Jinja2 Context json¶

These are examples of jinja2 static dataset usage. You can access this information from the docx template.

Info

Executive reports use jinja for rendering the report, check jinja documentation for more details.

Report Context¶

Generic

This report lists all vulnerabilities of the workspace.

{
    "counter_severity": <severities dict>,
    "date": <datetime>,
    "enterprise": format_text_docxtpl_patch(report.enterprise),
    "hosts": <list host>,
    "hosts_amount": <int>,
    "overview_images": <image>,
    "vulnerabilities_image": <image>,
    "ease_resolution_image": <image>,
    "impact_image": <image>,
    "services": <list service>,
    "services_amount": <int>,
    "title": <str>,
    "vulns": <list of vuln>,
    "vulns_amount": <int>,
    "workspace": <workspace_object>,
   "conclusions": <string>,
    "objectives": <string>,
    "recommendations": <string>,
    "scope": <string>,
    "summary": <string>,
    "methodologies": [<methodology>]
}

Grouped

This type of report groups the data using the name and description of the vulnerability. vulns_grouped_amount number of vulnerabilities in the group.

{
    "counter_severity": <dict severities>,
    "date": <datetime>,
    "enterprise": format_text_docxtpl_patch((report.enterprise)),
    "hosts": <list host>,
    "hosts_amount": <int>,
    "overview_images": <image>,
    "vulnerabilities_image": <image>,
    "ease_resolution_image": <image>,
    "impact_image": <image>,
    "services": <list service>,
    "services_amount": <int>,
    "title": <str>,
    "vulns": <list of vuln>,
    "vulns_amount": <int>,
    "vulns_grouped_amount": <int>,
    "workspace":<str>,
    "conclusions": <string>,
    "objectives": <string>,
    "recommendations": <string>,
    "scope": <string>,
    "summary": <string>,
    "methodologies": [<methodology>]
}

Inside each Template, in either of the two report Dataset, we can use these variables:

Host

{
'_rev': '',
'type': 'Host',
'_id': 1,
'versions': [],
'owned': False,
'mac': <str>,
'os': 'Linux Kernel 3.8',
'owner': None,
'services': 1,
'ip': '127.0.0.1',
'default_gateway': '',
'service_summaries': ['(80/tcp) www'],
'tags': ['QA'],
'credentials': 0,
'description': '',
'name': '127.0.0.1',
'hostnames': ['localhost'],
'metadata': {'create_time': <datetime>,
'update_time': <datetime>,
'creator': '',
'update_controller_action': '',
'owner': None,
'command_id': None,
'update_action': 0,
'update_user': None},
'id': 1,
'vulns': 91
}

Service

{
'_rev': '',
'type': 'Service',
'_id': 1,
'owned': False,
'summary': '(80/tcp) http',
'version': 'unknown',
'parent': 4,
'owner': None,
'tags': ['QA'],
'protocol': 'tcp',
'credentials': 0,
'port': <int>,
'description': '',
'name': 'http',
'host_id': 4,
'ports': 80,
'metadata': {'create_time': <datetime>,
'update_time': <datetime>,
'creator': '',
'update_controller_action': '',
'owner': None,
'command_id': None,
'update_action': 0,
'update_user': None},
'id': 1,
'vulns': 1,
'status': 'open'
}

Vulnerability

{
'data': <SubDoc>,
'vulnerability_duplicate_id': None,
'confirmed': False,
'_rev': '',
'easeofresolution': None,
'childs': [],
'cvss3_vector_string' : <str>,
'cvss3_base_score' : <float>,
'cvss3_exploitability_score' : <float>,
'cvss3_impact_score' : <float>,
'cvss3_base_severity' : <str>,
'cvss3_temporal_score' : <float>,
'cvss3_temporal_severity' : <str>,
'cvss3_environmental_score' : <float>,
'cvss3_environmental_severity' : <str>,
'cvss3_attack_vector' : <str>,
'cvss3_attack_complexity' : <str>,
'cvss3_privileges_required' : <str>,
'cvss3_user_interaction' : <str>,
'cvss3_confidentiality_impact' : <str>,
'cvss3_integrity_impact' : <str>,
'cvss3_availability_impact' : <str>,
'cvss3_exploit_code_maturity' : <str>,
'cvss3_remediation_level' : <str>,
'cvss3_report_confidence' : <str>,
'cvss3_confidentiality_requirement' : <str>,
'cvss3_integrity_requirement' : <str>,
'cvss3_availability_requirement' : <str>,
'cvss3_modified_attack_vector' : <str>,
'cvss3_modified_attack_complexity' : <str>,
'cvss3_modified_privileges_required' : <str>,
'cvss3_modified_user_interaction' : <str>,
'cvss3_modified_scope' : <str>,
'cvss3_modified_confidentiality_impact' = <str>,
'cvss3_modified_integrity_impact' : <str>,
'cvss3_modified_availability_impact' : <str>,
'type': 'Vulnerability',
'_id': 1,
'severity': 'med',
'refs': ['CVSS: 3.2'],
'date': <datetime>,
'owned': False,
'parent': 1,
'policyviolations': [],
'resolution': 'Resolution text',
'owner': None,
'service': {'version': 'unknown',
'name': 'postgresql',
'protocol': 'tcp',
'ports': 80,
'_id': 1,
'summary': '(80/tcp) http',
'status': 'open'},
'issuetracker': {},
'update_user': None,
'external_id': '1233',
'tags': [],
'vulnerability_template_id': None,
'impact': {'accountability': False,
'confidentiality': False,
'integrity': False,
'availability': False},
'obj_id': '1',
'custom_fields': {'list': None, 'integer': None, 'choice': None},
'parent_type': 'Service',
'description': 'Description',
'host_os': 'Linux Kernel 4.8',
'name': 'Vulnerability title',
'_attachments': {},
'hostnames': ['localhost'],
'desc': <SubDoc>,
'target': '127.0.0.1',
'metadata': {'create_time': <datetime>,
'update_time': <datetime>,
'creator': 'OpenVAS',
'update_controller_action': '',
'owner': None,
'command_id': 1,
'update_action': 0,
'update_user': None},
'status': 'opened',
'id': 1,
'__target__': '127.0.0.1 / 80 / tcp'
}