How to register a new template with risu about risu HOT 4 CLOSED

You can put the template in ~/.risu/templates and it will be loaded automatically. Templates are validated against a template and if they are not correct they are not loaded. Saves some trouble shooting issues.

Also take a look at template.rb in /usr/local/rvm/gems/ruby-1.9.2-p290/gems/risu-1.4.8/lib/risu/templates for an example of the template format. Its a lot like a metasploit module if you have seen those.

from risu.

Wow, that was somewhat painful. I see you changed the template format rather dramatically, especially the table output. I finally got my template "converted" to the new format and there are quite a few changes to account for.

But I still have a couple of items:

• table output column widths are not working. Used to be

  header_widths = {0 => 75, 1 => 125}
  :column_widths = header_widths

But the table procedure does not recognize column_widths and my columns widths are formatted way wrong.

• I used to use Item.critical_risks.count and this seems to be missing. CVSS defines critical as a score of 10 and high as 7-9. Can I get this back so I can continue to report risks as I did last audit?

from risu.

The table stuff is related to Prawn the PDF generator used, Just something that happen to change while updating risu.

This is an example of using table widths

def top_10_table(output)
    headers = ["Description", "Count"]
    header_widths = {0 => (output.bounds.width - 50), 1 => 50}

    data = top_10_sorted

    output.table([headers] + data[0..9], :header => true, :column_widths => header_widths, :width => output.bounds.width) do
        row(0).style(:font_style => :bold, :background_color => 'cccccc')
        cells.borders = [:top, :bottom, :left, :right]
    end                 
end

Item.critical_risks was incorrect. Nessus has High/Medium/Low/Info findings, Risu was fixed to be correct.

Item.critical_risks should be Item.high_risks.count now.

You can you the CVSS score of 10 to have something critical if you want but it is still a high finding from the Nessus standpoint.

1.4.9 adds a whole top 10 api for putting into reports. Not sure when I will have that done. Having a baby has cut my time down a lot.

from risu.

Thanks for the clarification. I will look at this and let you know if there are other items I need.

I still think that maybe the Critical will be wanted by my boss and the customer but I will go with high/med/low/info for now to match with Nessus. This ensures there is no compatibility issue between Nessus and the report which got me last audit and made us look bad when we found the bug in nessusdb and had to reclassify the finding categories.

Congrats on the baby; I have been there and understand.

from risu.