Mercurial > farol > farol
comparison farol/templates/vulnerability/edit_threat.j2 @ 53:249b3ad750b1
Add Descriptions for the Threat fields
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 07 Oct 2014 17:08:28 +0200 |
| parents | 4a9f23230eba |
| children |
comparison
equal
deleted
inserted
replaced
| 52:b9704abca0c9 | 53:249b3ad750b1 |
|---|---|
| 22 # along with this program; if not, write to the Free Software | 22 # along with this program; if not, write to the Free Software |
| 23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | 23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 24 -#} | 24 -#} |
| 25 | 25 |
| 26 {% extends "base.j2" %} | 26 {% extends "base.j2" %} |
| 27 {% from "macros.j2" import selectinput, textinput, textarea, selectinput2 %} | 27 {% from "macros.j2" import selectinput, textinput, textarea, selectinput2, examples %} |
| 28 {% block title %}Edit Threat{% endblock %} | 28 {% block title %}Edit Threat{% endblock %} |
| 29 | 29 |
| 30 {% set active = 'vulnerability' %} | 30 {% set active = 'vulnerability' %} |
| 31 | 31 |
| 32 {% block content %} | 32 {% block content %} |
| 33 <p><strong>Threat</strong> contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.</p> | |
| 34 | |
| 35 <p>A <strong>Threat</strong> container can be tied to one or more specific products by referencing these products using either the <strong>Product ID</strong> or <strong>Group ID</strong> child elements. If the <strong>Threat</strong> is meant to be general or nonspecific for all products, the <strong>Product ID</strong> and <strong>Group ID</strong> child elements should be omitted.</p> | |
| 33 <form role="form" method="POST"> | 36 <form role="form" method="POST"> |
| 34 | 37 |
| 35 {{ selectinput('type', "Type", types, type) }} | 38 {% call selectinput('type', "Type", types, type) %} |
| 36 {{ textinput('date', "Date", now.isoformat(), date, type="datetime") }} | 39 <p>The <em>Type</em> of <strong>Threat</strong> is required and can be one of the following:</p> |
| 37 {{ textarea('description', "Description", '', description, 5, required=True) }} | 40 <dl class="dl-horizontal"> |
| 41 <dt>Impact:</dt><dd>Impact contains an assessment of the impact on the user or the target set if the vulnerability is successfully exploited. (A description of the <samp>Target Set</samp> <em>Type</em> follows.) If applicable, for consistency and simplicity, this section can be a textual summary of the three CVSS impact metrics. These metrics measure how a vulnerability detracts from the three core security properties of an information system: Confidentiality, Integrity, and Availability.</dd> | |
| 42 <dt>Exploit Status:</dt><dd>Exploit Status contains a description of the degree to which an exploit for the vulnerability is known. This knowledge can range from information privately held among a very small group to an issue that has been described to the public at a major conference or is being widely exploited globally. For consistency and simplicity, this section can be a mirror image of the CVSS “Exploitability” metric. However, it can also contain a more contextual status, such as “Weaponized” or “Functioning Code.”</dd> | |
| 43 <dt>Target Set:</dt><dd>Target Set contains a description of the currently known victim population in whatever terms are appropriate. Such terms may include: operating system platform, types of products, user segments, and geographic distribution.</dd> | |
| 44 </dl> | |
| 45 {% endcall %} | |
| 46 {% call textinput('date', "Date", now.isoformat(), date, type="datetime") %} | |
| 47 <p>The <em>Date</em> attribute is optional. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.</p> | |
| 48 {% endcall %} | |
| 49 {% call textarea('description', "Description", '', description, 5, required=True) %} | |
| 50 <p>The <strong>Description</strong> element will contain a thorough human-readable discussion of the <strong>Threat</strong>.</p> | |
| 51 {{ examples(['complete compromise of the integrity of affected machines'], 'Impact') }} | |
| 52 {{ examples(['none', 'proof of concept'], 'Exploit Status') }} | |
| 53 {{ examples(['Financial Institutions', 'US Government Agencies', 'All versions of BIND 9.4.0 and lower'], 'Target Set') }} | |
| 54 {% endcall %} | |
| 38 {{ selectinput2('products', "Products", products, productids, multiple=True) }} | 55 {{ selectinput2('products', "Products", products, productids, multiple=True) }} |
| 39 {% if groups %} | 56 {% if groups %} |
| 40 {{ selectinput2('groups', "Groups", groups, groupids, multiple=True)}} | 57 {{ selectinput2('groups', "Groups", groups, groupids, multiple=True)}} |
| 41 {% endif %} | 58 {% endif %} |
| 42 | 59 |