Mercurial > farol > farol
view farol/templates/vulnerability/edit_threat.j2 @ 53:249b3ad750b1
Add Descriptions for the Threat fields
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 07 Oct 2014 17:08:28 +0200 |
parents | 4a9f23230eba |
children |
line wrap: on
line source
{# # Description: # Web Template used in Farol Design # # Authors: # Benoît Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -#} {% extends "base.j2" %} {% from "macros.j2" import selectinput, textinput, textarea, selectinput2, examples %} {% block title %}Edit Threat{% endblock %} {% set active = 'vulnerability' %} {% block content %} <p><strong>Threat</strong> contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.</p> <p>A <strong>Threat</strong> container can be tied to one or more specific products by referencing these products using either the <strong>Product ID</strong> or <strong>Group ID</strong> child elements. If the <strong>Threat</strong> is meant to be general or nonspecific for all products, the <strong>Product ID</strong> and <strong>Group ID</strong> child elements should be omitted.</p> <form role="form" method="POST"> {% call selectinput('type', "Type", types, type) %} <p>The <em>Type</em> of <strong>Threat</strong> is required and can be one of the following:</p> <dl class="dl-horizontal"> <dt>Impact:</dt><dd>Impact contains an assessment of the impact on the user or the target set if the vulnerability is successfully exploited. (A description of the <samp>Target Set</samp> <em>Type</em> follows.) If applicable, for consistency and simplicity, this section can be a textual summary of the three CVSS impact metrics. These metrics measure how a vulnerability detracts from the three core security properties of an information system: Confidentiality, Integrity, and Availability.</dd> <dt>Exploit Status:</dt><dd>Exploit Status contains a description of the degree to which an exploit for the vulnerability is known. This knowledge can range from information privately held among a very small group to an issue that has been described to the public at a major conference or is being widely exploited globally. For consistency and simplicity, this section can be a mirror image of the CVSS “Exploitability” metric. However, it can also contain a more contextual status, such as “Weaponized” or “Functioning Code.”</dd> <dt>Target Set:</dt><dd>Target Set contains a description of the currently known victim population in whatever terms are appropriate. Such terms may include: operating system platform, types of products, user segments, and geographic distribution.</dd> </dl> {% endcall %} {% call textinput('date', "Date", now.isoformat(), date, type="datetime") %} <p>The <em>Date</em> attribute is optional. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.</p> {% endcall %} {% call textarea('description', "Description", '', description, 5, required=True) %} <p>The <strong>Description</strong> element will contain a thorough human-readable discussion of the <strong>Threat</strong>.</p> {{ examples(['complete compromise of the integrity of affected machines'], 'Impact') }} {{ examples(['none', 'proof of concept'], 'Exploit Status') }} {{ examples(['Financial Institutions', 'US Government Agencies', 'All versions of BIND 9.4.0 and lower'], 'Target Set') }} {% endcall %} {{ selectinput2('products', "Products", products, productids, multiple=True) }} {% if groups %} {{ selectinput2('groups', "Groups", groups, groupids, multiple=True)}} {% endif %} <button class="btn btn-primary" type="submit">{{ action or 'Update' }}</button> <a class="btn btn-danger" href="{% if action=='Add' %}{{ url_for('.view', ordinal=ordinal) }}{% else %}{{ url_for('.view_threat', ordinal=ordinal, index=index) }}{% endif %}">Cancel</a> </form> {% endblock %}