Mercurial > farol > farol
annotate farol/templates/vulnerability/edit_remediation.j2 @ 55:76cba17794ab
Add Descriptions to the Remediation fields
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Wed, 08 Oct 2014 09:57:13 +0200 |
| parents | 4a9f23230eba |
| children |
| rev | line source |
|---|---|
| 0 | 1 {# |
| 2 # Description: | |
| 3 # Web Template used in Farol Design | |
| 4 # | |
| 5 # Authors: | |
| 6 # Benoît Allard <benoit.allard@greenbone.net> | |
| 7 # | |
| 8 # Copyright: | |
| 9 # Copyright (C) 2014 Greenbone Networks GmbH | |
| 10 # | |
| 11 # This program is free software; you can redistribute it and/or | |
| 12 # modify it under the terms of the GNU General Public License | |
| 13 # as published by the Free Software Foundation; either version 2 | |
| 14 # of the License, or (at your option) any later version. | |
| 15 # | |
| 16 # This program is distributed in the hope that it will be useful, | |
| 17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 19 # GNU General Public License for more details. | |
| 20 # | |
| 21 # You should have received a copy of the GNU General Public License | |
| 22 # along with this program; if not, write to the Free Software | |
| 23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
| 24 -#} | |
| 25 | |
| 26 {% extends "base.j2" %} | |
|
55
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
27 {% from "macros.j2" import selectinput, textinput, textarea, selectinput2, examples %} |
| 0 | 28 {% block title %}Edit Remediation{% endblock %} |
| 29 | |
| 30 {% set active = 'vulnerability' %} | |
| 31 | |
| 32 {% block content %} | |
|
55
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
33 <p>The <strong>Remediation</strong> container holds specific details on how to handle (and presumably, fix) a vulnerability.</p> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
34 <p>A <strong>Remediation</strong> container can be tied to one or more specific products by referencing these products using either the <strong>Product ID</strong> or <strong>Group ID</strong> child elements. If the <strong>Remediation</strong> is meant to be general or nonspecific for all products, the <strong>Product ID</strong> and <strong>Group ID</strong> child elements should be omitted.</p> |
| 0 | 35 <form role="form" method="POST"> |
| 36 | |
|
55
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
37 {% call selectinput('type', "Type", types, type) %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
38 <p>The <em>Type</em> attribute is required and can be one of the following:</p> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
39 <dl class="dl-horizontal"> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
40 <dt>Workaround:</dt><dd>Workaround contains information about a configuration or specific deployment scenario that can be used to avoid exposure to the vulnerability. There may be none, one, or more workarounds available. This is typically the “first line of defense” against a new vulnerability before a mitigation or vendor fix has been issued or even discovered.</dd> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
41 <dt>Mitigation:</dt><dd>Mitigation contains information about a configuration or deployment scenario that helps to reduce the risk of the vulnerability but that does not resolve the vulnerability on the affected product. Mitigations may include using devices or access controls external to the affected product. Mitigations may or may not be issued by the original author of the affected product, and they may or may not be officially sanctioned by the document producer.</dd> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
42 <dt>Vendor Fix:</dt><dd>Vendor Fix contains information about an official fix that is issued by the original author of the affected product. Unless otherwise noted, it is assumed that this fix fully resolves the vulnerability.</dd> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
43 <dt>None Available:</dt><dd>Currently there is no fix available. Description should contain details about why there is no fix.</dd> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
44 <dt>Will Not Fix:</dt><dd>There is no fix for the vulnerability and there never will be one. This is often the case when a product has been orphaned, end-of-lifed, or otherwise deprecated. Description should contain details about why there will be no fix issued.</dd> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
45 </dl> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
46 {% endcall %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
47 {% call textinput('date', "Date", now.isoformat(), date, type="datetime") %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
48 <p><strong>Date</strong> is the date Remedy was last updated, if omitted it is deemed to be unknown, unimportant, or irrelevant. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.</p> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
49 {% endcall %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
50 {% call textarea('description', "Description", '', description, 5, required=True) %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
51 <p>The <strong>Description</strong> element will contain a thorough human-readable discussion of the Remediation.</p> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
52 {% endcall %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
53 {% call textarea('entitlement', "Entitlement", '', entitlement, 5) %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
54 <p><strong>Entitlement</strong> contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability. This element will often contain information about service contracts or service-level agreements that is directed toward customers of large vendors.</p> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
55 {{ examples(['Cisco customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels, generally from the Cisco website. Cisco recommends contacting the TAC only with specific and imminent problems or questions.<br>As a special customer service, and to improve the overall security of the Internet, Cisco may offer customers free of charge software updates to address security problems. If Cisco has offered a free software update to address a specific issue, noncontract customers who are eligible for the update may obtain it by contacting the Cisco TAC using any of the means described in the Contact Summary section of this document. To verify their entitlement, individuals who contact the TAC should have available the URL of the Cisco document that is offering the upgrade.<br>All aspects of this process are subject to change without notice and on a case-by-case basis. No particular level of response is guaranteed for any specific issue or class of issues.']) }} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
56 {% endcall %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
57 {% call textinput('url', "URL", 'https://...', url, type="url") %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
58 <p><strong>URL</strong> is the optional URL to the Remediation.</p> |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
59 {% endcall %} |
|
76cba17794ab
Add Descriptions to the Remediation fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
60 |
| 0 | 61 {{ selectinput2('products', "Products", products, productids, multiple=True) }} |
| 62 {% if groups %} | |
| 63 {{ selectinput2('groups', "Groups", groups, groupids, multiple=True)}} | |
| 64 {% endif %} | |
| 65 | |
| 66 <button class="btn btn-primary" type="submit">{{ action or 'Update' }}</button> | |
| 67 <a class="btn btn-danger" href="{% if action=='Add' %}{{ url_for('.view', ordinal=ordinal) }}{% else %}{{ url_for('.view_remediation', ordinal=ordinal, index=index) }}{% endif %}">Cancel</a> | |
| 68 </form> | |
| 69 {% endblock %} |