Mercurial > farol > farol
diff farol/main.py @ 167:000114da182d
New lifting for the 'new' page
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Mon, 05 Jan 2015 11:38:46 +0100 |
| parents | 4d8218fbe686 |
| children | 964d7caf70b0 |
line wrap: on
line diff
--- a/farol/main.py Mon Jan 05 11:37:44 2015 +0100 +++ b/farol/main.py Mon Jan 05 11:38:46 2015 +0100 @@ -103,7 +103,7 @@ def welcome(): return render_template('welcome.j2', version=__version__, - imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], + imports=[('New', 100), ('CVRF', 100), ('CVE', 90)], exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] @@ -178,7 +178,64 @@ @app.route('/new', methods=['GET', 'POST']) def new(): if request.method != 'POST': - return render_template('new.j2', has_document=has_current(), now=utcnow()) + input_choices = [ + ('RHSA', 'YYYY:nnnn', '2014:0981', """ +RedHat publishes their advisories in CVRF format since May 2012 +covering all of their products. + +Redhat provides a FAQ about the CVRF support here: +https://access.redhat.com/articles/124913 + +Farol downloads the CVRF documents from this location: +https://www.redhat.com/security/data/cvrf/ +"""), + ('Oracle', 'nnnnnnn', '2188432', """ +Oracle uses the CVRF format to publish their Critical Patch Updates (CPUs). + +Oracle published an article about adopting CVRF: +https://blogs.oracle.com/security/entry/use_of_the_common_vulnerability + +The FAQ for the CPUs is available here: +http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html + +Farol downloads the CVRF documents from this location: +http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent +"""), + ('Cisco', 'sa-YYYYMMDD-xxx', 'sa-20140605-openssl', """ +Cisco was one of the main actors driving the CVRF format. + +See also the Blog post at CISCO: +http://blogs.cisco.com/tag/cvrf + +Farol downloads the CVRF documents from this location: +http://tools.cisco.com/security/center/contentxml +"""), + ('CVE', 'CVE-YYYY-NNNN', 'CVE-2014-7088', """ +It is possible to convert CVE information into CVRF format. + +Read here about Common Vulnerabilities and Exposures (CVEs): +http://cve.mitre.org/ + +MITRE publishes CVE in CVRF Format: +https://cve.mitre.org/cve/cvrf.html + +However, those CVRF documents do not cover all of the CVE content. +Therefore, Farol downloads the XML object of CVEs from Greenbone's +SecInfo Portal via the web interface "Greenbone Security Assistant". +The CVE XML data retrieved from there are identical to the CVE +publication by NIST. + +Greenbone's SecInfo Portal: +https://secinfo.greenbone.net +"""), + ('URL', 'https://...', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf', """ +Farol can download a given URL for a CVRF document. + +The provided example is a Greenbone Security Advisory from +http://www.greenbone.net/technology/security.html +""") + ] + return render_template('new.j2', input_choices=input_choices, has_document=has_current(), now=utcnow()) if 'rhsa' in request.form: set_RHSA(request.form['id']) @@ -190,7 +247,7 @@ flash("I'm not able to parse NASL scripts yet", 'danger') return redirect(url_for('new')) elif 'url' in request.form: - download_url(request.form['url']) + download_url(request.form['id']) elif 'cve' in request.form: parse_cve_from_gsa(request.form['id']) elif 'local' in request.files: