# HG changeset patch # User BenoƮt Allard # Date 1420454326 -3600 # Node ID 000114da182d2e6689a01573da8aed3531d4285b # Parent ff8f4639c6be53b8c8fb6bd701d0795508e5d7cf New lifting for the 'new' page diff -r ff8f4639c6be -r 000114da182d CHANGES --- a/CHANGES Mon Jan 05 11:37:44 2015 +0100 +++ b/CHANGES Mon Jan 05 11:38:46 2015 +0100 @@ -6,6 +6,7 @@ * Set the User-Agent to external requests to a non-default value. * Add support for HTML export and CVE import * Full product Tree can be directly created from the CPE information. +* Improve styling of the 'new' page. Farol 1.0.1 (2014-11-17) ======================== diff -r ff8f4639c6be -r 000114da182d farol/main.py --- a/farol/main.py Mon Jan 05 11:37:44 2015 +0100 +++ b/farol/main.py Mon Jan 05 11:38:46 2015 +0100 @@ -103,7 +103,7 @@ def welcome(): return render_template('welcome.j2', version=__version__, - imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], + imports=[('New', 100), ('CVRF', 100), ('CVE', 90)], exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] @@ -178,7 +178,64 @@ @app.route('/new', methods=['GET', 'POST']) def new(): if request.method != 'POST': - return render_template('new.j2', has_document=has_current(), now=utcnow()) + input_choices = [ + ('RHSA', 'YYYY:nnnn', '2014:0981', """ +RedHat publishes their advisories in CVRF format since May 2012 +covering all of their products. + +Redhat provides a FAQ about the CVRF support here: +https://access.redhat.com/articles/124913 + +Farol downloads the CVRF documents from this location: +https://www.redhat.com/security/data/cvrf/ +"""), + ('Oracle', 'nnnnnnn', '2188432', """ +Oracle uses the CVRF format to publish their Critical Patch Updates (CPUs). + +Oracle published an article about adopting CVRF: +https://blogs.oracle.com/security/entry/use_of_the_common_vulnerability + +The FAQ for the CPUs is available here: +http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html + +Farol downloads the CVRF documents from this location: +http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent +"""), + ('Cisco', 'sa-YYYYMMDD-xxx', 'sa-20140605-openssl', """ +Cisco was one of the main actors driving the CVRF format. + +See also the Blog post at CISCO: +http://blogs.cisco.com/tag/cvrf + +Farol downloads the CVRF documents from this location: +http://tools.cisco.com/security/center/contentxml +"""), + ('CVE', 'CVE-YYYY-NNNN', 'CVE-2014-7088', """ +It is possible to convert CVE information into CVRF format. + +Read here about Common Vulnerabilities and Exposures (CVEs): +http://cve.mitre.org/ + +MITRE publishes CVE in CVRF Format: +https://cve.mitre.org/cve/cvrf.html + +However, those CVRF documents do not cover all of the CVE content. +Therefore, Farol downloads the XML object of CVEs from Greenbone's +SecInfo Portal via the web interface "Greenbone Security Assistant". +The CVE XML data retrieved from there are identical to the CVE +publication by NIST. + +Greenbone's SecInfo Portal: +https://secinfo.greenbone.net +"""), + ('URL', 'https://...', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf', """ +Farol can download a given URL for a CVRF document. + +The provided example is a Greenbone Security Advisory from +http://www.greenbone.net/technology/security.html +""") + ] + return render_template('new.j2', input_choices=input_choices, has_document=has_current(), now=utcnow()) if 'rhsa' in request.form: set_RHSA(request.form['id']) @@ -190,7 +247,7 @@ flash("I'm not able to parse NASL scripts yet", 'danger') return redirect(url_for('new')) elif 'url' in request.form: - download_url(request.form['url']) + download_url(request.form['id']) elif 'cve' in request.form: parse_cve_from_gsa(request.form['id']) elif 'local' in request.files: diff -r ff8f4639c6be -r 000114da182d farol/templates/new.j2 --- a/farol/templates/new.j2 Mon Jan 05 11:37:44 2015 +0100 +++ b/farol/templates/new.j2 Mon Jan 05 11:38:46 2015 +0100 @@ -27,6 +27,36 @@ {% from "macros.j2" import textinput, textarea, panel %} {% from "common_edits.j2" import edit_title_type %} +{% macro input_download(width, type, placeholder, example, help) %} +
+ {% call modal(type | lower + "_modal", type + " help") %} + {% for p in help.split('\n\n') %} +

{{ p | urlize }}

+ {% endfor %} + {% endcall %} +
+ +
+
+ {{ type }}: + +
+ + + +
+
+
+
+
+{% endmacro %} + {% set active='new' %} {% block title %}New{% endblock %} @@ -43,49 +73,22 @@

- Download a document + Upload a remote document

+ {% for row in input_choices[:-1] | batch(3) %}
- {% for (type, placeholder) in [ - ('RHSA', 'YYYY:nnnn'), - ('Oracle', 'nnnnnnn'), - ('Cisco', 'sa-YYYYMMDD-xxx'),('CVE', 'CVE-YYYY-NNNN')] %} -
-
- -
-
- {{ type }}: - - - - -
-
-
-
+ {% for (type, placeholder, example, help) in row %} + {{ input_download(4, type, placeholder, example, help) }} {% endfor %}
-
-
-
-
- URL: - - - - -
-
-
+ {% endfor %} +
+ {{ input_download(12, *input_choices[-1]) }}
-
- {% set comma = joiner(', ') %} -

Some examples: {% for (name, id, value) in [('Red Hat Security Advisory: kernel security, bug fix, and enhancement update', 'rhsa', '2014:0981'), ('Oracle Critical Patch Update Advisory - April 2014', 'oracle' , '2188432'), ('Multiple Vulnerabilities in OpenSSL Affecting Cisco Products','cisco','sa-20140605-openssl'), ('Greenbone Security Advisory 2013-01', 'url', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf')] %}{{ comma() }}{{ name }}{% endfor %}

@@ -94,7 +97,7 @@

- Upload a document + Upload a local document

@@ -112,7 +115,7 @@

- Raw text + Upload raw text

@@ -179,6 +182,8 @@ {{ POST_button(url_for('cache.load', element=element), text=element, style="btn-link") }} {% endif %} + {% else %} +
  • Cache is empty
    • {% endfor %} {% endcall %}