Mercurial > farol > farol
comparison farol/main.py @ 167:000114da182d
New lifting for the 'new' page
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Mon, 05 Jan 2015 11:38:46 +0100 |
parents | 4d8218fbe686 |
children | 964d7caf70b0 |
comparison
equal
deleted
inserted
replaced
166:ff8f4639c6be | 167:000114da182d |
---|---|
101 | 101 |
102 @app.route('/') | 102 @app.route('/') |
103 def welcome(): | 103 def welcome(): |
104 return render_template('welcome.j2', | 104 return render_template('welcome.j2', |
105 version=__version__, | 105 version=__version__, |
106 imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], | 106 imports=[('New', 100), ('CVRF', 100), ('CVE', 90)], |
107 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], | 107 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], |
108 use_cases=[('Create a security advisory and publish as CVRF', 100), | 108 use_cases=[('Create a security advisory and publish as CVRF', 100), |
109 ('Edit a security advisory in CVRF format', 100)] | 109 ('Edit a security advisory in CVRF format', 100)] |
110 ) | 110 ) |
111 | 111 |
176 set_current(doc) | 176 set_current(doc) |
177 | 177 |
178 @app.route('/new', methods=['GET', 'POST']) | 178 @app.route('/new', methods=['GET', 'POST']) |
179 def new(): | 179 def new(): |
180 if request.method != 'POST': | 180 if request.method != 'POST': |
181 return render_template('new.j2', has_document=has_current(), now=utcnow()) | 181 input_choices = [ |
182 ('RHSA', 'YYYY:nnnn', '2014:0981', """ | |
183 RedHat publishes their advisories in CVRF format since May 2012 | |
184 covering all of their products. | |
185 | |
186 Redhat provides a FAQ about the CVRF support here: | |
187 https://access.redhat.com/articles/124913 | |
188 | |
189 Farol downloads the CVRF documents from this location: | |
190 https://www.redhat.com/security/data/cvrf/ | |
191 """), | |
192 ('Oracle', 'nnnnnnn', '2188432', """ | |
193 Oracle uses the CVRF format to publish their Critical Patch Updates (CPUs). | |
194 | |
195 Oracle published an article about adopting CVRF: | |
196 https://blogs.oracle.com/security/entry/use_of_the_common_vulnerability | |
197 | |
198 The FAQ for the CPUs is available here: | |
199 http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html | |
200 | |
201 Farol downloads the CVRF documents from this location: | |
202 http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent | |
203 """), | |
204 ('Cisco', 'sa-YYYYMMDD-xxx', 'sa-20140605-openssl', """ | |
205 Cisco was one of the main actors driving the CVRF format. | |
206 | |
207 See also the Blog post at CISCO: | |
208 http://blogs.cisco.com/tag/cvrf | |
209 | |
210 Farol downloads the CVRF documents from this location: | |
211 http://tools.cisco.com/security/center/contentxml | |
212 """), | |
213 ('CVE', 'CVE-YYYY-NNNN', 'CVE-2014-7088', """ | |
214 It is possible to convert CVE information into CVRF format. | |
215 | |
216 Read here about Common Vulnerabilities and Exposures (CVEs): | |
217 http://cve.mitre.org/ | |
218 | |
219 MITRE publishes CVE in CVRF Format: | |
220 https://cve.mitre.org/cve/cvrf.html | |
221 | |
222 However, those CVRF documents do not cover all of the CVE content. | |
223 Therefore, Farol downloads the XML object of CVEs from Greenbone's | |
224 SecInfo Portal via the web interface "Greenbone Security Assistant". | |
225 The CVE XML data retrieved from there are identical to the CVE | |
226 publication by NIST. | |
227 | |
228 Greenbone's SecInfo Portal: | |
229 https://secinfo.greenbone.net | |
230 """), | |
231 ('URL', 'https://...', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf', """ | |
232 Farol can download a given URL for a CVRF document. | |
233 | |
234 The provided example is a Greenbone Security Advisory from | |
235 http://www.greenbone.net/technology/security.html | |
236 """) | |
237 ] | |
238 return render_template('new.j2', input_choices=input_choices, has_document=has_current(), now=utcnow()) | |
182 | 239 |
183 if 'rhsa' in request.form: | 240 if 'rhsa' in request.form: |
184 set_RHSA(request.form['id']) | 241 set_RHSA(request.form['id']) |
185 elif 'oracle' in request.form: | 242 elif 'oracle' in request.form: |
186 set_oracle(request.form['id']) | 243 set_oracle(request.form['id']) |
188 set_cisco(request.form['id']) | 245 set_cisco(request.form['id']) |
189 elif 'nasl' in request.form: | 246 elif 'nasl' in request.form: |
190 flash("I'm not able to parse NASL scripts yet", 'danger') | 247 flash("I'm not able to parse NASL scripts yet", 'danger') |
191 return redirect(url_for('new')) | 248 return redirect(url_for('new')) |
192 elif 'url' in request.form: | 249 elif 'url' in request.form: |
193 download_url(request.form['url']) | 250 download_url(request.form['id']) |
194 elif 'cve' in request.form: | 251 elif 'cve' in request.form: |
195 parse_cve_from_gsa(request.form['id']) | 252 parse_cve_from_gsa(request.form['id']) |
196 elif 'local' in request.files: | 253 elif 'local' in request.files: |
197 upload = request.files['local'] | 254 upload = request.files['local'] |
198 fpath = os.path.join(app.instance_path, 'tmp', | 255 fpath = os.path.join(app.instance_path, 'tmp', |