c461faa2fb
Complete pentest feature overhaul: SSE streaming, session-persistent browser tool (CDP), AES-256 credential encryption, auto-screenshots in reports, code-level remediation correlation, SAST triage chunking, context window optimization, test user cleanup (Keycloak/Auth0/Okta), wizard dropdowns, attack chain improvements, architecture docs with Mermaid diagrams. Co-authored-by: Sharang Parnerkar <parnerkarsharang@gmail.com> Reviewed-on: #16
41 lines
2.4 KiB
Rust
41 lines
2.4 KiB
Rust
use super::html_escape;
|
|
|
|
pub(super) fn appendix(session_id: &str) -> String {
|
|
format!(
|
|
r##"<!-- ═══════════════ 5. APPENDIX ═══════════════ -->
|
|
<div class="page-break"></div>
|
|
<h2><span class="section-num">5.</span> Appendix</h2>
|
|
|
|
<h3>Severity Definitions</h3>
|
|
<table class="info">
|
|
<tr><td style="color: var(--sev-critical); font-weight: 700;">Critical</td><td>Vulnerabilities that can be exploited remotely without authentication to execute arbitrary code, exfiltrate sensitive data, or fully compromise the system.</td></tr>
|
|
<tr><td style="color: var(--sev-high); font-weight: 700;">High</td><td>Vulnerabilities that allow significant unauthorized access or data exposure, typically requiring minimal user interaction or privileges.</td></tr>
|
|
<tr><td style="color: var(--sev-medium); font-weight: 700;">Medium</td><td>Vulnerabilities that may lead to limited data exposure or require specific conditions to exploit, but still represent meaningful risk.</td></tr>
|
|
<tr><td style="color: var(--sev-low); font-weight: 700;">Low</td><td>Minor issues with limited direct impact. May contribute to broader attack chains or indicate defense-in-depth weaknesses.</td></tr>
|
|
<tr><td style="color: var(--sev-info); font-weight: 700;">Info</td><td>Observations and best-practice recommendations that do not represent direct security vulnerabilities.</td></tr>
|
|
</table>
|
|
|
|
<h3>Disclaimer</h3>
|
|
<p style="font-size: 9pt; color: var(--text-secondary);">
|
|
This report was generated by an automated AI-powered penetration testing engine. While the system
|
|
employs advanced techniques to identify vulnerabilities, no automated assessment can guarantee
|
|
complete coverage. The results should be reviewed by qualified security professionals and validated
|
|
in the context of the target application's threat model. Findings are point-in-time observations
|
|
and may change as the application evolves.
|
|
</p>
|
|
|
|
<!-- ═══════════════ FOOTER ═══════════════ -->
|
|
<div class="report-footer">
|
|
<div class="footer-company">Compliance Scanner</div>
|
|
<div>AI-Powered Security Assessment Platform</div>
|
|
<div style="margin-top: 6px;">This document is confidential and intended solely for the named recipient.</div>
|
|
<div>Report ID: {session_id}</div>
|
|
</div>
|
|
|
|
</div><!-- .report-body -->
|
|
</body>
|
|
</html>"##,
|
|
session_id = html_escape(session_id),
|
|
)
|
|
}
|