Mercurial > farol > farol

view farol/templates/common_edits.j2 @ 64:aad7db3f93b6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add support for Acknowledgments with multiple names and organizations
author Benoît Allard <benoit.allard@greenbone.net>
date Wed, 08 Oct 2014 14:28:29 +0200
parents 4ac1dd522998
children
line wrap: on
line source
{#
# Description:
# Web Template used in Farol Design
#
# Authors:
# Benoît Allard <benoit.allard@greenbone.net>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#}

{% from "macros.j2" import textinput, textarea, selectinput, examples %}

{% macro edit_title_type(doctitle, doctype) %}
{% call textinput("title", "Document Title", "", doctitle, required=True) %}
<p><strong>Document Title</strong> is a definitive canonical name for the document, providing enough descriptive content to differentiate from other similar documents, ideally providing a unique handle. While this field is largely up to the document producer, ICASI has some recommendations:</p>
<p>The title should be succinct and promptly give the reader an idea of what is to come. If the document producer also publishes a human-friendly document that goes hand-in-hand with a CVRF document, it is recommend that both documents use the same title. It is further recommended to include the manufacturer name with any product names mentioned in the title.</p>
{{ examples(['Cisco IPv6 Crafted Packet Vulnerability', 'CERT Vulnerabilities in Kerberos 5 Implementation', 'Cisco Content Services Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability', 'Symantec Brightmail AntiSpam Static Database Password', 'HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities', 'Microsoft Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution', 'Microsoft Vulnerability in Windows Explorer Could Allow Remote Code Execution' ]) }}
{% endcall %}
{% call textinput("type", "Document Type", "Security Advisory", doctype, required=True) %}
<p><strong>Document Type</strong> is a short canonical name, chosen by the document producer, which will inform the end user as to the type of document.</p>
{{ examples(['Vulnerability Report', 'Security Bulletin', 'Security Notice']) }}
{% endcall %}
{% endmacro %}

{% macro edit_note(types, note, ordinal) %}
<p><strong>Note</strong> is a place to put all manner of text blobs related to the document as a whole. It can be a concise summary of the overall document or a more compartmentalized and area-specific textual discussion. Depending on the need, there can be zero, one, or several <strong>Note</strong> elements in a given CVRF document.

<p>The note should contain a compartmentalized textual discussion constrained by its <em>Type</em> attribute.</p>
{% call selectinput("type", "Type", types, note and note._type or '') %}
<p><em>Type</em> can be one of the following:</p>
<dl class="dl-horizontal">
  <dt>General:</dt>
  <dd>A general, high-level note (<em>Title</em> may have more information).</dd>
  <dt>Details:</dt>
  <dd>A low-level detailed discussion (<em>Title</em> may have more information).</dd>
  <dt>Description:</dt>
  <dd>A description of something (<em>Title</em> may have more information).</dd>
  <dt>Summary:</dt>
  <dd>A summary of something (<em>Title</em> may have more information).</dd>
  <dt>FAQ:</dt>
  <dd>A list of frequently asked questions.</dd>
  <dt>Legal Disclaimer:</dt>
  <dd>Any possible legal discussion, including constraints, surrounding the document.</dd>
  <dt>Other:</dt>
  <dd>Something that doesnt fit (<em>Title</em> should have more information).</dd>
</dl>
{% endcall %}
{% call textinput("ordinal", "Ordinal", "", ordinal or note._ordinal, type="number", required=True, extras={'min': '1'}) %}
<p><em>Ordinal</em> is a mandatory, locally significant value used to track notes inside a CVRF document at the root (document) level. It is provided to uniquely identify a <strong>Note</strong>.</p>
<p>There should be one of these values for every <strong>Note</strong> inside <strong>Document Notes</strong>, and it is recommended that <em>Ordinal</em> should be instantiated as a monotonically increasing counter, indexed from 1. Each <em>Ordinal</em> that tracks a <strong>Note</strong> inside <strong>Document Notes</strong> is completely independent from an <em>Ordinal</em> tracking a <strong>Note</strong> inside <strong>Vulnerability/Notes</strong>.</p>
{% endcall %}
{% call textinput("title", "Title", "", note and note._title or '') %}
<p><em>Title</em> should be a concise description of what is contained in the text.</p>
{% endcall %}
{% call textinput("audience", "Audience", "", note and note._audience or '') %}
<p><em>Audience</em> will indicate who is intended to read it.</p>
{% endcall %}
{% call textarea("note", "Note", "", note and note._note or '', 10, required=True) %}
<p><strong>Note</strong> is a place to put all manner of text blobs related to the document as a whole. It can be a concise summary of the overall document or a more compartmentalized and area-specific textual discussion.</p>
<p>The note should contain a compartmentalized textual discussion constrained by its <em>Type</em> attribute.</p>
{% endcall %}
{% endmacro %}

{% macro edit_reference(types, _type, url, description) %}
<p>The <strong>Reference</strong> container should include references to any conferences, papers, advisories, and other resources that are related and considered to be of value to the document consumer.</p>
<p>The <strong>Reference</strong> element contains a description of a related document. This may include a plaintext or HTML version of the advisory or other related documentation, such as white papers or mitigation documentation.</p>
{% call selectinput("type", "Type", types, _type) %}
<p>The <em>Type</em> attribute denotes the type of the document reference relative to the given document. The following types are available:</p>
<dl class="dl-horizontal">
  <dt>External:</dt>
  <dd>The default value indicates the reference is external to the document.</dd>
  <dt>Self:</dt>
  <dd>This indicates the related document is actually a direct reference to itself.</dd>
</dl>
{% endcall %}
{% call textinput("url", "URL", "http://...", url, type="url", required=True) %}
<p><strong>URL</strong> is the fixed URL or location of the reference.</p>
{% endcall %}
{% call  textinput("description", "Description", "", description, required=True) %}
<p><strong>Description</strong> is a descriptive title or the name of the reference.</p>
{% endcall %}
{% endmacro %}

{% macro edit_acknowledgment(names, organizations, description, url) %}
<p><strong>Acknowledgment</strong> contains recognition of external parties that reported noncritical/low-severity security issues or provided information, observations, or suggestions that contributed to improved security or improved documentation in future releases of the document producer's products. This may also contain recognition to external parties that contributed toward producing this document.</p>
<p>This element indicates collaboration with the security community in a positive fashion and is an important part of a notice or advisory. Care should be taken to ensure that individuals would like to be acknowledged before they are included.</p>

{% call textinput("names", "Names", "", names | join(', '), help="Multiple names should be comma-separated.") %}
<p>The <strong>Name</strong> should contain the name of the party being acknowledged.</p>
{% endcall %}
{% call textinput("organizations", "Organizations", "", organizations | join(', '), help="Multiple organizations should be comma-separated.") %}
<p>The <strong>Organization</strong> should contain the organization of the party or if the <strong>Name</strong> is omitted, the organization itself that is being acknowledged.</p>
{% endcall %}
{% call textarea("description", "Description", "", description, 5) %}
<p>The <strong>Description</strong> can contain any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties.</p>
{{ examples (['Vendor X would like to thank [Name 3] from [OrgName] for reporting this issue.', 'Vendor  X would like to thank the following researchers for their contributions to making this project more secure:  [Name 1], [Name 2], [Name 3]']) }}
{% endcall %}
{% call textinput("url", "URL", "http://...", url, type="url") %}
<p><strong>URL</strong> is the optional URL to the person, place, or thing being acknowledged.</p>
{% endcall %}
{% endmacro %}
http://farol.wald.intevation.org