blocktranslate trimmed %}
The table below gives an overview of the DNS records that were found for the abovementioned DNSZone.
The DNS report gives an overview of the DNS records that were found
for the DNSZone. Additionally the security measures table shows whether
or not DNS relating security measures are enabled.
{% endblocktranslate %}
</p>
<div class="horizontal-scroll">
Expand Down Expand Up @@ -39,7 +41,7 @@ <h2>{% translate "Records found" %}</h2>
<tr>
<td>{{ ooi.type }}</td>
<td>{{ ooi.name }}</td>
<td>{{ ooi.ttl }} {% translate "minutes" %}</td>
<td class="nowrap">{{ ooi.ttl }} {% translate "minutes" %}</td>
<td>{{ ooi.content }}</td>
</tr>
{% endfor %}
Expand All @@ -49,7 +51,13 @@ <h2>{% translate "Records found" %}</h2>
{% else %}
<p>{% translate "No records have been found." %}</p>
{% endif %}
<h2>{% translate "Security measures" %}</h2>
<h3>{% translate "Security measures" %}</h3>
<p>
{% blocktranslate trimmed %}
The security measures table below shows which DNS relating security
measures are enabled based on the contents of the DNS records.
{% endblocktranslate %}
</p>
<div class="horizontal-scroll">
<div class="column-3">
<table>
Expand Down Expand Up @@ -116,7 +124,7 @@ <h2>{% translate "Security measures" %}</h2>
</div>
</div>
{% if data.finding_types %}
<h2>{% translate "Other findings found" %}</h2>
<h3>{% translate "Other findings found" %}</h3>
<div class="horizontal-scroll">
<table>
<caption class="visually-hidden">{% translate "Other findings found:" %}</caption>
Expand All @@ -131,7 +139,7 @@ <h2>{% translate "Other findings found" %}</h2>
{% for info in data.finding_types %}
<tr>
<td>
<span class="{{ info.finding_type.risk_severity }}">{{ info.finding_type.risk_severity }}</span>
<span class="{{ info.finding_type.risk_severity }}">{{ info.finding_type.risk_severity|capfirst }}</span>
</td>
<td>{{ info.finding_type }}</td>
<td class="actions">
Expand Down
31 changes: 20 additions & 11 deletions rocky/reports/report_types/findings_report/report.html
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,27 @@
{% load i18n %}

{% if show_introduction %}
<p>
{% blocktranslate trimmed %}
The findings report provides an overview of the identified findings on the scanned
systems. For each finding it shows the risk level and the number of occurrences of
the finding. Under the 'Details' section a description, impact, recommendation and
location of the finding can be found. The risk level may be different for your
specific environment.
{% endblocktranslate %}
</p>
{% endif %}
<div class="horizontal-scroll">
{% if data %}
{% include "partials/report_severity_totals.html" with data=data.summary %}
{% include "partials/report_severity_totals_table.html" with data=data.summary %}

<h2>{% translate "Findings" %}</h2>
<h3>{% translate "Findings" %}</h3>
<div class="horizontal-scroll">
<table>
<caption class="visually-hidden">{% translate "Other findings found:" %}</caption>
<thead>
<tr>
<th scope="col">{% translate "FindingType" %}</th>
<th scope="col">{% translate "Type" %}</th>
<th scope="col">{% translate "Finding" %}</th>
<th scope="col">{% translate "Risk level" %}</th>
<th scope="col">{% translate "Occurrences" %}</th>
<th scope="col">{% translate "Details" %}</th>
Expand All @@ -21,7 +31,6 @@ <h2>{% translate "Findings" %}</h2>
{% for info in data.finding_types %}
<tr>
<td>{{ info.finding_type.id }}</td>
<td>{{ info.finding_type.object_type }}</td>
<td>
<span class="{{ info.finding_type.risk_severity }}">{{ info.finding_type.risk_severity|capfirst }}</span>
</td>
Expand All @@ -37,21 +46,21 @@ <h2>{% translate "Findings" %}</h2>
</tr>
<tr class="expando-row">
<td colspan="5">
<h2 class="heading-normal">{% translate "Description" %}</h2>
<h4 class="heading-normal">{% translate "Description" %}</h4>
<p>{{ info.finding_type.description }}</p>
<h2 class="heading-normal">{% translate "Impact" %}</h2>
<h4 class="heading-normal">{% translate "Impact" %}</h4>
<p>{{ info.finding_type.impact }}</p>
<h2 class="heading-normal">{% translate "Recommendation" %}</h2>
<h4 class="heading-normal">{% translate "Recommendation" %}</h4>
<p>{{ info.finding_type.recommendation }}</p>
<h2 class="heading-normal">{% translate "Occurrences" %}</h2>
<h4 class="heading-normal">{% translate "Occurrences" %}</h4>
<ul class="accordion break-title">
{% for occurrence in info.occurrences %}
<li>
<button aria-expanded="false">{{ occurrence.finding.ooi.human_readable }}</button>
<div aria-labelledby="finding-details">
<h2>{% translate "First seen" %}</h2>
<h5>{% translate "First seen" %}</h5>
<p>{{ occurrence.first_seen }}</p>
<h2>{% translate "Description" %}</h2>
<h5>{% translate "Description" %}</h5>
<p>{{ occurrence.finding.description }}</p>
</div>
</li>
Expand Down
15 changes: 7 additions & 8 deletions rocky/reports/report_types/helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,19 +16,18 @@
from reports.report_types.web_system_report.report import WebSystemReport

REPORTS = [
DNSReport,
FindingsReport,
VulnerabilityReport,
OpenPortsReport,
WebSystemReport,
SafeConnectionsReport,
TLSReport,
SystemReport,
RPKIReport,
DNSReport,
MailReport,
WebSystemReport,
NameServerSystemReport,
SafeConnectionsReport,
VulnerabilityReport,
OpenPortsReport,
RPKIReport,
IPv6Report,
VulnerabilityReport,
FindingsReport,
]
AGGREGATE_REPORTS = [AggregateOrganisationReport]

Expand Down
19 changes: 9 additions & 10 deletions rocky/reports/report_types/ipv6_report/report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@
{% if show_heading %}<h2>IPv6</h2>{% endif %}
<p>
{% blocktranslate trimmed %}
IPv6 includes improvements in security features compared to IPv4.
While IPv4 can implement security measures, IPv6 was designed with security in mind,
and its adoption can contribute to a more secure internet.
The IPv6 report provides an overview of the current IPv6 status of the
identified system. The table below shows whether the domain is reachable
over IPv6 or not. A green compliance check is shown if this is the case.
A red compliance cross is shown if no IPv6 address was detected.
{% endblocktranslate %}
</p>
<div class="horizontal-scroll">
Expand All @@ -25,13 +26,11 @@
<tr>
<td>{{ hostname }}</td>
<td>
{% for system in info.systems %}
{% if not forloop.last %}
{{ system }},
{% else %}
{{ system }}
{% endif %}
{% endfor %}
{% if info.systems %}
{{ info.systems|join:", " }}
{% else %}
-
{% endif %}
</td>
<td>
{% if info.enabled %}
Expand Down
15 changes: 14 additions & 1 deletion rocky/reports/report_types/mail_report/report.html
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
{% load i18n %}

{% if show_introduction %}
<p>
{% blocktranslate trimmed %}
The mail report provides an overview of the compliance checks associated with
e-mail servers. The current compliance check the presence of SPF, DKIM and DMARC
records. The table below shows for each of these checks how many of the identified
mail servers are compliant, and if applicable a compliance issue description and
risk level. The risk level may be different for your specific environment.
{% endblocktranslate %}
</p>
{% endif %}
<div class="horizontal-scroll">
<table>
<caption class="visually-hidden">{% translate "Mailserver compliance:" %}</caption>
Expand Down Expand Up @@ -40,7 +51,9 @@
{% for finding_type in values %}
<tr>
<td>{{ finding_type.description }}</td>
<td>{{ finding_type.risk_severity }}</td>
<td>
<span class="{{ finding_type.risk_severity }}">{{ finding_type.risk_severity|capfirst }}</span>
</td>
</tr>
{% endfor %}
{% endfor %}
Expand Down
10 changes: 1 addition & 9 deletions rocky/reports/report_types/multi_organization_report/asset_overview.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,15 +48,7 @@ <h2>{% translate "Asset overview" %}</h2>
{% if asset_vulnerability.vulnerabilities %}
<tr>
<td>{{ asset_vulnerability.asset }}</td>
<td>
{% for vulnerability in asset_vulnerability.vulnerabilities %}
{% if not forloop.last %}
{{ vulnerability }},
{% else %}
{{ vulnerability }}
{% endif %}
{% endfor %}
</td>
<td>{{ asset_vulnerability.vulnerabilities|join:", " }}</td>
<td>{% translate "Organisation" %} {{ asset_vulnerability.organisation }}</td>
</tr>
{% endif %}
Expand Down
10 changes: 1 addition & 9 deletions rocky/reports/report_types/multi_organization_report/open_ports.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,7 @@ <h2>Open ports</h2>
<tr>
<td>{{ port }}</td>
<td>{{ port_info.open }}/{{ report_data.open_ports.total }}</td>
<td>
{% for service in port_info.services %}
{% if not forloop.last %}
{{ service|upper }},
{% else %}
{{ service|upper }}
{% endif %}
{% endfor %}
</td>
<td>{{ port_info.services|join:", "|upper }}</td>
</tr>
{% endfor %}
</tbody>
Expand Down
17 changes: 16 additions & 1 deletion rocky/reports/report_types/name_server_report/report.html
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,18 @@
{% load i18n %}

{% if show_introduction %}
<p>
{% blocktranslate trimmed %}
The name server report provides an overview of the compliance checks that
were performed against the identified Domain Name Servers (DNS). The compliance
checks verify the presence and validity of DNSSEC and whether no unnecessary
ports were identified to be open. The table below gives an overview of the
available checks including whether the system passed the performed checks.
The risk level and reasoning as to why an issue was identified are shown too.
The risk level may be different for your specific environment.
{% endblocktranslate %}
</p>
{% endif %}
<div class="horizontal-scroll">
<table>
<caption class="visually-hidden">{% translate "Name server compliance:" %}</caption>
Expand Down Expand Up @@ -45,7 +58,9 @@
{% for finding_type in data.finding_types %}
<tr>
<td>{{ finding_type.description }}</td>
<td>{{ finding_type.risk_severity }}</td>
<td>
<span class="{{ finding_type.risk_severity }}">{{ finding_type.risk_severity|capfirst }}</span>
</td>
</tr>
{% endfor %}
</tbody>
Expand Down
35 changes: 21 additions & 14 deletions rocky/reports/report_types/open_ports_report/report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,11 @@ <h2>{% translate "Open ports" %}</h2>
{% endif %}
<p>
{% blocktranslate trimmed %}
See an overview of open ports found. <strong>Bold</strong> open ports are found through
direct scans that the organization performs via OpenKAT.
Other open ports were found outside by OpenKAT itself. Scans with the same hostnames,
ports and IPs are merged.
The open ports report provides an overview of the open ports identified on
a system. The ports that are marked as <b>Bold</b> were identified by direct
scans performed by OpenKAT (such as nmap). Ports that are not marked in bold
were identified through external services and/or scans (such as Shodan). Scans
with the same hostnames, ports and IPs are merged.
{% endblocktranslate %}
</p>
<table>
Expand All @@ -29,19 +30,25 @@ <h2>{% translate "Open ports" %}</h2>
{# djLint formatting adds spaces before the comma. #}
{# djlint:off #}
<td>
{% for port, found_by_openkat in detailed_data.ports.items %}
{% if found_by_openkat %}
<strong><span class="visually-hidden">({% translate "Direct scan" %})</span>{{ port }}</strong>{% if detailed_data.ports|length > 1 and not forloop.last %},{% endif %}
{% else %}
{{ port }}{% if detailed_data.ports|length > 1 and not forloop.last %},{% endif %}
{% endif %}
{% endfor %}
{% if detailed_data.ports %}
{% for port, found_by_openkat in detailed_data.ports.items %}
{% if found_by_openkat %}
<strong><span class="visually-hidden">({% translate "Direct scan" %})</span>{{ port }}</strong>{% if not forloop.last %},{% endif %}
{% else %}
{{ port }}{% if not forloop.last %},{% endif %}
{% endif %}
{% endfor %}
{% else %}
-
{% endif %}

</td>
<td>
{% for hostnames in detailed_data.hostnames %}
{{ hostnames }}{% if detailed_data.hostnames|length > 1 and not forloop.last %},{% endif %}
{% endfor %}
{% if detailed_data.hostnames %}
{{ detailed_data.hostnames|join:", " }}
{% else %}
-
{% endif %}
</td>
{# djlint:on #}
</tr>
Expand Down
4 changes: 2 additions & 2 deletions rocky/reports/report_types/open_ports_report/report.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ class OpenPortsReport(Report):
input_ooi_types = {Hostname, IPAddressV4, IPAddressV6}
template_path = "open_ports_report/report.html"

def collect_data(self, input_oois: Iterable[str], valid_time: datetime) -> dict[str, dict[str, Any]]:
def collect_data(self, input_oois: Iterable[str], valid_time: datetime) -> dict[str, dict[Any, Any]]:
ips_by_input_ooi = self.to_ips(input_oois, valid_time)
all_ips = list({ip for key, ips in ips_by_input_ooi.items() for ip in ips})
ports_by_source = self.group_by_source(
Expand Down Expand Up @@ -55,7 +55,7 @@ def collect_data(self, input_oois: Iterable[str], valid_time: datetime) -> dict[
services[port.port] = [service.name for service in services_by_port.get(port.reference, [])]

sorted_port_numbers = dict(sorted(port_numbers.items()))
by_ip[str(ip)] = {"ports": sorted_port_numbers, "hostnames": hostnames, "services": services}
by_ip[ip] = {"ports": sorted_port_numbers, "hostnames": hostnames, "services": services}

result[input_ooi] = by_ip
return result
28 changes: 19 additions & 9 deletions rocky/reports/report_types/rpki_report/report.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,6 @@

{% if show_heading %}
<h2>{% translate "Resource Public Key Infrastructure" %}</h2>
<p>
{% blocktranslate trimmed %}
This section contains basic security information about resource public key
infrastructure. If your web server employs RPKI for its IP addresses and
associated nameservers, then it enhances visitor protection against
misconfigurations and malicious route intercepts through verified route
announcements, ensuring reliable server access and secure internet traffic.
{% endblocktranslate %}
</p>
{% endif %}
{% if type %}
<h4 id="rpki-{{ type }}">{{ type }} {% translate "server" %}</h4>
Expand All @@ -22,6 +13,23 @@ <h4 id="rpki-{{ type }}">{{ type }} {% translate "server" %}</h4>
</p>
{% endif %}
{% if data.rpki_ips %}
{% if show_heading or show_introduction %}
<p>
{% blocktranslate trimmed %}
This section contains basic security information about resource public key
infrastructure. If your web server employs RPKI for its IP addresses and
associated nameservers, then it enhances visitor protection against
misconfigurations and malicious route intercepts through verified route
announcements, ensuring reliable server access and secure internet traffic.
{% endblocktranslate %}
</p>
<p>
{% blocktranslate trimmed %}
The RPKI report shows if an RPKI route announcement was available for
the system and if this announcement is not expired.
{% endblocktranslate %}
</p>
{% endif %}
<div class="horizontal-scroll">
<table>
<caption class="visually-hidden">{% translate "RPKI compliance:" %}</caption>
Expand Down Expand Up @@ -89,4 +97,6 @@ <h5>{{ ip }}</h5>
</table>
{% endif %}
{% endfor %}
{% else %}
<p>{% translate "No IPs have been found on this system." %}</p>
{% endif %}
Loading

0 comments on commit c0c8a62

Please sign in to comment.