html_file: Improve plugin to use jinja2 templates #8866

Closed
andresriancho opened this Issue Mar 12, 2015 · 1 comment

Projects

None yet

1 participant

@andresriancho
Owner

Problem

The html_file plugin was written many years ago and it has some horrible hard-coded HTML inside. This makes it really difficult to modify/improve the generated HTMLs.

Solution

  • Design a new report template, check how the reports of Acunetix, ZAP, Burp look like and take ideas from there
  • Write a jinja2 template for the designed report
  • Re-write the plugin to use jinja2 templates
  • Save each template in a different directory (such as w3af/plugins/output/html_file/templates/generic/) and allow the user to choose the template to render using a configuration setting. For now only support the generic template but this leaves the people space to write other templates
  • Write a small tool that will render the template, maybe this could be done with nosetests+unittests. If a --template-test flag is found in argv then we write the test output to files in /tmp/ , this will make it easier for me to write new templates without having to run multiple scans
  • Ask the community to write templates

Conditions of satisfaction

  • We have unittests which check that the template is correctly rendered (no need to run scans for this)
  • We have one unittest to check that the output is properly generated after a real scan

Related with

  • This refactoring should avoid issues like UnicodeDecodeError @ html_file: 'utf8' codec can't decode byte #4219
@andresriancho andresriancho added a commit that referenced this issue Mar 13, 2015
@andresriancho * html_file: Improve plugin to use jinja2 templates #8866
* UnicodeDecodeError @ html_file: 'utf8' codec can't decode byte #4219
941c97e
@andresriancho
Owner

Plugin is working perfectly, just need to improve the template Improvements for HTML report template #8891

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment