Template - Conditions

UPDATED: Please head over to our new GitHub Support Site for help, examples, tips and tricks: https://github.com/AttackForge/ReportGen

{#users.length>1}
There are multiple users
{/}

{#userName == "John"}
Hello John, welcome back
{/}

The first condition will render the section only if there are 2 or more users.

The second condition will render the section only if the userName is the string “John”.

It also handles the boolean operators AND &&, OR ||, +, -, the ternary operator a ? b : c, operator precedence with parenthesis (a && b) || c, and many other javascript features.

For example, it is possible to write the following template:

{#generalCondition}
{#cond1 || cond2}
Paragraph 1
{/}
{#cond2 && cond3}
Paragraph 2
{/}
{#cond4 ? users : usersWithAdminRights}
Paragraph 3
{/}
There are {users.length} users.
{/generalCondition}

IF Statements

You can create IF conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..."}

An example is included below to only print vulnerabilities in the report which have a critical priority:

{#vulnerabilities}
{#priority == "Critical"}
Critical Vulnerability: {title}
{/}{/}

IF AND Statements

You can create IF AND conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..." && ... == "..."}

An example is included below to only print vulnerabilities in the report which have a critical priority and title is SQL Injection:

{#vulnerabilities}
{#priority == "Critical" && title == "SQL Injection"}
Critical Vulnerability: SQL Injection
{/}{/}

IF OR Statements

You can create IF OR conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..." || ... == "..."}

An example is included below to only print vulnerabilities in the report which have a critical or high priority:

{#vulnerabilities}
{#priority == "Critical" || priority == "High"}
{priority} - {title}
{/}{/}

IF ELSE Statements

You can create IF ELSE conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..."} and then after the closing tag {/} you can insert your else statement {^...}...{/}

An example is included below to print each project note if they exist, or to indicate that no project notes were found:

{#projectNotes}
{note}
{/}
{^projectNotes}
No project notes found.
{/}

Using the example above, the report will either print the details for each project note; or it will print No project notes found.

Conditional Logic & Counting

You can combine conditions with Filters and Functions to create powerful logic conditions in your reports.

For example, lets say you want to

  • count every vulnerability instance (affected asset);

  • count every vulnerability instance (affected asset) which is Open/Not Fixed AND Not Informational

  • count every vulnerability instance (affected asset) which is Ready For Retest AND Not Informational

  • count every vulnerability instance (affected asset) which is Closed/Fixed AND Not Informational

You can achieve this using the following:

{$declare[TotalVulnerabilities][0]}
{$declare[TotalFixedVulnsExInfo][0]}
{$declare[TotalRetestVulnsExInfo][0]}
{$declare[TotalNotFixedVulnsExInfo][0]}
{#vulnerabilities}
{#affected_assets}
{$increment[TotalVulnerabilities][1]}
{#remediation_status | includes:[“Open”]}
{#priority !== “Info”}
{$increment[TotalNotFixedVulnsExInfo][1]}
{/}{/}
{#remediation_status | includes:[“Ready for Retest”]}
{#priority !== “Info”}
{$increment[TotalRetestVulnsExInfo][1]}{/}{/}
{#remediation_status | includes:[“Closed”]}
{#priority !== “Info”}
{$increment[TotalFixedVulnsExInfo][1]}{/}{/}
{/affected_assets}
{/vulnerabilities}

Total Vulnerabilities for All Affected Assets:
{$value[TotalVulnerabilities]}

Total Open/Not Fixed Vulnerabilities which are Not Informational:
{$value[TotalNotFixedVulnsExInfo]}

Total Vulnerabilities for All Affected Assets:
{$value[TotalRetestVulnsExInfo]}

Total Vulnerabilities for All Affected Assets:
{$value[TotalFixedVulnsExInfo]}

The logic above works as follows:

  • Declare dynamic variables that we will use as counters e.g. {$declare..}

  • Loop through every vulnerability

  • Loop through every instance (affected asset) for every vulnerability

  • Increment the counter for total vulnerabilities by 1

  • Check if remediation status for the affected asset includes 'Open' and check if the priority is not "Info" - if condition is met, increment the counter for total Open/Not Fixed Not-Info vulnerabilities by 1

  • Check if remediation status for the affected asset includes 'Ready for Retest' and check if the priority is not "Info" - if condition is met, increment the counter for total Ready for Retest Not-Info vulnerabilities by 1

  • Check if remediation status for the affected asset includes 'Closed' and check if the priority is not "Info" - if condition is met, increment the counter for total Closed/Fixed Not-Info vulnerabilities by 1

  • Print the values of the counters

Data Aggregation

If your data is the following:

{
    "items": [
        {
            "name": "Acme Computer",
            "price": 1000,
        },
        {
            "name": "Mouse & Keyboard",
            "price": 150,
        }
    ],
}

And you would like to show the total price, you can use:

{#items}
{name} for a price of {price} €
{/}
Total Price of your purchase : {items | sumby:'price'}€

Data Formatting

This example is to format numbers in the format: “150.00” (2 digits of precision):

{
    "items": [
        {
            "name": "Acme Computer",
            "price": 1000,
        },
        {
            "name": "Mouse & Keyboard",
            "price": 150,
        }
    ],
}

And you would like to show the price with two digits of precision, you can write in your template :

{#items}
{name} for a price of {price | toFixed:2} €
{/}

Assignments

It is possible to assign a value to a variable directly from your template. For example, in your template, write:

{full_name = first_name + last_name}

The problem with this expression is that it will return the value of full_name. There are two ways to fix this issue, either if you still would like to keep this as the default behaviour, add ; ‘’ after your expression, for example

{full_name = first_name + last_name; ''}

This will first execute the expression, and then execute the second statement which is an empty string, and return it.

An other approach is to automatically silence the return values of expression containing variable assignments.

Last updated

Check YouTube for more tutorials: https://youtube.com/@attackforge