This page contains:
The Evidence
content control is a special control that tells the reporting engine to repeat a given section of the report for each piece of Evidence associated with a vulnerability.
If you haven't done so yet, now would be a good time to review the Adding issues and evidence section of the Working with projects manual.
We're going to use the same example we used in the Adding issues and evidence section.
An Out-of-date Apache vulnerability that affects 2 different hosts (port tcp/80
in host 10.0.0.1
and ports tcp/80
and tcp/443
in 10.0.0.2
).
This means our Dradis project will have:
10.0.0.1
and 10.0.0.2
10.0.0.1
, port tcp/80
10.0.0.2
, port tcp/80
10.0.0.2
, port tcp/443
If you landed in this page directly, please also review the Issue content control section of this manual before reading ahead as we will be using the template we created there.
The Evidence
control is a wrapping control (i.e. it is used to enclose other template content). We're going to start by creating a Label
placeholder and wrapping it into an Evidence
control:
Most of the times, the Evidence
control will be nested inside an Issue
control as shown here:
However, this is not required. You can, for example, decide to group all your evidence in an appendix at the end of the report.
Exporting our report right now would result in the following:
We can see that the reporting engine is working as expected, repeating the section of the report enclosed by the Evidence
control for each of the pieces of Evidence we've got in the project.
As you just saw, the Label
control can be used inside an Evidence
control to display the label of the node associated with the Evidence.
This is especially useful when you have multiple instances of a problem, with code or screenshots in them. By adding the Label
control you can easily see where one instance ends and the next one starts.
The Evidence
wrapping control works in the same way the other wrapping controls we've seen so far (i.e. Issue and Note) and lets us create placeholders for the fields defined in your content.
For example, lets enhance our template to contain placeholders for the Port
and Details
fields:
Right now our template is expecting that each piece of Evidence in your project contains a Port
and a Details
fields.
That's easy enough to get right, but it is up to you to ensure you remember that your template is going to look for this fields.
Lets go ahead and add the first piece of evidence:
If you're wondering how to get that grey background block, feel free to jump ahead to the Code blocks section of the manual, we'll wait for you here.
Adding the other instances of Evidence to the project and exporting results in:
You can see how the Port
and Details
placeholders have been populated with the relevant information for each Evidence in our project.
Evidence content control can be filtered to allow you to further customize your reports. For more on the different options, check out the Filtering and Sorting page of this guide.
Next help article: Affected content control →
Your email is kept private. We don't do the spam thing.