Resolve allows custom Microsoft Word reports to be made through the use of templates. These templates contain placeholders that will populate data at the time of report generation. Resolve uses the docx-templates library for this dynamic report generation. The documentation for that library can be found here. Additionally, an introduction to the Resolve-specific use cases is below.
The command delimiter
In Word templates every dynamic field should begin and end with +++, for example to insert a project name you would type:
+++project.name+++
All commands inside of the delimiters will use standard Javascript notation. Any objects provided to the template can be accessed without a preceding $. All objects created inside of the template (e.g. in a for-each loop, see below for examples) should be preceded by a $.
Template Objects
Depending on the report entity a set of default objects are provided to the template. Outlined below are all fields available for each supported Entity template type, any non-standard fields are included inline. To see which data each entity always contains, please view Entity Fields.
| Field | Description |
|---|---|
| project | No non-standard fields. Only available for single record templates. |
| projects | No non-standard fields. Only available for multiple record templates. |
| findings | [{
instances: [{}] //An array of instances for this finding
}] |
| instances | [{
verifications: [{}] //An array of verifications for this instance
}] |
| verifications | No non-standard fields |
| assets | [{
formattedHost: 'DNS name' || 'host name' || null
}] |
| projectRoles | {
[Role Name]: [{}] //An array of users with that role
} |
| owaspMap | {
[Numeric OWASP category]: boolean //true if any findings for that category were found
} |
| owaspMobileMap | {
[Numeric Mobile OWASP category]: boolean //true if any findings for that category were found
} |
| owaspRemediationMap | {
[Numeric OWASP category]: 'Remediated' || 'Not Remediated' || 'Partially Remediated' || 'N/A'
} |
| owaspMobileRemediationMap | {
[Numeric Mobile OWASP category]: 'Remediated' || 'Not Remediated' || 'Partially Remediated' || 'N/A'
} |
| masterFindingsBySeverity | An array of severities, each containing a masterFindings property for all master findings with that severity |
| findingsBySeverity | An array of severities, each containing a findings property for all findings with that severity |
| Field | Description |
|---|---|
| assets | No non-standard fields |
| Field | Description |
|---|---|
| applications | No non-standard fields |
| Field | Description |
|---|---|
| scans | No non-standard fields |
| Field | Description |
|---|---|
| users | No non-standard fields |
| Field | Description |
|---|---|
| findings | [{
instances: [{}] //An array of instances for this finding
}] |
| instances | No non-standard fields |
| masterFindingsBySeverity | An array of severities, each containing a masterFindings property for all master findings with that severity |
| findingsBySeverity | An array of severities, each containing a findings property for all findings with that severity |
Output specific entity field values
If you know the name of the field you need the value for, use javascript object notation and specify the field name. For example, if you want to export just the description of the selected entity, use:
$item.description
Looping with foreach
Use foreach to loop through a list like findings
+++FOR finding IN findings+++
+++$finding.name+++
+++END-FOR finding+++
Conditional Statements
Apply conditional statements through the use of IF statements
+++IF $finding.severity === 'High'+++
Warning: this is a high severity finding.
+++END-IF+++
Rendering HTML
To render rich text contents, call the formatHtml function and use the HTML command delimiter.
+++HTML formatHtml($finding.description)+++
Custom Formatting
With the use of the EXEC command delimiter any valid javascript can be used. To apply additional formatting to an object, try:
+++EXEC $finding.name += ' Finding'+++