Mercurial > farol > farol

annotate farol/templates/common_edits.j2 @ 64:aad7db3f93b6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add support for Acknowledgments with multiple names and organizations
author Benoît Allard <benoit.allard@greenbone.net>
date Wed, 08 Oct 2014 14:28:29 +0200
parents 4ac1dd522998
children
rev   line source
34
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
1 {#
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
2 # Description:
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
3 # Web Template used in Farol Design
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
4 #
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
5 # Authors:
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
6 # Benoît Allard <benoit.allard@greenbone.net>
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
7 #
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
8 # Copyright:
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
9 # Copyright (C) 2014 Greenbone Networks GmbH
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
10 #
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
11 # This program is free software; you can redistribute it and/or
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
12 # modify it under the terms of the GNU General Public License
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
13 # as published by the Free Software Foundation; either version 2
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
14 # of the License, or (at your option) any later version.
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
15 #
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
16 # This program is distributed in the hope that it will be useful,
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
19 # GNU General Public License for more details.
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
20 #
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
21 # You should have received a copy of the GNU General Public License
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
22 # along with this program; if not, write to the Free Software
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
24 -#}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
25
49
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
26 {% from "macros.j2" import textinput, textarea, selectinput, examples %}
34
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
27
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
28 {% macro edit_title_type(doctitle, doctype) %}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
29 {% call textinput("title", "Document Title", "", doctitle, required=True) %}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
30 <p><strong>Document Title</strong> is a definitive canonical name for the document, providing enough descriptive content to differentiate from other similar documents, ideally providing a unique handle. While this field is largely up to the document producer, ICASI has some recommendations:</p>
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
31 <p>The title should be succinct and promptly give the reader an idea of what is to come. If the document producer also publishes a human-friendly document that goes hand-in-hand with a CVRF document, it is recommend that both documents use the same title. It is further recommended to include the manufacturer name with any product names mentioned in the title.</p>
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
32 {{ examples(['Cisco IPv6 Crafted Packet Vulnerability', 'CERT Vulnerabilities in Kerberos 5 Implementation', 'Cisco Content Services Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability', 'Symantec Brightmail AntiSpam Static Database Password', 'HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities', 'Microsoft Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution', 'Microsoft Vulnerability in Windows Explorer Could Allow Remote Code Execution' ]) }}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
33 {% endcall %}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
34 {% call textinput("type", "Document Type", "Security Advisory", doctype, required=True) %}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
35 <p><strong>Document Type</strong> is a short canonical name, chosen by the document producer, which will inform the end user as to the type of document.</p>
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
36 {{ examples(['Vulnerability Report', 'Security Bulletin', 'Security Notice']) }}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
37 {% endcall %}
22d89f53e34c Add macro to display a description for the input fields
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
38 {% endmacro %}
49
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
39
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
40 {% macro edit_note(types, note, ordinal) %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
41 <p><strong>Note</strong> is a place to put all manner of text blobs related to the document as a whole. It can be a concise summary of the overall document or a more compartmentalized and area-specific textual discussion. Depending on the need, there can be zero, one, or several <strong>Note</strong> elements in a given CVRF document.
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
42
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
43 <p>The note should contain a compartmentalized textual discussion constrained by its <em>Type</em> attribute.</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
44 {% call selectinput("type", "Type", types, note and note._type or '') %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
45 <p><em>Type</em> can be one of the following:</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
46 <dl class="dl-horizontal">
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
47 <dt>General:</dt>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
48 <dd>A general, high-level note (<em>Title</em> may have more information).</dd>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
49 <dt>Details:</dt>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
50 <dd>A low-level detailed discussion (<em>Title</em> may have more information).</dd>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
51 <dt>Description:</dt>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
52 <dd>A description of something (<em>Title</em> may have more information).</dd>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
53 <dt>Summary:</dt>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
54 <dd>A summary of something (<em>Title</em> may have more information).</dd>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
55 <dt>FAQ:</dt>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
56 <dd>A list of frequently asked questions.</dd>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
57 <dt>Legal Disclaimer:</dt>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
58 <dd>Any possible legal discussion, including constraints, surrounding the document.</dd>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
59 <dt>Other:</dt>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
60 <dd>Something that doesnt fit (<em>Title</em> should have more information).</dd>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
61 </dl>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
62 {% endcall %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
63 {% call textinput("ordinal", "Ordinal", "", ordinal or note._ordinal, type="number", required=True, extras={'min': '1'}) %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
64 <p><em>Ordinal</em> is a mandatory, locally significant value used to track notes inside a CVRF document at the root (document) level. It is provided to uniquely identify a <strong>Note</strong>.</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
65 <p>There should be one of these values for every <strong>Note</strong> inside <strong>Document Notes</strong>, and it is recommended that <em>Ordinal</em> should be instantiated as a monotonically increasing counter, indexed from 1. Each <em>Ordinal</em> that tracks a <strong>Note</strong> inside <strong>Document Notes</strong> is completely independent from an <em>Ordinal</em> tracking a <strong>Note</strong> inside <strong>Vulnerability/Notes</strong>.</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
66 {% endcall %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
67 {% call textinput("title", "Title", "", note and note._title or '') %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
68 <p><em>Title</em> should be a concise description of what is contained in the text.</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
69 {% endcall %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
70 {% call textinput("audience", "Audience", "", note and note._audience or '') %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
71 <p><em>Audience</em> will indicate who is intended to read it.</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
72 {% endcall %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
73 {% call textarea("note", "Note", "", note and note._note or '', 10, required=True) %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
74 <p><strong>Note</strong> is a place to put all manner of text blobs related to the document as a whole. It can be a concise summary of the overall document or a more compartmentalized and area-specific textual discussion.</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
75 <p>The note should contain a compartmentalized textual discussion constrained by its <em>Type</em> attribute.</p>
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
76 {% endcall %}
5583ddcd6164 Unify the edit_note page
Benoît Allard <benoit.allard@greenbone.net>
parents: 34
diff changeset
77 {% endmacro %}
56
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
78
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
79 {% macro edit_reference(types, _type, url, description) %}
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
80 <p>The <strong>Reference</strong> container should include references to any conferences, papers, advisories, and other resources that are related and considered to be of value to the document consumer.</p>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
81 <p>The <strong>Reference</strong> element contains a description of a related document. This may include a plaintext or HTML version of the advisory or other related documentation, such as white papers or mitigation documentation.</p>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
82 {% call selectinput("type", "Type", types, _type) %}
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
83 <p>The <em>Type</em> attribute denotes the type of the document reference relative to the given document. The following types are available:</p>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
84 <dl class="dl-horizontal">
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
85 <dt>External:</dt>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
86 <dd>The default value indicates the reference is external to the document.</dd>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
87 <dt>Self:</dt>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
88 <dd>This indicates the related document is actually a direct reference to itself.</dd>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
89 </dl>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
90 {% endcall %}
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
91 {% call textinput("url", "URL", "http://...", url, type="url", required=True) %}
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
92 <p><strong>URL</strong> is the fixed URL or location of the reference.</p>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
93 {% endcall %}
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
94 {% call textinput("description", "Description", "", description, required=True) %}
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
95 <p><strong>Description</strong> is a descriptive title or the name of the reference.</p>
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
96 {% endcall %}
e6da0705a47c Unify the edit_reference pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 49
diff changeset
97 {% endmacro %}
57
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
98
64
aad7db3f93b6 Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents: 57
diff changeset
99 {% macro edit_acknowledgment(names, organizations, description, url) %}
57
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
100 <p><strong>Acknowledgment</strong> contains recognition of external parties that reported noncritical/low-severity security issues or provided information, observations, or suggestions that contributed to improved security or improved documentation in future releases of the document producer's products. This may also contain recognition to external parties that contributed toward producing this document.</p>
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
101 <p>This element indicates collaboration with the security community in a positive fashion and is an important part of a notice or advisory. Care should be taken to ensure that individuals would like to be acknowledged before they are included.</p>
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
102
64
aad7db3f93b6 Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents: 57
diff changeset
103 {% call textinput("names", "Names", "", names | join(', '), help="Multiple names should be comma-separated.") %}
57
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
104 <p>The <strong>Name</strong> should contain the name of the party being acknowledged.</p>
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
105 {% endcall %}
64
aad7db3f93b6 Add support for Acknowledgments with multiple names and organizations
Benoît Allard <benoit.allard@greenbone.net>
parents: 57
diff changeset
106 {% call textinput("organizations", "Organizations", "", organizations | join(', '), help="Multiple organizations should be comma-separated.") %}
57
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
107 <p>The <strong>Organization</strong> should contain the organization of the party or if the <strong>Name</strong> is omitted, the organization itself that is being acknowledged.</p>
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
108 {% endcall %}
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
109 {% call textarea("description", "Description", "", description, 5) %}
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
110 <p>The <strong>Description</strong> can contain any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.</p>
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
111 {{ examples (['Vendor X would like to thank [Name 3] from [OrgName] for reporting this issue.', 'Vendor X would like to thank the following researchers for their contributions to making this project more secure: [Name 1], [Name 2], [Name 3]']) }}
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
112 {% endcall %}
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
113 {% call textinput("url", "URL", "http://...", url, type="url") %}
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
114 <p><strong>URL</strong> is the optional URL to the person, place, or thing being acknowledged.</p>
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
115 {% endcall %}
4ac1dd522998 Unify the edit_acknowledgment pages
Benoît Allard <benoit.allard@greenbone.net>
parents: 56
diff changeset
116 {% endmacro %}
http://farol.wald.intevation.org