On this page:

Summary: this page describes the new features and bugs that have been fixed in the CAST Report Generator 1.7.x.

Content matrix

VersionSummary of contentComments
1.7.0
  • Chinese localization
  • New officially supported templates:
    • OWASP-2017-Top10 - Summary.docx

    • OWASP-2017-Top10 - Detailed.docx

    • OWASP-2013-Top10 - Summary.docx

    • OWASP-2013-Top10 - Detailed.docx

    • CWE - Top 25 - Summary.docx

    • CISQ - Top 22 - Summary.docx

  • New components for templates

Can be used with:

  • CAST-RESTAPI ≥ 1.7.x

New features

Chinese localization

This release provides the ability to select Chinese (Simplified, PRC) - i.e. zh_CN in the Settings menu:

Click to enlarge

When Chinese (Simplified, PRC) is selected, the following occurs:

  • Chinese (Simplified, PRC) will be used in the GUI and for log messages
  • The path to the templates will be changed to %LOCALAPPDATA%\CAST\ReportGenerator\<version>\Templates\zh_CN so that Chinese language specific templates are used instead of the default English language templates. Note that these templates have NOT been translated into Chinese, but the option is now available for manual translation.
  • The Report Generator will request all Assessment Model information in Chinese (Simplified, PRC), i.e. any reports that are generated will contain rule descriptions in Chinese (Simplified, PRC).

New officially supported templates

The following templates have been added to display OWASP, CWE and CISQ data:

  • OWASP-2017-Top10 - Summary.docx

  • OWASP-2017-Top10 - Detailed.docx

  • OWASP-2013-Top10 - Summary.docx

  • OWASP-2013-Top10 - Detailed.docx

  • CWE - Top 25 - Summary.docx

  • CISQ - Top 22 - Summary.docx

Note that these templates require that a snapshot has been generated when the Quality Standards Mapping is installed. See also CAST Report Generator - Templates and output options.

New components added for templates

LIST_RULES_VIOLATIONS_BOOKMARK

Available only when a Dashboard Service schema is configured for use. Available for Word templates only - provides the ability to fetch detailed information for a list of rules:

  • Block Name = LIST_RULES_VIOLATIONS_BOOKMARK
  • Options:
    • METRICS= List of metrics IDs (Business Criteria, Technical Criteria or Quality Rule) or quality standards tags separated by ‘|’.
    • COUNT=N where N indicates the top number of violations; by default 5 (-1 corresponds to all violations). All bookmarks from a violation are displayed.
    • CRITICAL=true only usable when selecting metrics by Business Criteria or Technical Criteria, you can add this option to force only critical rules to be included.

Note that:

  • The following is retrieved for each rule:
    • Rule name
    • Number of Violations
    • Rule description (like component RULE_NAME_DESCRIPTION)
    • For each violation of this rule:
      • Rule Name
      • Full Name of object in violation
      • Object type
      • For each bookmark :
        • File path containing the object
        • source code extract beginning 3 lines before the violation and ending 3 lines after
  • If there is no previous snapshot, status is not displayed.
  • To use the quality standard tags selection, the appropriate extension should be installed on the Dashboard Service schema where the Application resides.
  • When you select the metric id for a Business Criterion or Technical Criterion, all the rules belonging to this BC or TC are added for displaying violations.
  • Only rules that actually have results in the selected snapshot will be displayed in the resulting report (even if the rule is present in the Assessment Model).

QUALITY_RULE_VIOLATIONS_BOOKMARKS 

Available only when a Dashboard Service schema is configured for use. Available for Word templates only - provides the ability to fetch detailed information about a specific rule:

  • Block Name = QUALITY_RULE_VIOLATIONS_BOOKMARKS 
  • Options :
    • ID= The Id of the rule for which you want to display the list of violations. By default, ID=7788 (Avoid empty catch block)
    • COUNT=N where N indicates the top number of violations ; by default 5 (-1 corresponds to all violations). All bookmarks from a violation are displayed.

Note that:

  • The following is retrieved for the specified rule:
    • Rule name
    • Number of Violations
    • Rule descrption (like component RULE_NAME_DESCRIPTION)
    • For each violation of this rule:
      • Rule Name
      • Full Name of object in violation
      • Object type
      • For each bookmark :
        • File path containing the object
        • source code extract beginning 3 lines before the violation and ending 3 lines after
  • If there is no previous snapshot, status is not displayed.

Modifications to existing GENERIC_TABLE and GENERIC_GRAPH components

The components GENERIC_TABLE and GENERIC_GRAPH (introduced in v. 1.5.0 and 1.6.0) have been modified so that the METRICS parameter can now contain a Standard Tag Name, such as CWE or OWASP. Where this is the this case, the selected metrics will be those metrics that have results in the current snapshot tagged by this standard.

These values for parameters should only be used for an application where the extension "Standard Quality Rules" has been installed.

When the list of metrics are selected via a standard tag, violations or critical_violations give the same results as metrics and are not sorted by criticity, but by standard tag instead.

Resolved issues

The following bugs have been fixed in this release:

Internal IDCall IDDescriptionAffects Version
REPORTGEN-36713097Can't run report generator 1.6.1 on chinese and japanese OS1.6.x
REPORTGEN-365-On PowerPoint 2016, generate tables cannot be customized1.6.x