Absent Member.
Absent Member.
5382 views

Using Audit Workbench, how can I copy or print the list of suspect files?

A Fortify Audit Workbench scan of a folder just produced a list of over 100 files with security issues.  I need to notify the developers, but the list is too long to type.  The screen list cannot be copied and pasted, nor saved as a pdf, and the AWB Report does not even have the list.

How can I make an editable/copyable/pasteable list of these suspect files?

Labels (1)
0 Likes
1 Reply
Absent Member.
Absent Member.

Select all of the isses with CTRL+A and then bulk copy with ctrl + alt + shift + c

You can customize the format and data that is bulk copied. This is documented in the AWB guide in the section "Creating Attribute Summary Tables for Multiple Issues".

In summary

  • open the FPR
  • select the proper filterset
  • switch to the all issues tab
  • select Group By <none>
  • Depending on what you're looking for, you might want to toggle the "Options -> Collapse" Issues off
  • Specify a custom format for the issue copy attributes function in: Options -> Options... -> Audit Featuers Configurations -> Format manually
    • Enter java formatter syntax http://docs.oracle.com/javase/6/docs/api/java/util/Formatter.html
    • using ctrl + alt + shift + f will show you all of the possible attributes and what their column number would be. For example, if you wanted just "File Category CWE" you could enter [v]%19$1s %10$2s %17$3s %n
    • [v] to display each issue in its own row (instead of a column), %19$1 – output the 19-th property first, %10$2 – output the 10-th property second, %17$3 – output the 17-th property third. You can create more complex expressions if you need
    • The output would look like: JavaSource/org/owasp/webgoat/lessons/admin/ReportCardScreen.java Cross-Site Scripting: Reflected "CWE ID 79, CWE ID 80"
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.