private String generateHtml(
String title,
TestResults actualResults,
Map<String, Counter> scores,
OverallResults or,
int totalResults,
File img,
String actualResultsFileName)
throws IOException, URISyntaxException {
String template =
new String(
Files.readAllBytes(
Paths.get(BenchmarkScore.pathToScorecardResources + "template.html")));
// String template = new String(Files.readAllBytes(
// Paths.get(this.getClass().getClassLoader()
// .getResource("template.html")
// .toURI())));
String html = template;
html = html.replace("${title}", title);
html = html.replace("${tests}", Integer.toString(totalResults));
html = html.replace("${time}", or.getTime());
html = html.replace("${score}", "" + new DecimalFormat("#0.00%").format(or.getScore()));
html = html.replace("${tool}", actualResults.getTool());
html = html.replace("${version}", actualResults.getBenchmarkVersion());
html = html.replace("${actualResultsFile}", actualResultsFileName);
String imgTag = "<img align=\"middle\" src=\"" + img.getName() + "\" />";
html = html.replace("${image}", imgTag);
String table = generateTable(actualResults, scores, or);
html = html.replace("${table}", table);
return html;
}
private String generateTable(
TestResults actualResults, Map<String, Counter> scores, OverallResults or) {
StringBuilder sb = new StringBuilder();
sb.append("<table class=\"table\">\n");
sb.append("<tr>");
sb.append("<th>Category</th>");
sb.append("<th>TP</th>");
sb.append("<th>FN</th>");
sb.append("<th>TN</th>");
sb.append("<th>FP</th>");
sb.append("<th>Total</th>");
sb.append("<th>TPR</th>");
sb.append("<th>FPR</th>");
sb.append("<th>Score</th>");
sb.append("</tr>\n");
Counter totals = new Counter();
double totalTPR = 0;
double totalFPR = 0;
double totalScore = 0;
for (String category : scores.keySet()) {
Counter c = scores.get(category);
OverallResult r = or.getResults(category);
String style = "";
if (Math.abs(r.truePositiveRate - r.falsePositiveRate) < .1) style = "class=\"danger\"";
else if (r.truePositiveRate > .7 && r.falsePositiveRate < .3) style = "class=\"success\"";
sb.append("<tr " + style + ">");
sb.append("<td>" + category + "</td>");
sb.append("<td>" + c.tp + "</td>");
sb.append("<td>" + c.fn + "</td>");
sb.append("<td>" + c.tn + "</td>");
sb.append("<td>" + c.fp + "</td>");
sb.append("<td>" + r.total + "</td>");
sb.append("<td>" + new DecimalFormat("#0.00%").format(r.truePositiveRate) + "</td>");
sb.append("<td>" + new DecimalFormat("#0.00%").format(r.falsePositiveRate) + "</td>");
sb.append("<td>" + new DecimalFormat("#0.00%").format(r.score) + "</td>");
sb.append("</tr>\n");
totals.tp += c.tp;
totals.fn += c.fn;
totals.tn += c.tn;
totals.fp += c.fp;
if (!Double.isNaN(r.truePositiveRate)) totalTPR += r.truePositiveRate;
if (!Double.isNaN(r.falsePositiveRate)) totalFPR += r.falsePositiveRate;
if (!Double.isNaN(r.score)) totalScore += r.score;
}
sb.append("<th>Totals*</th>");
sb.append("<th>" + totals.tp + "</th>");
sb.append("<th>" + totals.fn + "</th>");
sb.append("<th>" + totals.tn + "</th>");
sb.append("<th>" + totals.fp + "</th>");
int total = totals.tp + totals.fn + totals.tn + totals.fp;
sb.append("<th>" + total + "</th>");
sb.append("<th/><th/><th/></tr>\n");
sb.append("<th>Overall Results*</th><th/><th/><th/><th/><th/>");
double tpr = (totalTPR / scores.size());
sb.append("<th>" + new DecimalFormat("#0.00%").format(tpr) + "</th>");
double fpr = (totalFPR / scores.size());
sb.append("<th>" + new DecimalFormat("#0.00%").format(fpr) + "</th>");
double score = totalScore / scores.size();
sb.append("<th>" + new DecimalFormat("#0.00%").format(score) + "</th>");
sb.append("</tr>\n");
sb.append("</table>");
sb.append(
"<p>*-The Overall Results are averages across all the vulnerability categories. "
+ " You can't compute these averages by simply calculating the TPR and FPR rates using "
+ " the values in the Totals row. If you did that, categories with larger number of tests would carry "
+ " more weight than categories with less tests. The proper calculation of the Overall Results is to"
+ " add up all the TPR, FPR, and Score values, "
+ " and then divide by the number of vulnerability categories, which is how they are calculated.<p/>");
return sb.toString();
}
private void makeLegend(
String category,
List<Report> toolResults,
int x,
int y,
XYSeriesCollection dataset,
XYPlot xyplot) {
char ch = 'A';
int i = -2;
// print commercial label
XYTextAnnotation stroketext = new XYTextAnnotation("commercial", x, y + i * -3.3);
stroketext.setTextAnchor(TextAnchor.CENTER_LEFT);
stroketext.setBackgroundPaint(Color.white);
stroketext.setPaint(Color.gray);
stroketext.setFont(theme.getRegularFont());
i++;
// commercial tools
for (Report r : toolResults) {
OverallResults or = r.getOverallResults();
if (r.isCommercial()) {
String label = (ch == 'I' ? ch + ": " : "" + ch + ": ");
int score = (int) (or.getResults(category).getScore() * 100);
String msg = "\u25A0 " + label + r.getToolName() + " (" + score + "%)";
XYTextAnnotation stroketext4 = new XYTextAnnotation(msg, x, y + i * -3.3);
stroketext4.setTextAnchor(TextAnchor.CENTER_LEFT);
stroketext4.setBackgroundPaint(Color.white);
stroketext4.setPaint(Color.blue);
stroketext4.setFont(theme.getRegularFont());
xyplot.addAnnotation(stroketext4);
i++;
ch++;
}
}
// print non commercial label
XYTextAnnotation stroketext1 = new XYTextAnnotation("non - commercial", x, y + i * -3.3);
stroketext1.setTextAnchor(TextAnchor.CENTER_LEFT);
stroketext1.setBackgroundPaint(Color.white);
stroketext1.setPaint(Color.gray);
stroketext1.setFont(theme.getRegularFont());
i++;
// non-commercial results
for (Report r : toolResults) {
OverallResults or = r.getOverallResults();
if (!r.isCommercial()) {
String label = (ch == 'I' ? ch + ": " : "" + ch + ": ");
int score = (int) (or.getResults(category).getScore() * 100);
String msg = "\u25A0 " + label + r.getToolName() + " (" + score + "%)";
XYTextAnnotation stroketext3 = new XYTextAnnotation(msg, x, y + i * -3.3);
stroketext3.setTextAnchor(TextAnchor.CENTER_LEFT);
stroketext3.setBackgroundPaint(Color.white);
stroketext3.setPaint(Color.blue);
stroketext3.setFont(theme.getRegularFont());
xyplot.addAnnotation(stroketext3);
i++;
ch++;
}
}
// commercial average
XYTextAnnotation stroketext2 =
new XYTextAnnotation("\u25A0 M: Commercial Average", x, y + i * -3.3);
stroketext2.setTextAnchor(TextAnchor.CENTER_LEFT);
stroketext2.setBackgroundPaint(Color.white);
stroketext2.setPaint(Color.black);
stroketext2.setFont(theme.getRegularFont());
xyplot.addAnnotation(stroketext);
xyplot.addAnnotation(stroketext1);
xyplot.addAnnotation(stroketext2);
}