LogoLogo
  • AttackForge Support
  • Release Notes
    • 2025
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
  • Core & Enterprise
    • Getting Started
      • How It Works
      • Requesting A Project
      • Creating & Updating Projects
      • Invite User To Project
      • View Project Team
      • Project Scope
      • Project Workspace
      • Project Notes
      • Project Pages
      • Test Cases
      • Creating Vulnerabilities
      • Updating Vulnerabilities
      • Review & QA
      • Attack Chains
      • Reporting
      • Retesting & Remediation
      • Notifications
      • Custom Fields & Forms
      • Vulnerability SLAs
      • User Settings
      • Login Redirects
    • Modules
      • Dashboard
      • Analytics
      • Vulnerabilities
      • Projects
      • Scheduling
      • Portfolios
      • Groups
      • Attack Chains
      • Assets
      • Writeups
      • Test Suites
      • Report Templates
        • Overview
        • Tutorial
        • Tips & Tricks
        • Troubleshooting
        • Template - Report Templates
        • Template - Tags
        • Template - Options
        • Template - Functions
        • Template - Filters
        • Template - Styles
        • Template - Tables
        • Template - Charts
        • Template - Conditions
        • ReportGen CLI
        • ReportGen Library
      • Users
      • Administration
      • Flows
      • Self-Service RESTful API
        • GETTING STARTED
        • EXPORTING TO CSV
        • ADVANCED QUERY FILTER
        • ActivateUser
        • AddProjectMembershipAdministrators
        • AddTestcaseToTestsuite
        • AddTestcasesToTestsuite
        • AddUserToGroup
        • ApproveProjectRequestById
        • ArchivePortfolio
        • ArchiveProject
        • CancelProjectRetestRound
        • CloneProject
        • CompleteProjectRetestRound
        • CreateAssetInLibrary
        • CreateGroup
        • CreatePortfolio
        • CreateProject
        • CreateProjectNote
        • CreateProjectRequest
        • CreateProjectTestCase
        • CreateProjectWorkspaceNote
        • CreateRemediationNote
        • CreateScope
        • CreateTestcaseNote
        • CreateTestsuite
        • CreateUser
        • CreateUsers
        • CreateVulnerability
        • CreateVulnerabilityBulk
        • CreateVulnerabilityLibraryIssue
        • CreateVulnerabilityWithLibrary
        • DeactivateUser
        • DownloadProjectTestCaseFile
        • DownloadProjectTestCaseNoteFile
        • DownloadProjectTestCaseWorkspaceNoteFile
        • DownloadVulnerabilityEvidence
        • DownloadVulnerabilityLibraryFile
        • DownloadWorkspaceFile
        • GetApplicationAuditLogs
        • GetAssets
        • GetAssetsByGroup
        • GetAssetInLibrary
        • GetAssetsInLibrary
        • GetCustomFieldsConfig
        • GetFormConfig
        • GetGroup
        • GetGroups
        • GetMostCommonVulnerabilities
        • GetMostFailedTestcases
        • GetMostVulnerableAssets
        • GetPortfolio
        • GetPortfolios
        • GetPortfolioStream
        • GetProjectAuditLogs
        • GetProjectById
        • GetProjects
        • GetProjectsAndVulnerabilities
        • GetProjectsByGroup
        • GetProjectMembershipAdministrators
        • GetProjectNotes
        • GetProjectReport
        • GetProjectReportData
        • GetProjectRequests
        • GetProjectRequestById
        • GetProjectTestcasesById
        • GetProjectVulnerabilitiesById
        • GetProjectWorkspace
        • GetTestsuiteById
        • GetTestsuites
        • GetUserByEmail
        • GetUserById
        • GetUserByUsername
        • GetUserAuditLogs
        • GetUserGroups
        • GetUserLoginHistory
        • GetUserProjects
        • GetUsers
        • GetVulnerabilityById
        • GetVulnerabilities
        • GetVulnerabilitiesByAssetName
        • GetVulnerabilitiesByGroup
        • GetVulnerabilityLibraryIssues
        • GetVulnerabilityRevisionHistory
        • InviteUserToProject
        • InviteUsersToProjectTeam
        • RejectProjectRequestById
        • RegenerateAPIKey
        • RemoveProjectMembershipAdministrators
        • RemoveProjectTeamMembers
        • RequestNewProjectRetest
        • RestoreProject
        • SendEmail
        • SendDailyCommencementEmail
        • SendDailyCompletionEmail
        • UpdateAssetInLibrary
        • UpdateCustomFieldsConfig
        • UpdateExecSummaryNotes
        • UpdateFormConfig
        • UpdateGroup
        • UpdatePortfolio
        • UpdateProjectById
        • UpdateProjectMembershipAdministrators
        • UpdateProjectNote
        • UpdateProjectRequestById
        • UpdateProjectRetestRound
        • UpdateProjectWorkspaceNote
        • UpdateScope
        • UpdateTestcase
        • UpdateTestcaseOnTestsuite
        • UpdateTestsuite
        • UpdateUserAccessOnGroup
        • UpdateUserAccessOnProject
        • UpdateUser
        • UpdateVulnerabilityById
        • UpdateVulnerabilityLibraryIssue
        • UpdateVulnerabilitySLAs
        • UpdateVulnerabilityWithLibrary
        • UploadTestcaseFile
        • UploadVulnerabilityEvidence
        • UploadVulnerabilityLibraryFile
        • UploadWorkspaceFile
      • Self-Service Events API
        • GETTING STARTED
        • Project Created
        • Project Updated
        • Project Request Created
        • Project Request Updated
        • Project Retest Requested
        • Project Retest Completed
        • Project Retest Cancelled
        • Vulnerability Created
        • Vulnerability Updated
        • Vulnerability Evidence Created
        • Vulnerability Evidence Updated
        • Vulnerability Remediation Note Created
        • Vulnerability Remediation Note Updated
    • AFScript
    • Access Control Matrix
    • Raising Support Tickets
    • Security
  • Contact
Powered by GitBook

Check YouTube for more tutorials: https://youtube.com/@attackforge

On this page
  • IF Statements
  • IF AND Statements
  • IF OR Statements
  • IF ELSE Statements
  • Conditional Logic & Counting
  • Data Aggregation
  • Data Formatting
  • Assignments
  1. Core & Enterprise
  2. Modules
  3. Report Templates

Template - Conditions

PreviousTemplate - ChartsNextReportGen CLI

Last updated 10 months ago

UPDATED: Please head over to our new GitHub Support Site for help, examples, tips and tricks:

{#users.length>1}
There are multiple users
{/}

{#userName == "John"}
Hello John, welcome back
{/}

The first condition will render the section only if there are 2 or more users.

The second condition will render the section only if the userName is the string “John”.

It also handles the boolean operators AND &&, OR ||, +, -, the ternary operator a ? b : c, operator precedence with parenthesis (a && b) || c, and many other javascript features.

For example, it is possible to write the following template:

{#generalCondition}
{#cond1 || cond2}
Paragraph 1
{/}
{#cond2 && cond3}
Paragraph 2
{/}
{#cond4 ? users : usersWithAdminRights}
Paragraph 3
{/}
There are {users.length} users.
{/generalCondition}

IF Statements

You can create IF conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..."}

An example is included below to only print vulnerabilities in the report which have a critical priority:

{#vulnerabilities}
{#priority == "Critical"}
Critical Vulnerability: {title}
{/}{/}

IF AND Statements

You can create IF AND conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..." && ... == "..."}

An example is included below to only print vulnerabilities in the report which have a critical priority and title is SQL Injection:

{#vulnerabilities}
{#priority == "Critical" && title == "SQL Injection"}
Critical Vulnerability: SQL Injection
{/}{/}

IF OR Statements

You can create IF OR conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..." || ... == "..."}

An example is included below to only print vulnerabilities in the report which have a critical or high priority:

{#vulnerabilities}
{#priority == "Critical" || priority == "High"}
{priority} - {title}
{/}{/}

IF ELSE Statements

You can create IF ELSE conditions in your template by inserting a hashtag and immediately proceeding with the condition i.e. {#... == "..."} and then after the closing tag {/} you can insert your else statement {^...}...{/}

An example is included below to print each project note if they exist, or to indicate that no project notes were found:

{#projectNotes}
{note}
{/}
{^projectNotes}
No project notes found.
{/}

Using the example above, the report will either print the details for each project note; or it will print No project notes found.

Conditional Logic & Counting

For example, lets say you want to

  • count every vulnerability instance (affected asset);

  • count every vulnerability instance (affected asset) which is Open/Not Fixed AND Not Informational

  • count every vulnerability instance (affected asset) which is Ready For Retest AND Not Informational

  • count every vulnerability instance (affected asset) which is Closed/Fixed AND Not Informational

You can achieve this using the following:

{$declare[TotalVulnerabilities][0]}
{$declare[TotalFixedVulnsExInfo][0]}
{$declare[TotalRetestVulnsExInfo][0]}
{$declare[TotalNotFixedVulnsExInfo][0]}
{#vulnerabilities}
{#affected_assets}
{$increment[TotalVulnerabilities][1]}
{#remediation_status | includes:[“Open”]}
{#priority !== “Info”}
{$increment[TotalNotFixedVulnsExInfo][1]}
{/}{/}
{#remediation_status | includes:[“Ready for Retest”]}
{#priority !== “Info”}
{$increment[TotalRetestVulnsExInfo][1]}{/}{/}
{#remediation_status | includes:[“Closed”]}
{#priority !== “Info”}
{$increment[TotalFixedVulnsExInfo][1]}{/}{/}
{/affected_assets}
{/vulnerabilities}

Total Vulnerabilities for All Affected Assets:
{$value[TotalVulnerabilities]}

Total Open/Not Fixed Vulnerabilities which are Not Informational:
{$value[TotalNotFixedVulnsExInfo]}

Total Vulnerabilities for All Affected Assets:
{$value[TotalRetestVulnsExInfo]}

Total Vulnerabilities for All Affected Assets:
{$value[TotalFixedVulnsExInfo]}

The logic above works as follows:

  • Declare dynamic variables that we will use as counters e.g. {$declare..}

  • Loop through every vulnerability

  • Loop through every instance (affected asset) for every vulnerability

  • Increment the counter for total vulnerabilities by 1

  • Check if remediation status for the affected asset includes 'Open' and check if the priority is not "Info" - if condition is met, increment the counter for total Open/Not Fixed Not-Info vulnerabilities by 1

  • Check if remediation status for the affected asset includes 'Ready for Retest' and check if the priority is not "Info" - if condition is met, increment the counter for total Ready for Retest Not-Info vulnerabilities by 1

  • Check if remediation status for the affected asset includes 'Closed' and check if the priority is not "Info" - if condition is met, increment the counter for total Closed/Fixed Not-Info vulnerabilities by 1

  • Print the values of the counters

Data Aggregation

If your data is the following:

{
    "items": [
        {
            "name": "Acme Computer",
            "price": 1000,
        },
        {
            "name": "Mouse & Keyboard",
            "price": 150,
        }
    ],
}

And you would like to show the total price, you can use:

{#items}
{name} for a price of {price} €
{/}
Total Price of your purchase : {items | sumby:'price'}€

Data Formatting

This example is to format numbers in the format: “150.00” (2 digits of precision):

{
    "items": [
        {
            "name": "Acme Computer",
            "price": 1000,
        },
        {
            "name": "Mouse & Keyboard",
            "price": 150,
        }
    ],
}

And you would like to show the price with two digits of precision, you can write in your template :

{#items}
{name} for a price of {price | toFixed:2} €
{/}

Assignments

It is possible to assign a value to a variable directly from your template. For example, in your template, write:

{full_name = first_name + last_name}

The problem with this expression is that it will return the value of full_name. There are two ways to fix this issue, either if you still would like to keep this as the default behaviour, add ; ‘’ after your expression, for example

{full_name = first_name + last_name; ''}

This will first execute the expression, and then execute the second statement which is an empty string, and return it.

An other approach is to automatically silence the return values of expression containing variable assignments.

You can combine conditions with and to create powerful logic conditions in your reports.

https://github.com/AttackForge/ReportGen
Filters
Functions