Difference between revisions of "ORG (Owasp Report Generator) - To Do"

From OWASP
Jump to: navigation, search
 
(ORG To-do)
 
(17 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== ORG TODO (under construction) ==
+
Change log of current development version: [[ORG (Owasp Report Generator) - Change Log]]
 +
 
 +
== ORG To-do  ==
 +
 
 +
Note: This section needs better formating
 +
 
 +
'''Current Main To-Do list'''
 +
 
 +
'''* Number Difficulty Priority Request'''
 +
* ''6 Intermediate High'' Verify all current data against a schema and ensure that consistency is maintained (especially with IP Address / DNS Name fields)
 +
* ''16 Minor High'' Change the window menu to have the current open windows in the actual menu, rather than as a sub menu
 +
* ''17 Intermediate Low'' Add a find function to the source code editor
 +
* ''22 Minor Low'' Correct redundancy of report reviewers now that we have a document information page (remove these redundant tags)
 +
* ''23 Minor Low'' Verify metadata that we currently store is correct and valuable
 +
* ''24 Minor Low'' Correct spelling of confidenciality Rating in document information page
 +
* ''5 Intermediate Medium'' Enable verification against a schema within the tool to ensure that data is of a consistent form
 +
* ''9 Intermediate Medium'' Add a drop down menu to the findings screen to allow for the selection of a recommendation from the recommendations database
 +
* ''13 Intermediate Medium'' Create a Microsoft Word version of the report
 +
* ''20 Intermediate Medium'' Paste tables into Appendix
 +
* ''21 Intermediate Medium'' Paste images into Appendix
 +
*                                      Add SpellCheking capabilities (using Authentic's component support for it)
 +
*                                      Add support for saving GUI Settings (for example the Spliter sizes)
 +
*                                      Fix bugs in additional details.  Hitting return doesn't not enter a newline. 
 +
*                                      When adding a finding like "Bug found @ hehe/hehe.aspx" it does not work because of the information entered in (it doesn't like the "/").  Need to validate and sanitize the information.
 +
*                                      Write unit tests
 +
 
 +
== ORG To-do (in table format) ==
 +
 
  
 
'''Priority High'''
 
'''Priority High'''
Line 6: Line 33:
 
|+TODO
 
|+TODO
 
|-
 
|-
|
+
! ID !! Task !! Comment !! Complexity || Assigned !! Status
! Task !! Comment !! Complexity || Assigned !! Status
+
 
|-
 
|-
! 1
+
!
 +
|| Issues with new Authentic 2007 OCX control ||
 +
* Report Contents SPS is not working (conflict with XSD) ,
 +
* Keyboard hock not working properly (in axActiveAuthenticControl.@event.ctrlKey , axActiveAuthenticControl.@event.ctrlKey doesn't contain the correct value (i.e. in the case where is ctrlKey pressed and ctrlKey should be true)
 +
|| Medium  || DC || getting there
 +
|-
 +
 
|| Enable templates in executive summary to save copying and pasting in new projects || There is an easy and a hard way to do this. The easy is to implement this using template xml files which are copied to the target location (for example a finding or 'Report Content') from a default location (in the current plan the output of a plug-in). The hard way (but much more powerfull) will be to implement this templates using dinamic manipulation of the autentic object (which is something that I haven't figure out how to do) || Medium || Not Assigned
 
|| Enable templates in executive summary to save copying and pasting in new projects || There is an easy and a hard way to do this. The easy is to implement this using template xml files which are copied to the target location (for example a finding or 'Report Content') from a default location (in the current plan the output of a plug-in). The hard way (but much more powerfull) will be to implement this templates using dinamic manipulation of the autentic object (which is something that I haven't figure out how to do) || Medium || Not Assigned
 
|-
 
|-
!
+
!
|| Create plug-in to support templates || Which is basically a mapping between SPS and XML files (need to figure out how to dynamically use SPS transformations
+
|-
+
|-
+
!
+
||Fix XML attribute / value errors when using copy and paste functionality
+
!
+
 
|| Convert Export functionality into a Plug-in || Should be easy to do since all code is already there || Low || DC ||
 
|| Convert Export functionality into a Plug-in || Should be easy to do since all code is already there || Low || DC ||
|-
 
 
 
|-
 
|-
 
!
 
!
|| Verify all current data against a schema and ensure that consistency is maintained (especially with IP Address / DNS Name fields) || Basicaly the issue here is that everytime an xml file is saved, a quick check to the schema should be made. The code to do this already exists (it is in the export data code).
+
|| Verify all current data against a schema and ensure that consistency is maintained (especially with IP Address / DNS Name fields) || Basicaly the issue here is that everytime an xml file is saved, a quick check to the schema should be made. The code to do this already exists (it is in the export data code). This can be done using the authentic component.  No need to write code. - Mike
 
|-
 
|-
 
!
 
!
Line 62: Line 86:
 
!  
 
!  
 
|| generated Pdf reports don't appear in the respective ORG window. || [DC]: this doesn't occour all the time and it is due to the fact that the current way used to display the pdf is to open it in the embebed IE control (which sometimes opens the pdf inside it and others in an external window || no idea || ||
 
|| generated Pdf reports don't appear in the respective ORG window. || [DC]: this doesn't occour all the time and it is due to the fact that the current way used to display the pdf is to open it in the embebed IE control (which sometimes opens the pdf inside it and others in an external window || no idea || ||
 +
|-
 +
!
 +
|| Remember the UI dimensions for every window when it closes. || The windows need to remember how they were set so that the next time the program is ran people do not have to resize the windows again.  This would be a nice usability addition || easy || ||
 
|}
 
|}
  
Line 103: Line 130:
 
! 9  
 
! 9  
 
| Ensure that within the same project, image folders are unique ||  
 
| Ensure that within the same project, image folders are unique ||  
|-
 
! 10
 
| Make an installer ||
 
 
|-
 
|-
 
! 11
 
! 11
Line 145: Line 169:
 
| Remove all those empty try/catches in authentic.cs ||  
 
| Remove all those empty try/catches in authentic.cs ||  
 
|-  
 
|-  
! 22
 
| Upgrade the Altova component || || || Y || 50%
 
|-
 
 
! 23  
 
! 23  
 
| Create a Microsoft Word report option || || || ||
 
| Create a Microsoft Word report option || || || ||
Line 171: Line 192:
 
! 30
 
! 30
 
| Allow for defaults and templates to be used (especially in the executive summary where all executive summaries should follow the same format)  ||
 
| Allow for defaults and templates to be used (especially in the executive summary where all executive summaries should follow the same format)  ||
 +
|-
 +
! 31
 +
| Add in unit tests ||
 +
|-
 +
! 32
 +
| Implement the deleting of issue xml file || Currently in issue tracking there is a delete button that has not been implemented.  Also, on the "Report PDF" tab of the projects form there is a button that will create the issue tracking file which errors out if a version of the file has already been created. 
 
|}
 
|}
  
Line 184: Line 211:
 
** then try to change a finding (exception will occur)
 
** then try to change a finding (exception will occur)
 
** if you reload the project the issue will go away
 
** if you reload the project the issue will go away
 
+
* feature: in the reports -> 2. choose a data filter: add the capabilty to define extraparameters for the external xslt transformation (this is needed for the new XSLT 2 xslts)
  
 
== TODO Future Versions ==
 
== TODO Future Versions ==
 
* Add in the ability to import in stock findings
 
* Add in the ability to import in stock findings
* Remove the global variable class.
 
 
* Add in tool tips to the forms.
 
* Add in tool tips to the forms.
  

Latest revision as of 18:23, 7 January 2007

Change log of current development version: ORG (Owasp Report Generator) - Change Log

Contents

ORG To-do

Note: This section needs better formating

Current Main To-Do list

* Number Difficulty Priority Request

  • 6 Intermediate High Verify all current data against a schema and ensure that consistency is maintained (especially with IP Address / DNS Name fields)
  • 16 Minor High Change the window menu to have the current open windows in the actual menu, rather than as a sub menu
  • 17 Intermediate Low Add a find function to the source code editor
  • 22 Minor Low Correct redundancy of report reviewers now that we have a document information page (remove these redundant tags)
  • 23 Minor Low Verify metadata that we currently store is correct and valuable
  • 24 Minor Low Correct spelling of confidenciality Rating in document information page
  • 5 Intermediate Medium Enable verification against a schema within the tool to ensure that data is of a consistent form
  • 9 Intermediate Medium Add a drop down menu to the findings screen to allow for the selection of a recommendation from the recommendations database
  • 13 Intermediate Medium Create a Microsoft Word version of the report
  • 20 Intermediate Medium Paste tables into Appendix
  • 21 Intermediate Medium Paste images into Appendix
  • Add SpellCheking capabilities (using Authentic's component support for it)
  • Add support for saving GUI Settings (for example the Spliter sizes)
  • Fix bugs in additional details. Hitting return doesn't not enter a newline.
  • When adding a finding like "Bug found @ hehe/hehe.aspx" it does not work because of the information entered in (it doesn't like the "/"). Need to validate and sanitize the information.
  • Write unit tests

ORG To-do (in table format)

Priority High

TODO
ID Task Comment Complexity Assigned Status
Issues with new Authentic 2007 OCX control
  • Report Contents SPS is not working (conflict with XSD) ,
  • Keyboard hock not working properly (in axActiveAuthenticControl.@event.ctrlKey , axActiveAuthenticControl.@event.ctrlKey doesn't contain the correct value (i.e. in the case where is ctrlKey pressed and ctrlKey should be true)
Medium DC getting there
Enable templates in executive summary to save copying and pasting in new projects There is an easy and a hard way to do this. The easy is to implement this using template xml files which are copied to the target location (for example a finding or 'Report Content') from a default location (in the current plan the output of a plug-in). The hard way (but much more powerfull) will be to implement this templates using dinamic manipulation of the autentic object (which is something that I haven't figure out how to do) Medium Not Assigned
Convert Export functionality into a Plug-in Should be easy to do since all code is already there Low DC
Verify all current data against a schema and ensure that consistency is maintained (especially with IP Address / DNS Name fields) Basicaly the issue here is that everytime an xml file is saved, a quick check to the schema should be made. The code to do this already exists (it is in the export data code). This can be done using the authentic component. No need to write code. - Mike


Priority Medium

Task Comment Complexity Assigned Status
1 Add a default profile with the project files maped to the local disk


Priority Low

Task Comment Complexity Assigned Status
generated Pdf reports don't appear in the respective ORG window. [DC]: this doesn't occour all the time and it is due to the fact that the current way used to display the pdf is to open it in the embebed IE control (which sometimes opens the pdf inside it and others in an external window no idea
Remember the UI dimensions for every window when it closes. The windows need to remember how they were set so that the next time the program is ran people do not have to resize the windows again. This would be a nice usability addition easy

|- ! x || {Template} || {...} || Medium || Not Assigned


To Map to Priority Tables

Task Comment Assigned Status
1 Del Key should delete newline (and other elements)
2 Add ability to move findings to other targets
3 Sort of tracking views by Issue ID Enable sorting in the issue tracking screens, to enable easier finding of issues when retests are occurring
4 Search (for Issue IDs)
5 Select contacts from a db
6 Automatic Import data (like DSN info) This can also include task / default messages with links to areas like the OWASP vulnerability pages
7 Data feed for global database spreadsheets
8 Sign application and FOP engine
9 Ensure that within the same project, image folders are unique
11 Add Backup feature for XSLT changes
12 Add upgrade tool
13 Add XSLT search feature
14 Project level tags
15 Image's path are hardcoded on the PDF xslt
  • Monthly CISO Report.xslt
  • test.xslt
  • Bespoke Brief.xslt
  • Monthly RISO Report.xslt
  • Outstanding Issues.xslt
16 Document the installation procedure of the Altova XML engine (used for xslt2 queries)
17 Add to FAQ the fact that the errors that show on the current main FOP transformation are ok
18 Convert the current xslt/FOP to the altova engine so that we can use xslt2 queries
19 Modify the tabs on the "Current and Archived Projects" screen so that whenever you click on one it reloads the data
20 Only show up tabs that we have the data set up for
21 Remove all those empty try/catches in authentic.cs
23 Create a Microsoft Word report option
24 Perform a validation against a schema of all current _consolidatedReports files to ensure they are compliant (check in particular dates, IPs and DNS names)
25 Manage the exceptions that occur when you add a finding with a duplicate name more effectively
26 Change the Window menu to have the current open windows in the main menu, rather than as a sub menu
27 Add a find function to the source code editor
28 Add drop down menus to the recommendations section (which links to the recommendations database)
29 Enable schema-safe copy and paste between the project meta data tab and the executive summary tab (the xml attribute copying bug)
30 Allow for defaults and templates to be used (especially in the executive summary where all executive summaries should follow the same format)
31 Add in unit tests
32 Implement the deleting of issue xml file Currently in issue tracking there is a delete button that has not been implemented. Also, on the "Report PDF" tab of the projects form there is a button that will create the issue tracking file which errors out if a version of the file has already been created.

To add to to-do

  • Default headers auto populated in "Report Contents". Executive Summary, Background, Scope
  • Paste tables into Appendix
  • Paste images into Appendix
  • Bug report, sequence of events:
    • do findings
    • then do exec sumamry
    • then make a pdf
    • then try to change a finding (exception will occur)
    • if you reload the project the issue will go away
  • feature: in the reports -> 2. choose a data filter: add the capabilty to define extraparameters for the external xslt transformation (this is needed for the new XSLT 2 xslts)

TODO Future Versions

  • Add in the ability to import in stock findings
  • Add in tool tips to the forms.



back to ORG (Owasp Report Generator)