{% load i18n %} {% with icon_done="data:image/svg+xml;base64,PHN2ZyBjbGFzcz0iY2hlY2ttYXJrIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA1MiA1MiI+CjxjaXJjbGUgY3g9IjI2IiBjeT0iMjYiIHI9IjI1IiBmaWxsPSIjN2FjMTQyIi8+CjxwYXRoIGZpbGw9IiNmZmYiIGQ9Ik0xMSAyNiBsNCAtNCBsOCA4IGwxNSAtMTUgbDQgNCBsLTE5IDE5Ii8+Cjwvc3ZnPg==" icon_not_done="data:image/svg+xml;base64,PHN2ZyBjbGFzcz0iY2hlY2ttYXJrIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA1MiA1MiI+CjxjaXJjbGUgY3g9IjI2IiBjeT0iMjYiIHI9IjI1IiBmaWxsPSIjZjAwIi8+CjxwYXRoIGZpbGw9IiNmZmYiIGQ9Ik0yMiAyNiBsLTEwIC0xMCBsNCAtNCBsMTAgMTAgbDEwIC0xMCBsNCA0IGwtMTAgMTAgbDEwIDEwIGwtNCA0IGwtMTAgLTEwIGwtMTAgMTAgbC00IC00Ii8+Cjwvc3ZnPg==" edit_icon="data:image/svg+xml,%3Csvg width='19' height='19' viewBox='0 0 19 19' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cg clip-path='url(%23clip0_19894_54825)'%3E%3Cpath d='M11.5063 5.62578L10.75 4.86953C10.2625 4.38203 9.46875 4.38203 8.98125 4.86953L7.30625 6.54453L1.875 11.9758V14.5008H4.4L9.8625 9.03828L11.5063 7.39453C12 6.90703 12 6.11328 11.5063 5.62578ZM3.88125 13.2508H3.125V12.4945L8.5375 7.08203L9.29375 7.83828L3.88125 13.2508ZM6.875 14.5008L9.375 12.0008H13.125V14.5008H6.875Z' fill='%23171717'/%3E%3C/g%3E%3Cdefs%3E%3CclipPath id='clip0_19894_54825'%3E%3Crect width='15' height='15' fill='white' transform='translate(0 2)'/%3E%3C/clipPath%3E%3C/defs%3E%3C/svg%3E%0A" analysis_edit_icon="data:image/svg+xml,%3Csvg width='15' height='14' viewBox='0 0 15 14' fill='none' xmlns='http://www.w3.org/2000/svg'%3E%3Cpath d='M8.66671 12.2507V10.4569L11.8896 7.24857C11.9771 7.16107 12.0743 7.09787 12.1813 7.05898C12.2882 7.0201 12.3952 7.00065 12.5021 7.00065C12.6188 7.00065 12.7306 7.02253 12.8375 7.06628C12.9445 7.11003 13.0417 7.17565 13.1292 7.26315L13.6688 7.80273C13.7466 7.89023 13.8073 7.98746 13.8511 8.0944C13.8948 8.20135 13.9167 8.30829 13.9167 8.41523C13.9167 8.52218 13.8973 8.63155 13.8584 8.74336C13.8195 8.85517 13.7563 8.95482 13.6688 9.04232L10.4605 12.2507H8.66671ZM2.83337 11.6673V10.034C2.83337 9.70343 2.91844 9.39961 3.08858 9.12253C3.25872 8.84544 3.48476 8.63398 3.76671 8.48815C4.36949 8.18676 4.98199 7.96072 5.60421 7.81003C6.22643 7.65933 6.85837 7.58398 7.50004 7.58398C7.85976 7.58398 8.21462 7.60586 8.56462 7.64961C8.91462 7.69336 9.26462 7.76385 9.61462 7.86107L7.50004 9.97565V11.6673H2.83337ZM12.5021 8.98398L13.0417 8.41523L12.5021 7.87565L11.948 8.42982L12.5021 8.98398ZM7.50004 7.00065C6.85837 7.00065 6.30907 6.77218 5.85212 6.31523C5.39518 5.85829 5.16671 5.30898 5.16671 4.66732C5.16671 4.02565 5.39518 3.47635 5.85212 3.0194C6.30907 2.56246 6.85837 2.33398 7.50004 2.33398C8.14171 2.33398 8.69101 2.56246 9.14796 3.0194C9.6049 3.47635 9.83337 4.02565 9.83337 4.66732C9.83337 5.30898 9.6049 5.85829 9.14796 6.31523C8.69101 6.77218 8.14171 7.00065 7.50004 7.00065Z' fill='white'/%3E%3C/svg%3E" %} Appknox Report

{% trans "App Security Report" %}

{% trans "For Internal Purpose" %}
{% if report.prepared_for.logo != '' %} {% else %}

{{ report.prepared_for.name }}

{% endif %}
{{ report.application.name }}
{{ report.package_name }} {{ report.platform.name }}
{{ report.application.version }}
{% if not report.prepared_by.hide and not report.powered_by.hide %} {% elif not report.prepared_by.hide and report.powered_by.hide %} {% elif report.prepared_by.hide and not report.powered_by.hide %} {% endif %}
{% trans "Prepared by" %}
{% if report.prepared_by.logo != '' %} {% else %}

{{ report.prepared_by.name }}

{% endif %}
{% trans "Powered by" %}
{% if report.powered_by.logo != '' %} {% else %}

{{ report.powered_by.name }}

{% endif %}
{% trans "Prepared by" %}
{% if report.prepared_by.logo != '' %} {% else %}

{{ report.prepared_by.name }}

{% endif %}
{% trans "Powered by" %}
{% if report.powered_by.logo != '' %} {% else %}

{{ report.powered_by.name }}

{% endif %}
{% if report.show_copyright %}

{% trans "Portions of this document and the templates used in its production are the property of Appknox" %}{% if report.is_partnered and not report.powered_by.hide %}{% trans " and " %}{{ report.prepared_by.name }}{% trans "," %}{% endif %}{% trans " and cannot be copied without permission." %}

{% endif %}

{% trans "While precautions have been taken in the preparation of this document, the publisher and the author(s) assume no responsibility for errors, omissions, or for damages resulting from the use of the information contained herein. Use of " %}{% if report.show_copyright %}{% trans "Appknox" %}{% if report.is_partnered and not report.powered_by.hide %}{% trans " and " %}{{ report.prepared_by.name }}{% trans "," %}{% endif %}{% endif %}{% trans " services does not guarantee the security of a system, or that intrusions will not occur." %}

{% trans "Application Details" %}

{% trans "Application Name" %} {{ report.application.name }} {% for meta_name in report.custom_meta_names %}
{{ meta_name }}{% endfor %}
{% trans "Platform" %} {{ report.platform.name }}
{% trans "Application Namespace" %} {{ report.package_name }}
{% trans "Version" %} {{ report.application.version }}
{% trans "Version Code" %} {{ report.application.version_code }}
{% trans "Application SHA1 Hash" %} {{ report.application.sha1 }}
{% trans "Application MD5 Hash" %} {{ report.application.md5 }}

{% trans "Audit Details" %}

{% if report.appknox_file_id %} {% endif %}
{% trans "File ID" %} {{ report.appknox_file_id }}
{% trans "Audit Date" %} {{ report.created_on }}
{% trans "Scan Status" %} {% for assessment_type in report.assessment_types %} {% if assessment_type.can_include %} {% if assessment_type.is_done %} {% else %} {% endif %} {{ assessment_type.display }} {% endif %} {% endfor %}
{% trans "Scans included in the Report" %}
    {% for assessment_type in report.assessment_types %} {% if assessment_type.is_included %}
  • {{ assessment_type.display }}
    • {% endif %} {% endfor %}

{% trans "Table of Contents" %}

{% for analysis in report.viewable_analyses %} {% if analysis.risk.computed_value > 0 %} {% if analysis.incorrect_implementation.html %} {% endif %} {% if analysis.correct_implementation.html %} {% endif %} {% if analysis.business_implication.html %} {% endif %} {% if analysis.vulnerability_references.html %} {% endif %} {% endif %} {% endfor %}

{% trans "Report Summary" %}

{% trans "Audit Summary" %}
{% if report.show_copyright %}{% trans "Appknox " %}{% endif %}{% trans "Security Rating" %}

{{ analysis.title.html }}

{% trans "Noncompliant Code Example" %}
{% trans "Compliant Solution" %}
{% trans "Business Implication" %}
{% trans "Related Vulnerabilities" %}

{% trans "Report Summary" %}

{% if report.show_copyright %}{% if report.is_partnered and not report.powered_by.hide %}{{ report.prepared_by.name }}{% trans ", powered by " %}{% endif %}{% trans "Appknox" %}{% if report.is_partnered and not report.powered_by.hide %}{% trans "," %}{% endif %}{% trans " conducted a security assessment of the mobile application. " %}{% endif %}{% trans "This report is generated based on the findings during the automated" %}{% if report.is_manual_scan_included %}{% trans " and manual" %}{% endif %}{% trans " auditing process. It also contains the process of discovering those vulnerabilities in the first place, and ways to remediate those issues." %}

{% trans "Audit Summary" %}

{% for analysis in report.viewable_analyses %} {% endfor %}
{{ analysis.title.html | safe }}
{% for tag in analysis.tags %} {{ tag.val }} {% endfor %}
{% if analysis.risk.computed_value == -1 %}

{{ analysis.question.html | safe }}

{% elif analysis.risk.computed_value == 0 %}

{{ analysis.success_message.html | safe }}
{% if analysis.risk.is_overridden and analysis.risk.value > 0 %}
{% trans "Note:" %} {% trans "This vulnerability was manually overridden to Passed" %} {% if analysis.risk.overridden_by %} {% trans "by" %} {{ analysis.risk.overridden_by }} {% trans "on" %} {{ analysis.risk.overridden_date }}.{% endif %} {% trans "This override is applied" %} {% if analysis.risk.overridden_criteria == "all_future_upload" %} {% trans "to the current and all future uploads." %} {% else %} {% trans "only to the current file." %} {% endif %}
Reason: {{ analysis.risk.override_comment | escape }}
{% endif %}

{% else %}

{{ analysis.desc.html | safe }}

{% endif %} 		{% if analysis.risk.computed_value > 0 %}
{{ analysis.cvss_v3.base_score }}
{% endif %}
{% trans "Priority Level" %} {% trans "Number of failed test cases" %}
{% trans "Critical Risk" %} {{ report.critical_count }}
{% trans "High Risk" %} {{ report.high_count }}
{% trans "Medium Risk" %} {{ report.medium_count }}
{% trans "Low Risk" %} {{ report.low_count }}

{% if report.show_copyright %}{% trans "Appknox " %}{% endif %}{% trans "Security Rating" %}

{% if report.svg_chart %} {% endif %}
  • {% trans "Critical" %}
    {{ report.critical_percent }}%
  • {% trans "High" %}
    {{ report.high_percent }}%
  • {% trans "Medium" %}
    {{ report.medium_percent }}%
  • {% trans "Low" %}
    {{ report.low_percent }}%
  • {% trans "Passed" %}
    {{ report.passed_percent }}%
    {% if report.passed_overridden_count %} {% endif %}
    • {% if report.hide_untested_analyses %}
  • {% trans "Untested" %}
    {{ report.untested_percent }}%
    • {% endif %}

{% if report.show_copyright %}{% trans "Appknox " %}{% endif %}{% trans "Security Rating" %} -  {{ report.rating }} {% trans "Unsecured" %}

{% if report.passed_overridden_count %}

Out of all the Passed vulnerabilities, {{ report.passed_overridden_count }} have been manually overridden to ‘Passed’.

{% endif %}
{% for analysis in report.viewable_analyses %} {% if analysis.risk.computed_value > 0 %}

{{ analysis.title.html | safe }}

{{ analysis.intro.html | safe }}

{% trans "Risk Rating" %}

{% trans "Scan Type" %}

{% for tag in analysis.tags %} {% endfor %}
{% if analysis.risk.is_overridden %}
{% trans "This risk has been overridden from" %} {{ analysis.risk.value_label }} {% trans "to" %} {{ analysis.risk.computed_value_label }} {% if analysis.risk.overridden_by %} {% trans "by" %} {% trans analysis.risk.overridden_by %}. on {% trans analysis.risk.overridden_date %} {% endif %}
{% if analysis.risk.override_comment %} {% trans "The reason is:" %} "{{ analysis.risk.override_comment }}"{% endif %}
{% endif %}

{% trans "CVSS" %}

{% trans "Version 3.0 Base Score" %}

{{ analysis.cvss_v3.base_score }}

 {% trans "Attack vector" %}: {{ analysis.cvss_v3.attack_vector }} {% trans "Attack complexity" %}: {{ analysis.cvss_v3.attack_complexity }}
{% trans "Privileges required" %}: {{ analysis.cvss_v3.privileges_required }} {% trans "User Interaction" %}: {{ analysis.cvss_v3.user_interaction }}
{% trans "Scope" %}: {{ analysis.cvss_v3.scope }} {% trans "Confidentiality Impact" %}: {{ analysis.cvss_v3.confidentiality_impact }}
{% trans "Integrity Impact" %}: {{ analysis.cvss_v3.integrity_impact }} {% trans "Availability Impact" %}: {{ analysis.cvss_v3.availability_impact }}
{% if analysis.regulatory.owasp or analysis.regulatory.cwe or analysis.regulatory.mstg or analysis.regulatory.masvs or analysis.regulatory.owaspapi2023 or analysis.regulatory.owaspmobile2024 or analysis.regulatory.asvs or analysis.regulatory.pcidss or analysis.regulatory.hipaa or analysis.regulatory.gdpr or analysis.regulatory.nistsp80053 or analysis.regulatory.nistsp800171 or analysis.regulatory.sama %}

{% trans "Regulatory" %}

{% if analysis.regulatory.owasp %}
{% trans "OWASP" %}
{% for owasp in analysis.regulatory.owasp %} {% endfor %}
{{ owasp.code }} {{ owasp.title }}
{% endif %}
{% if analysis.regulatory.owaspmobile2024 %}
{% trans "OWASP Mobile Top 10 (2024)" %}
{% for owaspmobile2024 in analysis.regulatory.owaspmobile2024 %} {% endfor %}
{{ owaspmobile2024.code }} {{ owaspmobile2024.title }}
{% endif %}
{% if analysis.regulatory.cwe %}
{% trans "CWE" %}
{% for cwe in analysis.regulatory.cwe %} {% endfor %}
{{ cwe.code }} {{ cwe.url }}
{% endif %}
{% if analysis.regulatory.mstg %}
{% trans "MSTG" %}
{% for mstg in analysis.regulatory.mstg %} {% endfor %}
{{ mstg.code }} {{ mstg.title }}
{% endif %}
{% if analysis.regulatory.masvs %}
{% trans "OWASP MASVS (v2)" %}
{% for masvs in analysis.regulatory.masvs %} {% endfor %}
{{ masvs.code }} {{ masvs.title }}
{% endif %}
{% if analysis.regulatory.owaspapi2023 %}
{% trans "OWASP API 2023" %}
{% for owaspapi2023 in analysis.regulatory.owaspapi2023 %} {% endfor %}
{{ owaspapi2023.code }} {{ owaspapi2023.title }}
{% endif %}
{% if analysis.regulatory.asvs %}
{% trans "ASVS" %}
{% for asvs in analysis.regulatory.asvs %} {% endfor %}
{{ asvs.code }} {{ asvs.title }}
{% endif %}
{% if analysis.regulatory.pcidss %}
{% trans "PCI-DSS" %}
{% for pcidss in analysis.regulatory.pcidss %} {% endfor %}
{{ pcidss.code }}
{{ pcidss.title }}
{{ pcidss.description }}
{% endif %}
{% if analysis.regulatory.hipaa %}
{% trans "HIPAA" %}
{% for hipaa in analysis.regulatory.hipaa %} {% endfor %}
{{ hipaa.code }}
{{ hipaa.safeguard }}: {{ hipaa.title }}
    {% for std in hipaa.standards %}
  • {{ std.title }} ({{ std.specifications }})
    {{ std.description }}
    • {% endfor %}
{% endif %}
{% if analysis.regulatory.gdpr %}
{% trans "GDPR" %}
{% for gdpr in analysis.regulatory.gdpr %} {% endfor %}
{{ gdpr.code }} {{ gdpr.title }}
{% endif %}
{% if analysis.regulatory.nistsp80053 %}
{% trans "NIST SP 800-53" %}
{% for nistsp80053 in analysis.regulatory.nistsp80053 %} {% endfor %}
{{ nistsp80053.code }} {{ nistsp80053.title }}
{% endif %}
{% if analysis.regulatory.nistsp800171 %}
{% trans "NIST SP 800-171" %}
{% for nistsp800171 in analysis.regulatory.nistsp800171 %} {% endfor %}
{{ nistsp800171.code }} {{ nistsp800171.title }}
{% endif %}
{% if analysis.regulatory.sama %}
{% trans "SAMA" %}
{% for sama in analysis.regulatory.sama %} {% endfor %}
{{ sama.code }}
{{ sama.title }}
{{ sama.description }}
{% endif %}
{% endif %}

{% trans "Risk Assessment" %}

{{ analysis.desc.html | safe }}

{% for finding in analysis.findings %} {% if finding.title.html %}
{{ finding.title.html | escape }}
{% endif %} 
{{ finding.description.html | escape }}
{% endfor %}
{% if analysis.attachments %}
{% for attachment in analysis.attachments %}
{{ attachment.name }}
{% endfor %}
{% endif %} {% if analysis.incorrect_implementation.html %}

{% trans "Noncompliant Code Example" %}

{{ analysis.incorrect_implementation.html | safe }}
{% endif %} {% if analysis.correct_implementation.html %}

{% trans "Compliant Solution" %}

{{ analysis.correct_implementation.html | safe }}
{% endif %} {% if analysis.business_implication.html %}

{% trans "Business Implication" %}

{{ analysis.business_implication.html | safe }}
{% endif %} {% if analysis.vulnerability_references.html %}

{% trans "Related Vulnerabilities" %}

{{ analysis.vulnerability_references.html | safe }}
{% endif %}
{% endif %} {% endfor %}

{% trans "References" %}

    {% for ref in report.references %}
  1. {{ ref.name }}
    2. {% endfor %}
{% endwith %}