Project organization changes (#76)

* allow for optional reporting features

* add additional jars to process reports

* bug fix for #75

WebContent/WEB-INF/jsp/assessment/editVulnJSON.jsp

@@ -2,21 +2,21 @@
 <%@ taglib prefix="s" uri="/struts-tags" %>
 <%@ page language="java" contentType="application/json; charset=UTF-8"
     pageEncoding="UTF-8"%>
-{ "name" : "<s:property value="current.name"/>",
+{ "name" : "<s:property value="current.name" escapeJavaScript="true"/>",
 "description" : "<s:property value="description"/>",
 "recommendation" : "<s:property value="recommendation"/>",
 "details" : "<s:property value="details"/>",
 "likelyhood" : "<s:property value="current.likelyhood"/>",
 "impact" : "<s:property value="current.impact"/>",
 "overall" : "<s:property value="current.overall"/>",
 "cf" : [<s:iterator value="current.CustomFields" status="stat"><s:if test="#stat.index!=0">,</s:if>{ "id" : ${id}, "typeid" : ${type.id}, "value" : "${value}"}</s:iterator>],
-"dfname" : "<s:property value="current.defaultVuln.name"/>",
+"dfname" : "<s:property value="current.defaultVuln.name" escapeJavaScript="true"/>",
 "dfvulnid" : "<s:property value="current.defaultVuln.id"/>",
-"dfcat" : "<s:property value="current.defaultVuln.category.name"/>",
+"dfcat" : "<s:property value="current.defaultVuln.category.name" escapeJavaScript="true"/>",
 "dfcatid" : "<s:property value="current.defaultVuln.category.id"/>",
 "catid" : "<s:property value="current.category.id"/>",
-"cvssScore" : "<s:property value="current.cvssScore"/>",
-"cvssString" : "<s:property value="current.cvssString"/>"
+"cvssScore" : "<s:property value="current.cvssScore" escapeJavaScript="true"/>",
+"cvssString" : "<s:property value="current.cvssString" escapeJavaScript="true"/>"
 }
 
 

WebContent/WEB-INF/jsp/remediation/vulnsJson.jsp

@@ -1,12 +1,12 @@
 <%@page import="org.apache.struts2.components.Include"%><%@ page language="java" contentType="application/json; charset=UTF-8"
     pageEncoding="UTF-8"%><%@ taglib prefix="s" uri="/struts-tags" %><% boolean first=true;%>{ "data" : [<s:iterator value="combos">
 <% if(first){ first=false;}else{ %>,<%}%>[ "<input class='remselect' type='checkbox' onclick='return false'/>",
-"<s:property value="vuln.name"/>" , 
+"<s:property value="vuln.name" escapeJavaScript="true"/>" , 
 "<s:property value="assessment.appId"/>\n<s:property value="assessment.name"/>", 
-"<s:iterator value="assessment.assessor"><s:property value="fname"/> <s:property value="lname"/>\n</s:iterator>",
-"<s:property value="vuln.tracking"/>" , 
+"<s:iterator value="assessment.assessor"><s:property value="fname" escapeJavaScript="true"/> <s:property value="lname" escapeJavaScript="true"/>\n</s:iterator>",
+"<s:property value="vuln.tracking" escapeJavaScript="true"/>" , 
 "<s:if test="isVer">Out for Verification</s:if>",
-"<s:property value="vuln.overallStr"/>" ,  
+"<s:property value="vuln.overallStr" escapeJavaScript="true"/>" ,  
 <s:if test="vuln.closed== null">
 "<s:date name="vuln.opened"  format="MM/dd/yyyy"/>",
 </s:if>
@@ -18,13 +18,13 @@
 {},
 { 
 	"aid" :"<s:property value="assessment.id"/>", 
-	"appId" :"<s:property value="assessment.appId"/>", 
+	"appId" :"<s:property value="assessment.appId" escapeJavaScript="true" />", 
 	"vid" : "<s:property value="vuln.id"/>", 
-	"dist" : "<s:property value="assessment.DistributionList"/>", 
+	"dist" : "<s:property value="assessment.DistributionList" escapeJavaScript="true"/>", 
 	"notes" : "<s:property value="assessment.AccessNotes"/>",
-	"name" : "<s:property value="assessment.name"/>",
-	"vulnName" : "<s:property value="vuln.name"/>",
-	"tracking" : "<s:property value="vuln.tracking"/>",
+	"name" : "<s:property value="assessment.name" escapeJavaScript="true"/>",
+	"vulnName" : "<s:property value="vuln.name" escapeJavaScript="true"/>",
+	"tracking" : "<s:property value="vuln.tracking" escapeJavaScript="true"/>",
 	"isVer" : ${isVer},
 	"severity" : {
 		"overall" :  "${vuln.overall}",
@@ -34,8 +34,8 @@
 	"reports": [<s:iterator value="reports" status="stat">
 	<s:if test="!#stat.first">,</s:if>
 	{	
-		"name": "<s:property value="assessment.name"/> - <s:property value="assessment.type.type"/> <s:if test="retest == true">Retest </s:if>Report.docx", 
-		"type": "<s:property value="assessment.type.type"/> <s:if test="retest == true">Retest</s:if>", 
+		"name": "<s:property value="assessment.name" escapeJavaScript="true"/> - <s:property value="assessment.type.type" escapeJavaScript="true"/> <s:if test="retest == true">Retest </s:if>Report.docx", 
+		"type": "<s:property value="assessment.type.type" escapeJavaScript="true"/> <s:if test="retest == true">Retest</s:if>", 
 		"updated": "<s:date name="gentime" format="MM-dd-yyyy hh:mm:ss"/>", 
 		"guid" : "<s:property value="filename"/>",
 		"isRetest": <s:property value="retest"/>

WebContent/dist/js/appstore.js.LICENSE.txt

@@ -1,35 +1,21 @@
 /*!
- * Sizzle CSS Selector Engine v2.3.9
- * https://sizzlejs.com/
- *
- * Copyright JS Foundation and other contributors
- * Released under the MIT license
- * https://js.foundation/
- *
- * Date: 2022-12-19
- */
-
-/*!
- * jQuery JavaScript Library v3.6.3
+ * jQuery JavaScript Library v3.7.1
  * https://jquery.com/
  *
- * Includes Sizzle.js
- * https://sizzlejs.com/
- *
  * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license
  * https://jquery.org/license
  *
- * Date: 2022-12-20T21:28Z
+ * Date: 2023-08-28T13:37Z
  */
 
 /*!
- * jQuery UI Widget 1.13.2
- * http://jqueryui.com
+ * jQuery UI Widget 1.14.0
+ * https://jqueryui.com
  *
- * Copyright jQuery Foundation and other contributors
+ * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license.
- * http://jquery.org/license
+ * https://jquery.org/license
  */
 
 /*!
@@ -52,7 +38,7 @@
   */
 
 /**!
- * Sortable 1.15.1
+ * Sortable 1.15.3
  * @author	RubaXa   <trash@rubaxa.org>
  * @author	owenm    <owen23355@gmail.com>
  * @license MIT

WebContent/dist/js/assessment_queue.js.LICENSE.txt

@@ -1,35 +1,21 @@
 /*!
- * Sizzle CSS Selector Engine v2.3.9
- * https://sizzlejs.com/
- *
- * Copyright JS Foundation and other contributors
- * Released under the MIT license
- * https://js.foundation/
- *
- * Date: 2022-12-19
- */
-
-/*!
- * jQuery JavaScript Library v3.6.3
+ * jQuery JavaScript Library v3.7.1
  * https://jquery.com/
  *
- * Includes Sizzle.js
- * https://sizzlejs.com/
- *
  * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license
  * https://jquery.org/license
  *
- * Date: 2022-12-20T21:28Z
+ * Date: 2023-08-28T13:37Z
  */
 
 /*!
- * jQuery UI Widget 1.13.2
- * http://jqueryui.com
+ * jQuery UI Widget 1.14.0
+ * https://jqueryui.com
  *
- * Copyright jQuery Foundation and other contributors
+ * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license.
- * http://jquery.org/license
+ * https://jquery.org/license
  */
 
 /*!
@@ -42,10 +28,6 @@
  * Licensed under MIT (https://github.com/craftpip/jquery-confirm/blob/master/LICENSE)
  */
 
-/*! DataTables 1.13.1
- * ©2008-2022 SpryMedia Ltd - datatables.net/license
- */
-
 /*! DataTables Bootstrap 3 integration
  * ©2011-2015 SpryMedia Ltd - datatables.net/license
  */

WebContent/dist/js/assessment_stats.js.LICENSE.txt

@@ -6,33 +6,19 @@
  */
 
 /*!
- * Chart.js v4.4.1
+ * Chart.js v4.4.4
  * https://www.chartjs.org
- * (c) 2023 Chart.js Contributors
+ * (c) 2024 Chart.js Contributors
  * Released under the MIT License
  */
 
 /*!
- * Sizzle CSS Selector Engine v2.3.9
- * https://sizzlejs.com/
- *
- * Copyright JS Foundation and other contributors
- * Released under the MIT license
- * https://js.foundation/
- *
- * Date: 2022-12-19
- */
-
-/*!
- * jQuery JavaScript Library v3.6.3
+ * jQuery JavaScript Library v3.7.1
  * https://jquery.com/
  *
- * Includes Sizzle.js
- * https://sizzlejs.com/
- *
  * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license
  * https://jquery.org/license
  *
- * Date: 2022-12-20T21:28Z
+ * Date: 2023-08-28T13:37Z
  */

WebContent/dist/js/assessorreviewedit.js.LICENSE.txt

@@ -1,35 +1,21 @@
 /*!
- * Sizzle CSS Selector Engine v2.3.9
- * https://sizzlejs.com/
- *
- * Copyright JS Foundation and other contributors
- * Released under the MIT license
- * https://js.foundation/
- *
- * Date: 2022-12-19
- */
-
-/*!
- * jQuery JavaScript Library v3.6.3
+ * jQuery JavaScript Library v3.7.1
  * https://jquery.com/
  *
- * Includes Sizzle.js
- * https://sizzlejs.com/
- *
  * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license
  * https://jquery.org/license
  *
- * Date: 2022-12-20T21:28Z
+ * Date: 2023-08-28T13:37Z
  */
 
 /*!
- * jQuery UI Widget 1.13.2
- * http://jqueryui.com
+ * jQuery UI Widget 1.14.0
+ * https://jqueryui.com
  *
- * Copyright jQuery Foundation and other contributors
+ * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license.
- * http://jquery.org/license
+ * https://jquery.org/license
  */
 
 /*!
@@ -42,10 +28,6 @@
  * Licensed under MIT (https://github.com/craftpip/jquery-confirm/blob/master/LICENSE)
  */
 
-/*! DataTables 1.13.1
- * ©2008-2022 SpryMedia Ltd - datatables.net/license
- */
-
 /*! DataTables Bootstrap 3 integration
  * ©2011-2015 SpryMedia Ltd - datatables.net/license
  */

WebContent/dist/js/calendar.js.LICENSE.txt

@@ -1,35 +1,21 @@
 /*!
- * Sizzle CSS Selector Engine v2.3.9
- * https://sizzlejs.com/
- *
- * Copyright JS Foundation and other contributors
- * Released under the MIT license
- * https://js.foundation/
- *
- * Date: 2022-12-19
- */
-
-/*!
- * jQuery JavaScript Library v3.6.3
+ * jQuery JavaScript Library v3.7.1
  * https://jquery.com/
  *
- * Includes Sizzle.js
- * https://sizzlejs.com/
- *
  * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license
  * https://jquery.org/license
  *
- * Date: 2022-12-20T21:28Z
+ * Date: 2023-08-28T13:37Z
  */
 
 /*!
- * jQuery UI Widget 1.13.2
- * http://jqueryui.com
+ * jQuery UI Widget 1.14.0
+ * https://jqueryui.com
  *
- * Copyright jQuery Foundation and other contributors
+ * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license.
- * http://jquery.org/license
+ * https://jquery.org/license
  */
 
 /*!
@@ -42,10 +28,6 @@
  * Licensed under MIT (https://github.com/craftpip/jquery-confirm/blob/master/LICENSE)
  */
 
-/*! DataTables 1.13.1
- * ©2008-2022 SpryMedia Ltd - datatables.net/license
- */
-
 /*! DataTables Bootstrap 3 integration
  * ©2011-2015 SpryMedia Ltd - datatables.net/license
  */

WebContent/dist/js/checklist.js.LICENSE.txt

@@ -1,35 +1,21 @@
 /*!
- * Sizzle CSS Selector Engine v2.3.9
- * https://sizzlejs.com/
- *
- * Copyright JS Foundation and other contributors
- * Released under the MIT license
- * https://js.foundation/
- *
- * Date: 2022-12-19
- */
-
-/*!
- * jQuery JavaScript Library v3.6.3
+ * jQuery JavaScript Library v3.7.1
  * https://jquery.com/
  *
- * Includes Sizzle.js
- * https://sizzlejs.com/
- *
  * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license
  * https://jquery.org/license
  *
- * Date: 2022-12-20T21:28Z
+ * Date: 2023-08-28T13:37Z
  */
 
 /*!
- * jQuery UI Widget 1.13.2
- * http://jqueryui.com
+ * jQuery UI Widget 1.14.0
+ * https://jqueryui.com
  *
- * Copyright jQuery Foundation and other contributors
+ * Copyright OpenJS Foundation and other contributors
  * Released under the MIT license.
- * http://jquery.org/license
+ * https://jquery.org/license
  */
 
 /*!
@@ -42,10 +28,6 @@
  * Licensed under MIT (https://github.com/craftpip/jquery-confirm/blob/master/LICENSE)
  */
 
-/*! DataTables 1.13.1
- * ©2008-2022 SpryMedia Ltd - datatables.net/license
- */
-
 /*! DataTables Bootstrap 3 integration
  * ©2011-2015 SpryMedia Ltd - datatables.net/license
  */