farol/farol: farol/main.py comparison

comparison farol/main.py @ 167:000114da182d

New lifting for the 'new' page

author	Benoît Allard <benoit.allard@greenbone.net>
date	Mon, 05 Jan 2015 11:38:46 +0100
parents	4d8218fbe686
children	964d7caf70b0

comparison

equal deleted inserted replaced

-:ff8f4639c6be
+:000114da182d
 @app.route('/')
 def welcome():
 return render_template('welcome.j2',
 version=__version__,
-imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)],
+imports=[('New', 100), ('CVRF', 100), ('CVE', 90)],
 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ],
 use_cases=[('Create a security advisory and publish as CVRF', 100),
 ('Edit a security advisory in CVRF format', 100)]
 )
 set_current(doc)
 @app.route('/new', methods=['GET', 'POST'])
 def new():
 if request.method != 'POST':
-return render_template('new.j2', has_document=has_current(), now=utcnow())
+input_choices = [
+('RHSA', 'YYYY:nnnn', '2014:0981', """
+RedHat publishes their advisories in CVRF format since May 2012
+covering all of their products.
+Redhat provides a FAQ about the CVRF support here:
+https://access.redhat.com/articles/124913
+Farol downloads the CVRF documents from this location:
+https://www.redhat.com/security/data/cvrf/
+"""),
+('Oracle', 'nnnnnnn', '2188432', """
+Oracle uses the CVRF format to publish their Critical Patch Updates (CPUs).
+Oracle published an article about adopting CVRF:
+https://blogs.oracle.com/security/entry/use_of_the_common_vulnerability
+The FAQ for the CPUs is available here:
+http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html
+Farol downloads the CVRF documents from this location:
+http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent
+"""),
+('Cisco', 'sa-YYYYMMDD-xxx', 'sa-20140605-openssl', """
+Cisco was one of the main actors driving the CVRF format.
+See also the Blog post at CISCO:
+http://blogs.cisco.com/tag/cvrf
+Farol downloads the CVRF documents from this location:
+http://tools.cisco.com/security/center/contentxml
+"""),
+('CVE', 'CVE-YYYY-NNNN', 'CVE-2014-7088', """
+It is possible to convert CVE information into CVRF format.
+Read here about Common Vulnerabilities and Exposures (CVEs):
+http://cve.mitre.org/
+MITRE publishes CVE in CVRF Format:
+https://cve.mitre.org/cve/cvrf.html
+However, those CVRF documents do not cover all of the CVE content.
+Therefore, Farol downloads the XML object of CVEs from Greenbone's
+SecInfo Portal via the web interface "Greenbone Security Assistant".
+The CVE XML data retrieved from there are identical to the CVE
+publication by NIST.
+Greenbone's SecInfo Portal:
+https://secinfo.greenbone.net
+"""),
+('URL', 'https://...', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf', """
+Farol can download a given URL for a CVRF document.
+The provided example is a Greenbone Security Advisory from
+http://www.greenbone.net/technology/security.html
+""")
+]
+return render_template('new.j2', input_choices=input_choices, has_document=has_current(), now=utcnow())
 if 'rhsa' in request.form:
 set_RHSA(request.form['id'])
 elif 'oracle' in request.form:
 set_oracle(request.form['id'])
 set_cisco(request.form['id'])
 elif 'nasl' in request.form:
 flash("I'm not able to parse NASL scripts yet", 'danger')
 return redirect(url_for('new'))
 elif 'url' in request.form:
-download_url(request.form['url'])
+download_url(request.form['id'])
 elif 'cve' in request.form:
 parse_cve_from_gsa(request.form['id'])
 elif 'local' in request.files:
 upload = request.files['local']
 fpath = os.path.join(app.instance_path, 'tmp',

Mercurial > farol > farol

comparison farol/main.py @ 167:000114da182d