On this page:

Content matrix
New features
- Chinese localization
- New officially supported templates
New components added for templates
Resolved issues

Summary: this page describes the new features and bugs that have been fixed in the CAST Report Generator 1.7.x.

Content matrix

Version	Summary of content	Comments
1.7.0	Chinese localization New officially supported templates: OWASP-2017-Top10 - Summary.docx OWASP-2017-Top10 - Detailed.docx OWASP-2013-Top10 - Summary.docx OWASP-2013-Top10 - Detailed.docx CWE - Top 25 - Summary.docx CISQ - Top 22 - Summary.docx New components for templates	Can be used with: CAST-RESTAPI ≥ 1.7.x

New features

Chinese localization

This release provides the ability to select Chinese (Simplified, PRC) - i.e. zh_CN in the Settings menu:

Click to enlarge

When Chinese (Simplified, PRC) is selected, the following occurs:

Chinese (Simplified, PRC) will be used in the GUI and for log messages
The path to the templates will be changed to %LOCALAPPDATA%\CAST\ReportGenerator\<version>\Templates\zh_CN so that Chinese language specific templates are used instead of the default English language templates. Note that these templates have NOT been translated into Chinese, but the option is now available for manual translation.
The Report Generator will request all Assessment Model information in Chinese (Simplified, PRC), i.e. any reports that are generated will contain rule descriptions in Chinese (Simplified, PRC).

New officially supported templates

The following templates have been added to display OWASP, CWE and CISQ data:

OWASP-2017-Top10 - Summary.docx
OWASP-2017-Top10 - Detailed.docx
OWASP-2013-Top10 - Summary.docx
OWASP-2013-Top10 - Detailed.docx
CWE - Top 25 - Summary.docx
CISQ - Top 22 - Summary.docx

Note that these templates require that a snapshot has been generated when the Quality Standards Mapping is installed. See also CAST Report Generator - Templates and output options.

New components added for templates

LIST_RULES_VIOLATIONS_BOOKMARK

Available only when a Dashboard Service schema is configured for use. Available for Word templates only - provides the ability to fetch detailed information for a list of rules:

Block Name = LIST_RULES_VIOLATIONS_BOOKMARK
Options:
- METRICS= List of metrics IDs (Business Criteria, Technical Criteria or Quality Rule) or quality standards tags separated by ‘|’.
- COUNT=N where N indicates the top number of violations; by default 5 (-1 corresponds to all violations). All bookmarks from a violation are displayed.
- CRITICAL=true only usable when selecting metrics by Business Criteria or Technical Criteria, you can add this option to force only critical rules to be included.

Note that:

The following is retrieved for each rule:
- Rule name
- Number of Violations
- Rule description (like component RULE_NAME_DESCRIPTION)
- For each violation of this rule:
  - Rule Name
  - Full Name of object in violation
  - Object type
  - For each bookmark :
    - File path containing the object
    - source code extract beginning 3 lines before the violation and ending 3 lines after
If there is no previous snapshot, status is not displayed.
To use the quality standard tags selection, the appropriate extension should be installed on the Dashboard Service schema where the Application resides.
When you select the metric id for a Business Criterion or Technical Criterion, all the rules belonging to this BC or TC are added for displaying violations.
Only rules that actually have results in the selected snapshot will be displayed in the resulting report (even if the rule is present in the Assessment Model).

QUALITY_RULE_VIOLATIONS_BOOKMARKS

Available only when a Dashboard Service schema is configured for use. Available for Word templates only - provides the ability to fetch detailed information about a specific rule:

Block Name = QUALITY_RULE_VIOLATIONS_BOOKMARKS
Options :
- ID= The Id of the rule for which you want to display the list of violations. By default, ID=7788 (Avoid empty catch block)
- COUNT=N where N indicates the top number of violations ; by default 5 (-1 corresponds to all violations). All bookmarks from a violation are displayed.

Note that:

The following is retrieved for the specified rule:
- Rule name
- Number of Violations
- Rule descrption (like component RULE_NAME_DESCRIPTION)
- For each violation of this rule:
  - Rule Name
  - Full Name of object in violation
  - Object type
  - For each bookmark :
    - File path containing the object
    - source code extract beginning 3 lines before the violation and ending 3 lines after
If there is no previous snapshot, status is not displayed.

Modifications to existing GENERIC_TABLE and GENERIC_GRAPH components

The components GENERIC_TABLE and GENERIC_GRAPH (introduced in v. 1.5.0 and 1.6.0) have been modified so that the METRICS parameter can now contain a Standard Tag Name, such as CWE or OWASP. Where this is the this case, the selected metrics will be those metrics that have results in the current snapshot tagged by this standard.

These values for parameters should only be used for an application where the extension "Standard Quality Rules" has been installed.

When the list of metrics are selected via a standard tag, violations or critical_violations give the same results as metrics and are not sorted by criticity, but by standard tag instead.

Resolved issues

The following bugs have been fixed in this release:

Internal ID	Call ID	Description	Affects Version
REPORTGEN-367	13097	Can't run report generator 1.6.1 on chinese and japanese OS	1.6.x
REPORTGEN-365	-	On PowerPoint 2016, generate tables cannot be customized	1.6.x

CAST Report Generator - Release Notes - 1.7.x