benoit@0: {#
benoit@0: # Description:
benoit@0: # Template for generation of CVRF documents
benoit@0: #
benoit@0: # Authors:
benoit@0: # Benoît Allard <benoit.allard@greenbone.net>
benoit@0: #
benoit@0: # Copyright:
benoit@0: # Copyright (C) 2014 Greenbone Networks GmbH
benoit@0: #
benoit@0: # This program is free software; you can redistribute it and/or
benoit@0: # modify it under the terms of the GNU General Public License
benoit@0: # as published by the Free Software Foundation; either version 2
benoit@0: # of the License, or (at your option) any later version.
benoit@0: #
benoit@0: # This program is distributed in the hope that it will be useful,
benoit@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of
benoit@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
benoit@0: # GNU General Public License for more details.
benoit@0: #
benoit@0: # You should have received a copy of the GNU General Public License
benoit@0: # along with this program; if not, write to the Free Software
benoit@0: # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
benoit@0: -#}
benoit@0: 
benoit@0: <?xml version="1.0" encoding="utf-8"?>
benoit@0: 
benoit@0: {#- Some macros for producttree generation #}
benoit@0: {%- macro FullProductNames(producttree, parent) %}
benoit@0:   {%- for product in producttree._products %}
benoit@0:     {%- if product._parent is sameas parent %}
benoit@0:       <FullProductName{{ {'ProductID': product._productid, 'CPE': product._cpe} | xmlattr }}>
benoit@0:         {{- product._name -}}
benoit@0:       </FullProductName>
benoit@0:     {%- endif %}
benoit@0:   {%- endfor %}
benoit@0: {%- endmacro %}
benoit@0: 
benoit@0: {%- macro Note(note) -%}
benoit@0:   <Note{{ {'Type': note._type, 'Ordinal': note._ordinal, 'Title': note._title, 'Audience': note._audience} | xmlattr }}>
benoit@0:     {{- note._note | escape -}}
benoit@0:   </Note>
benoit@0: {%- endmacro %}
benoit@0: <cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1">
benoit@0:   <DocumentTitle>{{ cvrf._title }}</DocumentTitle>
benoit@0:   <DocumentType>{{ cvrf._type }}</DocumentType>
benoit@0:   {%- with publisher = cvrf._publisher %}
benoit@0:   <DocumentPublisher{{ {'Type': publisher._type, 'VendorID': publisher._vendorid} | xmlattr }}>
benoit@0:     {%- if publisher._contact %}
benoit@0:     <ContactDetails>{{ publisher._contact }}</ContactDetails>
benoit@0:     {%- endif %}
benoit@0:     {%- if publisher._authority %}
benoit@0:     <IssuingAuthority>{{ publisher._authority }}</IssuingAuthority>
benoit@0:     {%- endif %}
benoit@0:   </DocumentPublisher>
benoit@0:   {%- endwith %}
benoit@0:   {%- with tracking = cvrf._tracking %}
benoit@0:   <DocumentTracking>
benoit@0:     <Identification>
benoit@0:       <ID>{{ tracking._identification._id }}</ID>
benoit@0:       {%- for alias in tracking._identification._aliases %}
benoit@0:       <Alias>{{ alias }}</Alias>
benoit@0:       {%- endfor %}
benoit@0:     </Identification>
benoit@0:     <Status>{{ tracking._status }}</Status>
benoit@0:     <Version>{{ tracking._version | join('.') }}</Version>
benoit@0:     <RevisionHistory>
benoit@0:       {%- for revision in tracking._history %}
benoit@0:       <Revision>
benoit@0:         <Number>{{ revision._number | join('.') }}</Number>
benoit@0:         <Date>{{ revision._date.isoformat() }}</Date>
benoit@0:         <Description>{{ revision._description }}</Description>
benoit@0:       </Revision>
benoit@0:       {%- endfor %}
benoit@0:     </RevisionHistory>
benoit@0:     <InitialReleaseDate>{{ tracking._initialDate.isoformat() }}</InitialReleaseDate>
benoit@0:     <CurrentReleaseDate>{{ tracking._currentDate.isoformat() }}</CurrentReleaseDate>
benoit@0:     {%- if tracking._generator %}
benoit@0:     <Generator>
benoit@0:     {%- with generator = tracking._generator %}
benoit@0:       {%- if generator._engine %}
benoit@0:       <Engine>{{ generator._engine }}</Engine>
benoit@0:       {%- endif %}
benoit@0:       {%- if generator._date %}
benoit@0:       <Date>{{ generator._date.isoformat() }}</Date>
benoit@0:       {%- endif %}
benoit@0:     {%- endwith %}
benoit@0:     </Generator>
benoit@0:     {%- endif %}
benoit@0:   </DocumentTracking>
benoit@0:   {%- endwith %}
benoit@0:   {%- if cvrf._notes %}
benoit@0:   <DocumentNotes>
benoit@0:     {%- for note in cvrf._notes %}
benoit@0:     {{ Note(note) }}
benoit@0:     {%- endfor %}
benoit@0:   </DocumentNotes>
benoit@0:   {%- endif %}
benoit@0:   {%- if cvrf._distribution %}
benoit@0:   <DocumentDistribution>{{ cvrf._distribution }}</DocumentDistribution>
benoit@0:   {%- endif %}
benoit@0:   {#- AggregateSeverity is missing #}
benoit@0:   {%- if cvrf._references %}
benoit@0:   <DocumentReferences>
benoit@0:     {%- for reference in cvrf._references %}
benoit@0:     <Reference{{ {'Type': reference._type} | xmlattr }}>
benoit@0:       <URL>{{ reference._url }}</URL>
benoit@0:       <Description>{{ reference._description }}</Description>
benoit@0:     </Reference>
benoit@0:     {%- endfor %}
benoit@0:   </DocumentReferences>
benoit@0:   {%- endif %}
benoit@0:   {%- if cvrf._acknowledgments %}
benoit@0:   <Acknowledgments>
benoit@0:     {%- for acknowledgment in cvrf._acknowledgments %}
benoit@0:     <Acknowledgment>
benoit@0:       {%- if acknowledgment._name %}
benoit@0:       <Name>{{ acknowledgment._name }}</Name>
benoit@0:       {%- endif %}
benoit@0:       {%- if acknowledgment._organization %}
benoit@0:       <Organization>{{ acknowledgment._organization }}</Organization>
benoit@0:       {%- endif %}
benoit@0:       {%- if acknowledgment._description %}
benoit@0:       <Description>{{ acknowledgment._description }}</Description>
benoit@0:       {%- endif %}
benoit@0:       {%- if acknowledgment._url %}
benoit@0:       <URL>{{ acknowledgment._url }}</URL>
benoit@0:       {%- endif %}
benoit@0:     </Acknowledgment>
benoit@0:     {%- endfor %}
benoit@0:   </Acknowledgments>
benoit@0:   {%- endif %}
benoit@0:   {%- if cvrf._producttree %}
benoit@0:   <ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
benoit@0:   {%- with producttree = cvrf._producttree %}
benoit@0:     {%- for branch in producttree._branches recursive %}
benoit@0:     <Branch{{ {'Type': branch._type, 'Name': branch._name} | xmlattr }}>
benoit@0:       {{- loop(branch._childs) }}
benoit@0:       {{- FullProductNames(producttree, branch) }}
benoit@0:     </Branch>
benoit@0:     {%- endfor %}
benoit@0:     {{ FullProductNames(producttree, producttree) }}
benoit@0:     {%- for relationship in producttree._relationships -%}
benoit@0:     <Relationship{{ {'ProductReference': relationship._productreference, 'RelationType': relationship._relationtype, 'RelatesToProductReference': relationship._relatestoproductreference} | xmlattr }}>
benoit@0:       {{- FullProductNames(producttree, relationship) }}
benoit@0:     </Relationship>
benoit@0:     {%- endfor %}
benoit@0:     {%- if producttree._groups %}
benoit@0:     <ProductGroups>
benoit@0:       {%- for group in producttree._groups %}
benoit@0:       <Group{{ {'GroupID': group._id} | xmlattr }}>
benoit@0:         {%- if group._description %}
benoit@0:         <Description>{{ group._description }}</Description>
benoit@0:         {%- endif %}
benoit@0:         {%- for productid in group._productids %}
benoit@0:         <ProductID>{{ productid }}</ProductID>
benoit@0:         {%- endfor %}
benoit@0:       </Group>
benoit@0:       {%- endfor %}
benoit@0:     </ProductGroups>
benoit@0:     {%- endif %}
benoit@0:   {%- endwith %}
benoit@0:   </ProductTree>
benoit@0:   {%- endif %}
benoit@0:   {%- for vulnerability in cvrf._vulnerabilities %}
benoit@0:   <Vulnerability xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1" Ordinal="{{ vulnerability._ordinal}}">
benoit@0:     {%- if vulnerability._title %}
benoit@0:     <Title>{{ vulnerability._title }}</Title>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._id %}
benoit@0:     <ID SystemName="{{ vulnerability._id._systemname }}">{{ vulnerability._id._value }}</ID>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._notes %}
benoit@0:     <Notes>
benoit@0:       {%- for note in vulnerability._notes %}
benoit@0:       {{ Note(note) }}
benoit@0:       {%- endfor %}
benoit@0:     </Notes>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._discoverydate %}
benoit@0:     <DiscoveryDate>{{ vulnerability._discoverydate.isoformat() }}</DiscoveryDate>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._releasedate %}
benoit@0:     <ReleaseDate>{{ vulnerability._releasedate.isoformat() }}</ReleaseDate>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._involvements %}
benoit@0:     <Involvements>
benoit@0:       {%- for involvement in vulnerability._involvements %}
benoit@0:       <Involvement{{ {'Party': involvement._party, 'Status': involvement._status} | xmlattr }}>
benoit@0:         {%- if involvement._description %}
benoit@0:         <Description>{{ involvement._description }}</Description>
benoit@0:         {%- endif %}
benoit@0:       </Involvement>
benoit@0:       {%- endfor %}
benoit@0:     </Involvements>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._cve %}
benoit@0:     <CVE>{{ vulnerability._cve }}</CVE>
benoit@0:     {%- endif %}
benoit@0:     {%- for cwe in vulnerability._cwes %}
benoit@0:     <CWE ID="{{ cwe._id }}">{{ cwe._value }}</CWE>
benoit@0:     {%- endfor %}
benoit@0:     {%- if vulnerability._productstatuses %}
benoit@0:     <ProductStatuses>
benoit@0:       {%- for status in vulnerability._productstatuses %}
benoit@0:       <Status Type="{{ status._type }}">
benoit@0:         {%- for productid in status._productids %}
benoit@0:         <ProductID>{{ productid }}</ProductID>
benoit@0:         {%- endfor %}
benoit@0:       </Status>
benoit@0:       {%- endfor %}
benoit@0:     </ProductStatuses>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._cvsss %}
benoit@0:     <CVSSScoreSets>
benoit@0:       {%- for cvss in vulnerability._cvsss %}
benoit@0:       <ScoreSet>
benoit@0:         <BaseScore>{{ cvss._basescore }}</BaseScore>
benoit@0:         {%- if cvss._temporalscore %}
benoit@0:         <TemporalScore>{{ cvss._temporalscore }}</TemporalScore>
benoit@0:         {%- endif %}
benoit@0:         {%- if cvss._environmentalscore %}
benoit@0:         <EnvironmentalScore>{{ cvss._environmentalscore }}</EnvironmentalScore>
benoit@0:         {%- endif %}
benoit@0:         {%- if cvss._vector %}
benoit@0:         <Vector>{{ cvss._vector }}</Vector>
benoit@0:         {%- endif %}
benoit@0:         {%- for productid in cvss._productids %}
benoit@0:         <ProductID>{{productid}}</ProductID>
benoit@0:         {%- endfor %}
benoit@0:       </ScoreSet>
benoit@0:       {%- endfor %}
benoit@0:     </CVSSScoreSets>
benoit@0:     {%- endif %}
benoit@0:     {%- if vulnerability._remediations %}
benoit@0:     <Remediations>
benoit@0:       {%- for remediation in vulnerability._remediations %}
benoit@0:       <Remediation Type="{{ remediation._type }}"{% if remediation._date %} Date="{{ remediation._date.isoformat() }}"{% endif %}>
benoit@0:         <Description>{{ remediation._description }}</Description>
benoit@0:         {%- if remediation._entitlement %}
benoit@0:         <Entitlement>{{ remediation._entitlement }}</Entitlement>
benoit@0:         {%- endif %}
benoit@0:         {%- if remediation._url %}
benoit@0:         <URL>{{ remediation._url }}</URL>
benoit@0:         {%- endif %}
benoit@0:         {%- for productid in remediation._productids %}
benoit@0:         <ProductID>{{ productid }}</ProductID>
benoit@0:         {%- endfor %}
benoit@0:         {%- for groupid in remediation._groupids %}
benoit@0:         <GroupID>{{ groupid }}</GroupID>
benoit@0:         {%- endfor %}
benoit@0:       </Remediation>
benoit@0:       {%- endfor %}
benoit@0:     </Remediations>
benoit@0:     {%- endif %}
benoit@0:   </Vulnerability>
benoit@0:   {%- endfor %}
benoit@0: </cvrfdoc>