Re: Using Audit Workbench, how can I copy or print the list of suspect files? - Micro Focus Community

gplorin1 · ‎2016-01-26

A Fortify Audit Workbench scan of a folder just produced a list of over 100 files with security issues. I need to notify the developers, but the list is too long to type. The screen list cannot be copied and pasted, nor saved as a pdf, and the AWB Report does not even have the list.

How can I make an editable/copyable/pasteable list of these suspect files?

right1 · ‎2016-02-02

Select all of the isses with CTRL+A and then bulk copy with ctrl + alt + shift + c

You can customize the format and data that is bulk copied. This is documented in the AWB guide in the section "Creating Attribute Summary Tables for Multiple Issues".

In summary

open the FPR
select the proper filterset
switch to the all issues tab
select Group By <none>
Depending on what you're looking for, you might want to toggle the "Options -> Collapse" Issues off
Specify a custom format for the issue copy attributes function in: Options -> Options... -> Audit Featuers Configurations -> Format manually
- Enter java formatter syntax http://docs.oracle.com/javase/6/docs/api/java/util/Formatter.html
- using ctrl + alt + shift + f will show you all of the possible attributes and what their column number would be. For example, if you wanted just "File Category CWE" you could enter [v]%19$1s %10$2s %17$3s %n
- [v] to display each issue in its own row (instead of a column), %19$1 – output the 19-th property first, %10$2 – output the 10-th property second, %17$3 – output the 17-th property third. You can create more complex expressions if you need
- The output would look like: JavaSource/org/owasp/webgoat/lessons/admin/ReportCardScreen.java Cross-Site Scripting: Reflected "CWE ID 79, CWE ID 80"

Using Audit Workbench, how can I copy or print the list of suspect files?

Tools