Using Audit Workbench, how can I copy or print the list of suspect files?
A Fortify Audit Workbench scan of a folder just produced a list of over 100 files with security issues. I need to notify the developers, but the list is too long to type. The screen list cannot be copied and pasted, nor saved as a pdf, and the AWB Report does not even have the list.
How can I make an editable/copyable/pasteable list of these suspect files?
Select all of the isses with CTRL+A and then bulk copy with ctrl + alt + shift + c
You can customize the format and data that is bulk copied. This is documented in the AWB guide in the section "Creating Attribute Summary Tables for Multiple Issues".
- open the FPR
- select the proper filterset
- switch to the all issues tab
- select Group By <none>
- Depending on what you're looking for, you might want to toggle the "Options -> Collapse" Issues off
- Specify a custom format for the issue copy attributes function in: Options -> Options... -> Audit Featuers Configurations -> Format manually
- Enter java formatter syntax http://docs.oracle.com/javase/6/docs/api/java/util/Formatter.html
- using ctrl + alt + shift + f will show you all of the possible attributes and what their column number would be. For example, if you wanted just "File Category CWE" you could enter [v]%19$1s %10$2s %17$3s %n
- [v] to display each issue in its own row (instead of a column), %19$1 – output the 19-th property first, %10$2 – output the 10-th property second, %17$3 – output the 17-th property third. You can create more complex expressions if you need
- The output would look like: JavaSource/org/owasp/webgoat/lessons/admin/ReportCardScreen.java Cross-Site Scripting: Reflected "CWE ID 79, CWE ID 80"