Frequent Contributor.. tavv1995 Frequent Contributor..
Frequent Contributor..
5086 views

Turn off URL Truncation?

Is it possible to disable truncation of URL's when generating a WebInspect Report? I tried disabling the truncation option in Application Settings --> Report -> Check "No Truncation (unlimited text size). But, some URL's in the reports are still being truncated. I can see the full paths on the Attach Requests however it still looks like the URL's are all getting truncated under the File Names. 

 

I think there is a setting, but I cannot locate it.

Labels (2)
0 Likes
2 Replies
k1DBLITZ Absent Member.
Absent Member.

Re: Turn off URL Truncation?

Click Edit > Application Settings > Reports

 

Tags (2)
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Turn off URL Truncation in Reports?

The Truncation and Smart Truncation settings for Reports have to do with suppressing most of the HTTP Response.  The default is to show only the item of interest plus 50 characters.  Turning this off will produce much longer Reports, because the full HTTP Response will be printed.   In addition to that, WebInspect default capture size for HTTP Responses is ~1MB, as shown on the Scan Settings Requestor panel:  "Limit maximum response size to = 1000 KB".

 

 

Separate from this, did you mean that the URL field is being truncated in the Report, not necessarily the HTTP Response field?  Is this the Vulnerability report or the Classic/Legacy Vulnerability report?  If the field is not able to show the full URL, Fortify Support should be able to assist you in making a custom copy of that report with a wider field on-screen.  The included Report Designer tool can perform this (similar to using Crystal Reports), but it can be unclear which template needs the edit.

 

 

 

From the Help Guide on the report Truncate function....

 

Application Settings: Reports

 

Smart truncate vulnerability text

 

Generated reports can contain very lengthy HTTP request and response messages. To save space and help focus on the pertinent data related to a vulnerability, you can exclude message content that precedes and follows the data that identifies or confirms the vulnerability (identified by red highlighting).

The following example illustrates the report of a cross-site scripting vulnerability using "smart" truncation and a padding size of 20 characters. The complete header is always reported. The remaining message text is deleted, except for the vulnerability and the 20 characters preceding it and the 20 characters following it. The retained text is then bracketed by the notation "...TRUNCATED..." to indicate that truncation has occurred. Note that the length of the original message was 2,377 characters (Content-Length: 2377).


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
Tags (1)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.