Mercurial > farol > farol
view farol/templates/producttree/view.j2 @ 163:1d63a532ccce
Add possibility to create product Tree from the cpe itself.
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Dec 2014 14:34:21 +0100 |
parents | 43cd11ba7928 |
children |
line wrap: on
line source
{# # Description: # Web Template used in Farol Design # # Authors: # BenoƮt Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -#} {% extends "base.j2" %} {% from "macros.j2" import panel, modal, add_button, edit_button, delete_button %} {% block title %}Product Tree{% endblock %} {% set active = 'product' %} {% block content %} <div class='page-header'> <h1>Document's Product Tree<a href="#prodtree_modal" data-toggle="modal">?</a> <small>{{ producttree._products | length }} Products defined</small></h1> </div> {% call modal('prodtree_modal', "Product Tree") %} <p>The <strong>Product Tree</strong> container contains all the fully qualified product names that can be referenced elsewhere in the document (specifically when describing the products that are affected by a vulnerability using the <strong>Product Statuses</strong>, <strong>Threats</strong>, <strong>CVSS Score Sets</strong>, and <strong>Remediation</strong> containers). The <strong>Product Tree</strong> can have as many branches as needed, but each endpoint of the tree must be terminated with a <strong>Full Product Name</strong> element, which represents a product that can be referenced elsewhere.</p> <p>The <strong>Product Tree</strong> can be kept simple (flat) or made more detailed (branched out). It also supports concatenating products to describe relationships, such as components contained in a product or products installed on other products.</p> <dl> <dt>Flat:</dt> <dd><p>In the simplest case, a flat <strong>Product TreeM</strong> would contain one or more <strong>Full Product Name</strong> elements at the root level, one for each product that needs to be described.</p></dd> <dt>Branched:</dt> <dd><p>In a more detailed <strong>Product Tree</strong>, the root element would contain one or more <strong>Branch</strong> elements at the root level, one for each class/type/category of product, each of which again contains one or more <strong>Branch</strong> elements until all desired categories and subcategories are described to the satisfaction of the document issuer. Then each open <strong>Branch</strong> element is terminated with the actual product item in the form of a <strong>Full Product Name</strong> element.</p></dd> <dt>Concatenated:</dt> <dd><p>No matter whether a flat or branched structure is chosen, you may need to be able to describe the combination of two <strong>Full Product Name</strong> elements, such as when a product is only vulnerable when installed together with another, or to describe operating system components. To do that, a <strong>Relationship</strong> element is inserted at the root of the <strong>Product Tree</strong>, with attributes establishing a link between two existing <strong>Full Product Name</strong> elements, allowing the document producer to define a combination of two products that form a new <strong>Full Product Name</strong> entry.</p></dd> <dt>Grouped:</dt> <dd><p>Once <strong>Full Product Name</strong> elements are defined, they may be freely added to logical groups, which may then be used to refer to a group of products. Given that it is possible for a product to be a member of more than one logical group, some areas of the CVRF document may not allow references to product groups to avoid ambiguity.</p></dd> </dl> {% endcall %} {% call panel(heading="Branches", badge=producttree._branches | length, title=4, extended=True) %} {% for branch in producttree._branches recursive %} {% call panel() %} <div> {{ branch._type}}: <em>{{ branch._name }}</em> {{ edit_button(url_for('.edit_branch', path=branch.getPath() | join('/'))) }} {% if branch.isOrphaned() %} {{ delete_button(url_for('.del_branch', path=branch.getPath() | join('/'))) }} {% endif %} </div> {% if branch._product %} <p><strong><a href="{{ url_for('.view_product', productid=branch._product._productid) }}">{{ branch._product._name }}</a></strong></p> {% else %} {{ loop(branch._childs) }} {% endif %} {% if branch.isOrphaned() %} <p class="text-danger">This branch is <em>orphaned</em>. A <a href="{{ url_for('.add_product') }}">product</a> or a new <a href="{{ url_for('.add_branch') }}">branch</a> should be created as child of this one.</p> {% endif %} {% endcall %} {% endfor %} <div class="pull-right">{{ add_button(url_for('.add_branch')) }}</div> {% endcall %} {% call panel(heading="Products", badge=producttree.nbProducts(), title=4) %} {% for product in producttree._products if product._parent is sameas producttree %} <p><strong><a href="{{ url_for('.view_product', productid=product._productid) }}">{{ product._name }}</a></strong></p> {% endfor %} <div class="pull-right">{{ add_button(url_for('.add_product')) }}</div> {% endcall %} {% call panel(heading="Relationships", badge=producttree._relationships | length, title=4) %} {% for relationship in producttree._relationships %} {% call panel() %} <div> <em>{{ cvrf.getProductForID(relationship._productreference)._name }}</em> as {{ relationship._relationtype | lower }} <em>{{ cvrf.getProductForID(relationship._relatestoproductreference)._name }}</em> {{ edit_button(url_for('.edit_relationship', index=loop.index0)) }} {% if relationship.isOrphaned() %} {{ delete_button(url_for('.del_relationship', index=loop.index0)) }} {% endif %} </div> {% if relationship._product %} <p><strong><a href="{{ url_for('.view_product', productid=relationship._product._productid) }}">{{ relationship._product._name }}</a></strong></p> {% endif %} {% if relationship.isOrphaned() %} <p class="text-danger">This relationship is <em>orphaned</em>. A product should be <a href="{{ url_for('.add_product') }}">created</a> as child of this one.</p> {% endif %} {% endcall %} {% endfor %} <div class="pull-right">{{ add_button(url_for('.add_relationship')) }}</div> {% endcall %} {% call panel(heading="Groups", badge=producttree._groups | length, title=4) %} {% for group in producttree._groups %} {% call panel() %} <div class="pull-right"> {{ edit_button(url_for('.edit_group', groupid=group._groupid)) }} {%if cvrf.isGroupOrphan(group._groupid) %} {{ delete_button(url_for('.del_group', groupid=group._groupid)) }} {% endif %} </div> {% if group._description %}<p class="small">{{ group._description }}</p>{% endif %} <ul> {% for productid in group._productids %} {% with product = cvrf.getProductForID(productid) %} <li><a href="{{ url_for('.view_product', productid=product._productid) }}">{{ product._name }}</a></li> {% endwith %} {% endfor %} </ul> {% endcall %} {% endfor %} <div class="pull-right">{{ add_button(url_for('.add_group')) }}</div> {% endcall %} <div class="pull-right"> {% if cvrf.isProductTreeOrphan() %} {{ delete_button(url_for('.delete'), text="delete whole Product Tree") }} {% else %} <p class="text-danger"><small>The Product Tree cannot be deleted as some of its elements are referenced in the Document</small></p> {% endif %} </div> {% endblock %}