Validate Evidence fields

This validator checks whether each instance of Evidence in your project had all of the fields and field values that your report template is expecting.

Before we can validate these fields, we need to define them! In the interest of keeping information organized, I'm going to have to ask you to open the Report template properties: evidence fields page of the Administration manual that explains how to define Evidence fields.

We want to ensure that the latest and most up-to-date information about each topic is in a single page.

After you've defined your Evidence fields within the report template properties, validate your project. Check the on-screen Validator log to see what fields are missing or invalid and causing problems.

Example Evidence Field Error

In this example, our piece of Evidence was missing a Request field. The log reads:

[ERROR] Evidence #134 [issue: "SQL Injection", node: '10.0.0.1'] is missing the field 'Request', which is required by your report template. Please add the field to the evidence.

In another example, our Output field is required by our template, and the field exists but is empty. The log shows:

[ERROR] Your report template specifies that the field 'Output' is required, but Evidence #231 [issue: "Weak SSL ciphers", node: '10.0.0.1'] does not provide a value for it. Please provide some value.

In yet another example, our Status field defines values of Open | Closed but in our Project, the Status was set to Pending. The log shows:

[ERROR] Value 'Pending' is invalid for field 'Status' in Evidence #224 [issue: "Weak SSL ciphers", node: '10.0.0.1']. Allowed values are Open, Closed

To fix these errors, we need to first locate the specific piece of Evidence identified by the validator by starting with either the Issue or the Node data we were given. For example: Evidence #134 [issue: 'SQL Injection', node: '10.0.0.1'].

To locate the Evidence via the Issue:

  1. Open the Issue (e.g. SQL Injection)

  2. Navigate to the Evidence tab

  3. Locate the Evidence for the correct Node (e.g. 10.0.0.1)

  4. Edit the field noted in the validator output

To locate the Evidence via the Node:

  1. Open the Node (e.g. 10.0.0.1)

  2. In the left sidebar, locate the Evidence for the correct Issue (e.g. SQL Injection)

  3. Edit the field noted in the validator output

No Evidence Fields defined

If you haven't defined any Evidence fields in your report template properties, you'll get a warning when you validate your project.

[WARNING] The selected template doesn't define any Evidence fields. Dradis doesn't know what Evidence fields your report template is looking for.
[WARNING] Go to Admin > Templates > Reports and define some Evidence fields for this report template.
[WARNING] More details: https://dradis.com/support/guides/administration/report_template_properties.html#evidence-fields

If you see the above output, head over to the link in the message to add your Evidence fields so that Dradis knows what fields and field values to validate.

On the Node page

Don't want to use the validator? Just open a Node and navigate to the Evidence tab. Check out the Validator column to confirm which instances of Evidence match your report template properties and which have errors that need to be fixed before they will export out into your report template.

Next help article: Validate Issue fields →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.