Not a web designer

Posted by:

Today I spent the evening improving the `html_file` plugin, which is used to generate HTML reports based on w3af’s findings. The old version had many issues, the main being that it used hard-coded HTML string concatenation to create the report (uff!) and an encoding bug which was stopping users from generating reports in some edge cases. Since fixing the hard-coded HTML issue also fixed the encoding bug, I decided to go ahead and refactor the plugin.

Things went smoothly:

  1. I wrote an HTML report template using jinja2
  2. Refactored the plugin to render the newly created template with all the information I wanted to have in the output
  3. Wrote some globals and filters for my jinja2 environment
  4. And finally, coded a couple of unittests to make sure everything was working as expected

And then it all went south… my girlfriend entered the room and brought some reality to my day: “That’s the new report template you’re working on? It’s ugly“. Two seconds later I realized that she was right (evidence #1 #2). All my previous attempts to build eye-candy things have failed, why would this one succeed? After all I’m a developer, not a web designer!

Here is where you can help. I’m sure you’ve got more web design skills that me, that’s easy. The template is trivial to modify, and the workflow is easy to learn:

  1. Install w3af from the git repository
  2. pip install –upgrade -r w3af/tests/requirements.txt
  3. watch nosetests w3af/plugins/tests/output/test_html_file.py:TestHTMLRendering -s
  4. Open the template `w3af/plugins/output/html_file/templates/complete.html` using any text editor
  5. Use a browser to open the rendered output which lives at `~/report.html`

The watch+nosetests command will render a new report.html every two seconds, based on the changes you make to the template using the text editor (remember to save the changes or you won’t see any differences in the browser).

More details on what needs to be done to improve the report template, at least from my perspective, is available in this ticket. Once you’re happy with the changes send me a pull-request, I’ll review it and make sure all the users get your improvements.

I’m sure that with your help we’ll be able to significantly improve the report quality!

0

About the Author:

Web Application Security Innovator, Researcher and Entrepreneur. Python Hacker.
  Related Posts