Mercurial > farol > farol
annotate farol/templates/vulnerability/edit_threat.j2 @ 53:249b3ad750b1
Add Descriptions for the Threat fields
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 07 Oct 2014 17:08:28 +0200 |
| parents | 4a9f23230eba |
| children |
| rev | line source |
|---|---|
| 0 | 1 {# |
| 2 # Description: | |
| 3 # Web Template used in Farol Design | |
| 4 # | |
| 5 # Authors: | |
| 6 # Benoît Allard <benoit.allard@greenbone.net> | |
| 7 # | |
| 8 # Copyright: | |
| 9 # Copyright (C) 2014 Greenbone Networks GmbH | |
| 10 # | |
| 11 # This program is free software; you can redistribute it and/or | |
| 12 # modify it under the terms of the GNU General Public License | |
| 13 # as published by the Free Software Foundation; either version 2 | |
| 14 # of the License, or (at your option) any later version. | |
| 15 # | |
| 16 # This program is distributed in the hope that it will be useful, | |
| 17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 19 # GNU General Public License for more details. | |
| 20 # | |
| 21 # You should have received a copy of the GNU General Public License | |
| 22 # along with this program; if not, write to the Free Software | |
| 23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
| 24 -#} | |
| 25 | |
| 26 {% extends "base.j2" %} | |
|
53
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
27 {% from "macros.j2" import selectinput, textinput, textarea, selectinput2, examples %} |
| 0 | 28 {% block title %}Edit Threat{% endblock %} |
| 29 | |
| 30 {% set active = 'vulnerability' %} | |
| 31 | |
| 32 {% block content %} | |
|
53
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
33 <p><strong>Threat</strong> contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.</p> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
34 |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
35 <p>A <strong>Threat</strong> container can be tied to one or more specific products by referencing these products using either the <strong>Product ID</strong> or <strong>Group ID</strong> child elements. If the <strong>Threat</strong> is meant to be general or nonspecific for all products, the <strong>Product ID</strong> and <strong>Group ID</strong> child elements should be omitted.</p> |
| 0 | 36 <form role="form" method="POST"> |
| 37 | |
|
53
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
38 {% call selectinput('type', "Type", types, type) %} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
39 <p>The <em>Type</em> of <strong>Threat</strong> is required and can be one of the following:</p> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
40 <dl class="dl-horizontal"> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
41 <dt>Impact:</dt><dd>Impact contains an assessment of the impact on the user or the target set if the vulnerability is successfully exploited. (A description of the <samp>Target Set</samp> <em>Type</em> follows.) If applicable, for consistency and simplicity, this section can be a textual summary of the three CVSS impact metrics. These metrics measure how a vulnerability detracts from the three core security properties of an information system: Confidentiality, Integrity, and Availability.</dd> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
42 <dt>Exploit Status:</dt><dd>Exploit Status contains a description of the degree to which an exploit for the vulnerability is known. This knowledge can range from information privately held among a very small group to an issue that has been described to the public at a major conference or is being widely exploited globally. For consistency and simplicity, this section can be a mirror image of the CVSS “Exploitability” metric. However, it can also contain a more contextual status, such as “Weaponized” or “Functioning Code.”</dd> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
43 <dt>Target Set:</dt><dd>Target Set contains a description of the currently known victim population in whatever terms are appropriate. Such terms may include: operating system platform, types of products, user segments, and geographic distribution.</dd> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
44 </dl> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
45 {% endcall %} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
46 {% call textinput('date', "Date", now.isoformat(), date, type="datetime") %} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
47 <p>The <em>Date</em> attribute is optional. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.</p> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
48 {% endcall %} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
49 {% call textarea('description', "Description", '', description, 5, required=True) %} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
50 <p>The <strong>Description</strong> element will contain a thorough human-readable discussion of the <strong>Threat</strong>.</p> |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
51 {{ examples(['complete compromise of the integrity of affected machines'], 'Impact') }} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
52 {{ examples(['none', 'proof of concept'], 'Exploit Status') }} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
53 {{ examples(['Financial Institutions', 'US Government Agencies', 'All versions of BIND 9.4.0 and lower'], 'Target Set') }} |
|
249b3ad750b1
Add Descriptions for the Threat fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
54 {% endcall %} |
| 0 | 55 {{ selectinput2('products', "Products", products, productids, multiple=True) }} |
| 56 {% if groups %} | |
| 57 {{ selectinput2('groups', "Groups", groups, groupids, multiple=True)}} | |
| 58 {% endif %} | |
| 59 | |
| 60 <button class="btn btn-primary" type="submit">{{ action or 'Update' }}</button> | |
| 61 <a class="btn btn-danger" href="{% if action=='Add' %}{{ url_for('.view', ordinal=ordinal) }}{% else %}{{ url_for('.view_threat', ordinal=ordinal, index=index) }}{% endif %}">Cancel</a> | |
| 62 </form> | |
| 63 {% endblock %} |