Mercurial > farol > farol

view farol/templates/vulnerability/edit.j2 @ 178:e46fb0027e52 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tag 1.1.1 for changeset ae584cfe6252
author Benoît Allard <benoit.allard@greenbone.net>
date Thu, 08 Jan 2015 14:37:57 +0100
parents c6753fb93b3b
children
line wrap: on
line source
{#
# Description:
# Web Template used in Farol Design
#
# Authors:
# Benoît Allard <benoit.allard@greenbone.net>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#}

{% extends "base.j2" %}
{% from "macros.j2" import textinput, panel, examples %}
{% block title %}{{ vulnerability._title }}{% endblock %}

{% set active="vulnerability" %}

{% block content %}
<p><strong>Vulnerability</strong> is a container for the aggregation of all fields that are related to a single vulnerability in the document</p>
<form role="form" method="POST">
  {% call textinput('ordinal', "Ordinal", value=vulnerability._ordinal, required=True, type="number", extras={'min': '1'}) %}
  <p><em>Ordinal</em> is a locally significant value used to track vulnerabilities inside a CVRF document. It is provided to enable specific vulnerabilities to be referenced from elsewhere in the document (or even outside the namespace of a document provided that a unique <strong>Document Title</strong> and Revision information are provided). There should be one of these values for every <strong>Vulnerability</strong> container in a document, and it is recommended that <em>Ordinal</em> should be instantiated as a monotonically increasing counter, indexed from 1.</p>
  {% endcall %}
  {% call textinput('title', "Title", value=vulnerability._title or '') %}
  <p><strong>Title</strong> gives the document producer the ability to apply a canonical name or title to the vulnerability. To avoid confusion, it is recommended that, if employed, this element commensurately match the nomenclature used by any numbering or cataloging systems references elsewhere, such as the <strong>Document Title</strong> or <strong>CVE</strong>.</p>
  {{ examples(['February 2011 TelePresence Vulnerability Bundle']) }}
  {% endcall %}
  {% call panel(heading="ID", title=4, collapsible=False) %}
    <p>ID gives the document producer a place to publish a unique label or tracking ID for the vulnerability (if such information exists).</p>
    <p>General examples may include an identifier from a vulnerability tracking system that is available to customers, such as a Cisco bug ID, an ID from a Bugzilla system, or an ID from a public vulnerability database such as the X-Force Database. The <strong>ID</strong> may be a vendor-specific value.</p>
    {% with id = vulnerability._id %}
    {% call textinput('systemname', "System Name", value= id and (id._systemname or '') or '') %}
    <p>The attribute <em>System Name</em> indicates the name of the vulnerability tracking or numbering system that this <strong>ID</strong> comes from. Every <strong>ID</strong> value should have exactly one <em>System Name</em>. It is helpful if document producers use unique and consistent system names.</p>
    {{ examples(['Cisco Bug ID']) }}
    {% endcall %}
    {{ textinput('id_value', "Value", value= id and (id._value or '') or '') }}
    {% endwith %}
  {% endcall %}
  {% call textinput('discoverydate', "Discovery Date", now.isoformat(), vulnerability._discoverydate and vulnerability._discoverydate.isoformat() or '', type="datetime") %}
  <p>The <strong>Discovery Date</strong> is the date the vulnerability was originally discovered. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or Zulu time). If a time zone is excluded, Zulu should be assumed.</p>
  {% endcall %}
  {% call textinput('releasedate', "Release Date", now.isoformat(), vulnerability._releasedate and vulnerability._releasedate.isoformat() or '', type="datetime") %}
  <p>The <strong>Release Date</strong> is the date the vulnerability was originally released into the wild. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or Zulu time). If a time zone is excluded, Zulu should be assumed.</p>
  {% endcall %}
  {% call textinput('cve', "CVE", 'CVE-xxxx-yyyy', vulnerability._cve) %}
  <p><strong>CVE</strong> contains the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. CVE is a standard for vulnerability naming that provides improved tracking of vulnerabilities over time across different reporting sources. More information about CVE is available at {{ 'http://cve.mitre.org/' | urlize }}.</p>
  {{ examples(['CVE-2006-0010']) }}
  {% endcall %}
  <button type="submit" class="btn btn-primary">{{ action or 'Update' }}</button>
  <a class="btn btn-danger" href="{% if action=='Add' %}{{ url_for('document.view') }}{% else %}{{ url_for('.view', ordinal=vulnerability._ordinal) }}{% endif %}">Cancel</a>
</form>
{% endblock %}
http://farol.wald.intevation.org