New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multilingual vulnerability template #42
Comments
Added Multilingual and Internationalization support. You can translate to French editing the po file in https://github.com/1modm/petereport/blob/main/app/locale/fr/LC_MESSAGES/django.po |
That's sounds crazy good, I absolutely need to test that and PR the FR translation. |
Hi @1modm Thank you so much. I Just tested this is nice and I plan to PR French translation. But on the other end this has nothing to do with this issue. What you did in 663a0a0 is more related to I18N (Internationalization), it's the translation of the WebUI components in several languages so we could say Multilingual WebUI or something. But this feature request has nothing to do about it. As the title say I was asking for multilingual vulnerability template support. As the description explained the idea is to be able to store a finding template in languages so that people daily using several languages can have their finding fields translated in several languages. So can we re-open this issue? |
Here is what I mean in video, I'm talking about multilingual finding template (the data stored, the db schema, etc.) not the translation of the label on the WebUI (I18N): pwndoc-2023-01-04_19.47.40.mp4While in PeTeReport even after last commit I can't add a vuln in FR+EN for example, I can set only one lang, and there is not way to filter the finding templates by language. The only thing is that now the WebUI lang can be changed, cf: petereport-2023-01-04_20.34.56.mp4 |
@noraj that's cool, thanks! I got it. So different templates for each language and also different content for each language/template. I will try to take a look asap. Thanks! |
Description and why
Pentesters from english-speaking countries are maybe the only ones that doesn't need this feature.
But in other countries you will need to have a findings library in both English and your native language and some countries also have 2, 3 or more official languages.
Very often, in non-english speaking countries, you need to write pentest report in several languages so having a Multilingual vulnerability database is critical for them.
Implementation
It needs a change of the SQL tables.
Instead of having something like
You would have
Workaround
A common bad workaround is to add a lang prefix in the title of the vulnerability.
Like
[EN] SQL injection
and[FR] Injection SQL
.This is terrible for multiple reasons.
When having multiple languages, only field containing text or sentences need to be translated, all other fields like the CVSS vector, CVE, vulnerability ID, etc. don't need to be translated and can be stored only once in the database.
Also when you edit the vuln in one language if they are not linked you often forgot to update the vuln in other other languages too.
It also possible to filter by language.
And for report you can't ask for vuln.fr.description or vuln.en.description depending on your french or english template.
Demo
It's a big long and hard to explain in details.
I invite your to deploy and test PwnDoc (https://github.com/pwndoc/pwndoc) which is the only pentest report platform I know to have a mutli-lang vuln DB. It's easy to deploy with docker-compose so it won't take long to try it.
The text was updated successfully, but these errors were encountered: