{% load i18n %}
<!DOCTYPE 5><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="cache-control" content="max-age=0"/><meta http-equiv="cache-control" content="no-cache"/><meta http-equiv="expires" content="0"/><meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT"/><meta http-equiv="pragma" content="no-cache"/><link rel="stylesheet" href="https://rawgit.com/appknox/bohemia/master/dist/report.css"/><style type="text/css">@page {
  @top-left {
    content: "Confidential";
  }
  @top-right {
    content: "{{ date }} UTC";
  }
  @bottom-center {
    border-top: 1px solid #6B6B6B;
    width: 100%;
    content: "Page " counter(page) " of " counter(pages);
  }
}</style></head><body><section class="new-page"><div class="main-logo">{% if whitelabel.enabled and whitelabel.logo %}<div class="whitelabel-company-logo"><img src="{{whitelabel.logo}}"/></div><div class="whitelabel-poweredby-logo"><img src="https://raw.githubusercontent.com/appknox/press-kit/master/logo/poweredby_appknox.png"/></div>{% else %}<div class="appknox-logo"><img src="https://raw.githubusercontent.com/appknox/press-kit/master/logo/logo-dark-small.png"/></div>{% endif %}</div><div class="main-heading">{{file.project.get_platform_display}}
{% trans "Security Report" %}</div><div class="sub-heading">{% trans "For Internal Purpose" %}</div><div class="app-name">{% trans "Prepared For" %}: {{file.name}}</div><div class="doc-description"><p>{% trans "Prepared by " %}{% if whitelabel.enabled and whitelabel.name %}{{ whitelabel.name }}{% trans ", powered by " %}{% endif %}{% trans "Appknox. Portions of this document and the templates used in its production are the property of " %}{% if whitelabel.enabled and whitelabel.name %}{{ whitelabel.name }}{% else %}{% trans "Appknox" %}{% endif %}{% trans " and cannot be copied without permission." %}</p><p>{% trans "While precautions have been taken in the preparation of this document, the publisher and the author(s) assume no responsibility for errors, omissions, or for damages resulting from the use of the information contained herein. Use of Appknox services does not guarantee the security of a system, or that intrusions will not occur." %}</p></div></section><section class="new-page"><div><h5 class="heading-container">{% trans "Application Details" %}</h5></div><div><table class="app-details"><tbody><tr><td>{% trans "Application Name" %}</td><td>{{file.name}}</td></tr><tr><td>{% trans "Platform" %}</td><td>{{file.project.get_platform_display}}</td></tr><tr><td>{% trans "Application Namespace" %}</td><td>{{file.project.package_name}}</td></tr><tr><td>{% trans "Version" %}</td><td>{{file.version}}</td></tr><tr><td>{% trans "Audit Date" %}</td><td>{{ date }}</td></tr><tr><td>{% trans "Application SHA1 Hash" %}</td><td>{{file.sha1hash}}</td></tr><tr><td>{% trans "Application MD5 Hash" %}</td><td>{{file.md5hash}}</td></tr></tbody></table></div></section><section class="new-page"><div><h3 class="heading-container">{% trans "Table of Contents" %}</h3></div><div><table class="content-table"><tbody><tr class="main-table-heading"><td><a href="#report-summary">{% trans "Report Summary" %}</a></td></tr><tr class="sub-table-heading"><td><a href="#audit-summary">{% trans "Audit Summary" %}</a></td></tr><tr class="sub-table-heading"><td><a href="#security-rating">{% trans "Appknox Security Rating" %}</a></td></tr>{% for analysis in file.sorted_analyses %}
{% if analysis.risk > RiskEnum.PASSED %}<tr class="main-table-heading"><td><a href="#{{ analysis.id }}">{{ analysis.vulnerability.name }}</a></td></tr>{% if analysis.vulnerability.non_compliant %}<tr class="sub-table-heading"><td><a href="#{{ analysis.id }}{{ forloop.counter }}non-compliant">{% trans "Noncompliant Code Example" %}</a></td></tr>{% endif %}
{% if analysis.vulnerability.compliant %}<tr class="sub-table-heading"><td><a href="#{{ analysis.id }}{{ forloop.counter }}compliant">{% trans "Compliant Solution" %}</a></td></tr>{% endif %}
{% if analysis.vulnerability.business_implication %}<tr class="sub-table-heading"><td><a href="#{{ analysis.id }}{{ forloop.counter }}business-implication">{% trans "Business Implication" %}</a></td></tr>{% endif %}
{% if analysis.vulnerability.related_to %}<tr class="sub-table-heading"><td><a href="#{{ analysis.id }}{{ forloop.counter }}related-to">{% trans "Related Vulnerabilities" %}</a></td></tr>{% endif %}
{% endif %}
{% endfor %}</tbody></table></div></section><section class="new-page"><div><a id="report-summary"></a><h3 class="heading-container">{% trans "Report Summary" %}</h3></div><div><p>{% if whitelabel.enabled and whitelabel.name %}{{ whitelabel.name }}{% trans ", powered by " %}{% endif %}{% trans "Appknox" %}{% if whitelabel.enabled and whitelabel.name %}{% trans "," %}{% endif %}{% trans " conducted a security assessment of the mobile application. This report contains all the findings during the automated auditing process. It also contains the process of discovering those vulnerabilities in the first place, and ways to remediate those issues." %}</p></div><section><div><a id="audit-summary"></a><h5 class="sub-heading-container">{% trans "Audit Summary" %}</h5></div><div><table class="audit-table">{% for analysis in file.sorted_analyses %}<tbody><tr><td><h5>{{ analysis.vulnerability.name }}
{% for type in analysis.vulnerability.get_types_display %}  <span class="scan-tag">{{type}}</span>{% endfor %}   </h5>{{ analysis.vulnerability.description | safe  }}</td><td class="risk-type-container"> <div class="cvss-text" style="color:{{ analysis.color }};"><h1>{{analysis.cvss_base}}</h1></div><h6 class="risk-type" style="background-color:{{ analysis.color }};color:#FFF;">{{ analysis.get_risk_display }} Risk</h6></td></tr></tbody>{% endfor %}</table></div></section><section class="new-page"><table class="audit-table sub-table"><tbody><tr><td>{% trans "Priority Level" %}</td><td>{% trans "Number of failed test cases" %}</td></tr><tr><td>{% trans "Critical Risk" %}</td><td>{{ file.risk_count_critical }}</td></tr><tr><td>{% trans "High Risk" %}</td><td>{{ file.risk_count_high }}</td></tr><tr><td>{% trans "Medium Risk" %}</td><td>{{ file.risk_count_medium }}</td></tr><tr><td>{% trans "Low Risk" %}</td><td>{{ file.risk_count_low }}</td></tr></tbody></table></section><section><div><a id="security-rating"></a><h5 class="sub-heading-container">{% trans "Appknox Security Rating" %}</h5></div><div><img width="316" height="75" src="{{ chart_url }}"/><p>{% trans "Appknox Security Rating:" %} {{ rating }}% {% trans "Unsecured" %}</p></div></section></section>{% for analysis in file.sorted_analyses %}
{% if analysis.risk > RiskEnum.PASSED %}<section class="new-page"><div><a id="{{ analysis.id }}"></a><h3 class="vulnerability-heading">{{ analysis.vulnerability.name }}</h3></div><section class="description"><div>{{ analysis.vulnerability.intro | safe }}</div><table><tbody><tr> <td><div><h5 class="risk-tag" style="background-color:{{ analysis.color }};color:#FFF;">{% trans "Risk Rating" %} : {{ analysis.get_risk_display }}</h5></div></td><td class="scan-container">{% for type in analysis.vulnerability.get_types_display %}  <span class="scan-tag">{{type}}</span>{% endfor %}          </td></tr></tbody></table></section><table><tbody><tr>{% if analysis.owasp_categories %}<td><div class="owasp-categories"><h3>{% trans "OWASP CATEGORY" %} <a href="#references"><span>&#8505;</span></a></h3><div class="owasp-list"> {% for metric in analysis.owasp_categories %}<div><span class="bold-test">{{ metric.code }}</span>: {{ metric.title }}</div>{% endfor %}    </div></div></td>{% endif %}          
{% if analysis.show_cvss %}<td><div class="cvss-container"><h3>{% trans "CVSS SCORE" %} </h3><div class="cvss-box tag" style="background-color:{{ analysis.color }};color:#FFF;"><h1>{{analysis.cvss_base}}</h1><h6>CVSSv3</h6></div></div></td><td><div class="cvss-vector"><h3>{% trans "CVSS VECTOR" %} </h3><ul>{% for metric in analysis.cvss_metrics_humanized %}<li>{{ metric.key }}: {{ metric.value }}</li>{% endfor %}</ul></div></td>{% endif %}</tr></tbody></table><section class="assessment"><div class="analysis-type"><h5>{% trans "Risk Assessment" %}</h5></div><div><p>{{ analysis.vulnerability.description | safe }}</p>{% for finding in analysis.findings %}
{% if finding.title %}<h2>{{ finding.title | escape }}</h2>{% endif %}<pre><code>{{ finding.description | escape }}</code></pre>{% endfor %}</div></section>{% if analysis.vulnerability.non_compliant %}<section class="non-compliant"><div class="analysis-type"><a id="{{ analysis.id }}{{ forloop.counter }}non-compliant"></a><h5>{% trans "Noncompliant Code Example" %}</h5></div><div>{{ analysis.vulnerability.non_compliant | safe }}</div></section>{% endif %}
{% if analysis.vulnerability.compliant %}<section class="compliant"><div class="analysis-type"><a id="{{ analysis.id }}{{ forloop.counter }}compliant"></a><h5>{% trans "Compliant Solution" %}</h5></div><div>{{ analysis.vulnerability.compliant | safe }}</div></section>{% endif %}
{% if analysis.vulnerability.business_implication %}<section class="implications"><div class="analysis-type"><a id="{{ analysis.id }}{{ forloop.counter }}business-implication"></a><h5>{% trans "Business Implication" %}</h5></div><div>{{ analysis.vulnerability.business_implication | safe }}</div></section>{% endif %}
{% if analysis.vulnerability.related_to %}<section class="related"><div class="analysis-type"><a id="{{ analysis.id }}{{ forloop.counter }}related-to"></a><h5>{% trans "Related Vulnerabilities" %}</h5></div><div>{{ analysis.vulnerability.related_to | safe }}</div></section>{% endif %}</section>{% endif %}
{% endfor %}<section class="new-page"><div class="references"><a id="references"></a><h3 class="heading-container">{% trans "References" %}</h3><ol><a target="_blank" href="https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10"><li>Mobile Top 10 OWASP Categories | 2016  </li></a><a target="_blank" href="https://www.owasp.org/index.php/Top_10_2013-Top_10"><li>Web Top 10 OWASP Categories | 2013</li></a></ol></div></section></body></html>