# HG changeset patch # User Benoît Allard # Date 1412679670 -7200 # Node ID 7c4d001839e7b64fe266d9a896f1f5c727185797 # Parent df5182d0787f5ba6a6b44470891fc563526c4747 Move the Display of the ProductTree to its own page diff -r df5182d0787f -r 7c4d001839e7 farol/producttree.py --- a/farol/producttree.py Tue Oct 07 09:45:46 2014 +0200 +++ b/farol/producttree.py Tue Oct 07 13:01:10 2014 +0200 @@ -49,8 +49,14 @@ @document_required def create(): get_current().createProductTree() - return redirect(url_for('document.view')) + return redirect(url_for('.view')) +@producttree.route('/') +@document_required +@producttree_required +def view(): + return render_template('producttree/view.j2', + producttree=get_current()._producttree) @producttree.route('/branch//edit', methods=['GET', 'POST']) @document_required @@ -82,7 +88,7 @@ branch._type = request.form['type'] branch._name = request.form['name'] - return redirect(url_for('document.view')) + return redirect(url_for('.view')) @producttree.route('/branch/add', methods=['GET', 'POST']) @document_required @@ -99,7 +105,7 @@ pbranch = ptree.getBranch([int(p) for p in request.form['parent'].split('/')]) branch = CVRFProductBranch(request.form['type'], request.form['name'], pbranch) ptree.addBranch(branch) - return redirect(url_for('document.view')) + return redirect(url_for('.view')) @producttree.route('/product/') @document_required @@ -158,7 +164,7 @@ product._productid = request.form['productid'] product._name = request.form['name'] product._cpe = request.form['cpe'] or None - return redirect(url_for('document.view')) + return redirect(url_for('.view')) @producttree.route('/product/add', methods=['GET', 'POST']) @document_required @@ -185,7 +191,7 @@ product = CVRFFullProductName(request.form['productid'], request.form['name'], parent, request.form['cpe'] or None) ptree.addProduct(product) - return redirect(url_for('document.view')) + return redirect(url_for('.view')) @producttree.route('/relationship//edit', methods=['GET', 'POST']) @document_required @@ -204,7 +210,7 @@ rel._productreference = request.form['productreference'] rel._relationtype = request.form['relationtype'] rel._relatestoproductreference = request.form['relatestoproductreference'] - return redirect(url_for('document.view')) + return redirect(url_for('.view')) @producttree.route('/relationship/add', methods=['GET', 'POST']) @document_required @@ -228,7 +234,7 @@ rel = CVRFRelationship(prodid1, request.form['relationtype'], prodid2) ptree.addRelationship(rel) - return redirect(url_for('document.view')) + return redirect(url_for('.view')) @producttree.route('/group//edit', methods=['GET', 'POST']) @document_required @@ -246,7 +252,7 @@ group._productids = [] for productid in request.form.getlist('products'): group.addProductID(productid) - return redirect(url_for('document.view')) + return redirect(url_for('.view')) @producttree.route('/group/add', methods=['GET', 'POST']) @document_required @@ -260,4 +266,4 @@ for productid in request.form.getlist('products'): group.addProductID(productid) get_current()._producttree.addGroup(group) - return redirect(url_for('document.view')) + return redirect(url_for('.view')) diff -r df5182d0787f -r 7c4d001839e7 farol/templates/document/view.j2 --- a/farol/templates/document/view.j2 Tue Oct 07 09:45:46 2014 +0200 +++ b/farol/templates/document/view.j2 Tue Oct 07 13:01:10 2014 +0200 @@ -136,58 +136,10 @@
- {% call panel(type="danger", heading="Product Tree", title=3) %} + {% call panel(type="danger", heading="Product Tree", title=3, collapsible=False) %} {% if cvrf._producttree %} - {% call panel(heading="Branches", badge=cvrf._producttree._branches | length, title=4, extended=True) %} - {% for branch in cvrf._producttree._branches recursive %} - {% call panel() %} -

{{ branch._type}}: {{ branch._name }} (edit)

- {% if branch._product %} - {{ branch._product._name }} (edit) - {% else %} - {{ loop(branch._childs) }} - {% endif %} - {% if branch.isOrphaned() %} -

This branch is orphaned. A product or a new branch should be created as child of this one.

- {% endif %} - {% endcall %} - {% endfor %} - add branch - {% endcall %} - {% call panel(heading="Products", badge=cvrf._producttree.nbProducts(), title=4) %} - {% for product in cvrf._producttree._products if product._parent is sameas cvrf._producttree %} -

{{ product._name }} (edit)

- {% endfor %} - add product - {% endcall %} - {% call panel(heading="Relationships", badge=cvrf._producttree._relationships | length, title=4) %} - {% for relationship in cvrf._producttree._relationships %} - {% call panel() %} -

{{ cvrf.getProductForID(relationship._productreference)._name }} as {{ relationship._relationtype | lower }} {{ cvrf.getProductForID(relationship._relatestoproductreference)._name }} (edit)

- {% if relationship._product %}

{{ relationship._product._name }} (edit)

{% endif %} - {% if relationship.isOrphaned() %} -

This relationship is orphaned. A product should be created as child of this one.

- {% endif %} - {% endcall %} - {% endfor %} - add - {% endcall %} - {% call panel(heading="Groups", badge=cvrf._producttree._groups | length, title=4) %} - {% for group in cvrf._producttree._groups %} - {% call panel() %} - edit -
    - {% for productid in group._productids %} - {% with product = cvrf.getProductForID(productid) %} -
  • {{ product._name }}
    • - {% endwith %} - {% endfor %} -
- {% if group._description %}

{{ group._description }}

{% endif %} - {% endcall %} - {% endfor %} - add - {% endcall %} +

{{ cvrf._producttree._products | length }} Products defined

+ View {% else %} No Product tree present
diff -r df5182d0787f -r 7c4d001839e7 farol/templates/producttree/edit_branch.j2 --- a/farol/templates/producttree/edit_branch.j2 Tue Oct 07 09:45:46 2014 +0200 +++ b/farol/templates/producttree/edit_branch.j2 Tue Oct 07 13:01:10 2014 +0200 @@ -35,6 +35,6 @@ {{ selectinput2('parent', "Path to Parent Branch", branches, branch.getParentPath()) }} -Cancel +Cancel
{% endblock %} diff -r df5182d0787f -r 7c4d001839e7 farol/templates/producttree/edit_group.j2 --- a/farol/templates/producttree/edit_group.j2 Tue Oct 07 09:45:46 2014 +0200 +++ b/farol/templates/producttree/edit_group.j2 Tue Oct 07 13:01:10 2014 +0200 @@ -35,6 +35,6 @@ {{ selectinput2('products', "Products", products, productids, multiple=True) }} -Cancel +Cancel {% endblock %} diff -r df5182d0787f -r 7c4d001839e7 farol/templates/producttree/edit_product.j2 --- a/farol/templates/producttree/edit_product.j2 Tue Oct 07 09:45:46 2014 +0200 +++ b/farol/templates/producttree/edit_product.j2 Tue Oct 07 13:01:10 2014 +0200 @@ -40,6 +40,6 @@ {{ selectinput2('parent_relationship', "Parent relationship", orphaned_relationships, current_rel) }} -Cancel +Cancel {% endblock %} diff -r df5182d0787f -r 7c4d001839e7 farol/templates/producttree/edit_relationship.j2 --- a/farol/templates/producttree/edit_relationship.j2 Tue Oct 07 09:45:46 2014 +0200 +++ b/farol/templates/producttree/edit_relationship.j2 Tue Oct 07 13:01:10 2014 +0200 @@ -35,6 +35,6 @@ {{ selectinput2('relatestoproductreference', "Relates to Product Reference", products, relatestoproductreference) }} -Cancel +Cancel {% endblock %} diff -r df5182d0787f -r 7c4d001839e7 farol/templates/producttree/view.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/farol/templates/producttree/view.j2 Tue Oct 07 13:01:10 2014 +0200 @@ -0,0 +1,100 @@ +{# +# Description: +# Web Template used in Farol Design +# +# Authors: +# Benoît Allard +# +# Copyright: +# Copyright (C) 2014 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +-#} + +{% extends "base.j2" %} +{% from "macros.j2" import panel, modal %} +{% block title %}Product Tree{% endblock %} + +{% set active = 'product' %} + +{% block content %} +
+

Document's Product Tree? {{ producttree._products | length }} Products defined

+
+{% call modal('prodtree_modal', "Product Tree") %} +

The Product Tree container contains all the fully qualified product names that can be referenced elsewhere in the document (specifically when describing the products that are affected by a vulnerability using the Product Statuses, Threats, CVSS Score Sets, and Remediation containers). The Product Tree can have as many branches as needed, but each endpoint of the tree must be terminated with a Full Product Name element, which represents a product that can be referenced elsewhere.

+

The Product Tree can be kept simple (flat) or made more detailed (branched out). It also supports concatenating products to describe relationships, such as components contained in a product or products installed on other products.

+
+
Flat:
+

In the simplest case, a flat Product TreeM would contain one or more Full Product Name elements at the root level, one for each product that needs to be described.

+
Branched:
+

In a more detailed Product Tree, the root element would contain one or more Branch elements at the root level, one for each class/type/category of product, each of which again contains one or more Branch elements until all desired categories and subcategories are described to the satisfaction of the document issuer. Then each open Branch element is terminated with the actual product item in the form of a Full Product Name element.

+
Concatenated:
+

No matter whether a flat or branched structure is chosen, you may need to be able to describe the combination of two Full Product Name elements, such as when a product is only vulnerable when installed together with another, or to describe operating system components. To do that, a Relationship element is inserted at the root of the Product Tree, with attributes establishing a link between two existing Full Product Name elements, allowing the document producer to define a combination of two products that form a new Full Product Name entry.

+
Grouped:
+

Once Full Product Name elements are defined, they may be freely added to logical groups, which may then be used to refer to a group of products. Given that it is possible for a product to be a member of more than one logical group, some areas of the CVRF document may not allow references to product groups to avoid ambiguity.

+
+{% endcall %} +{% call panel(heading="Branches", badge=producttree._branches | length, title=4, extended=True) %} + {% for branch in producttree._branches recursive %} + {% call panel() %} +

{{ branch._type}}: {{ branch._name }} (edit)

+ {% if branch._product %} + {{ branch._product._name }} (edit) + {% else %} + {{ loop(branch._childs) }} + {% endif %} + {% if branch.isOrphaned() %} +

This branch is orphaned. A product or a new branch should be created as child of this one.

+ {% endif %} + {% endcall %} + {% endfor %} + add branch +{% endcall %} +{% call panel(heading="Products", badge=producttree.nbProducts(), title=4) %} + {% for product in producttree._products if product._parent is sameas producttree %} +

{{ product._name }} (edit)

+ {% endfor %} + add product +{% endcall %} +{% call panel(heading="Relationships", badge=producttree._relationships | length, title=4) %} + {% for relationship in producttree._relationships %} + {% call panel() %} +

{{ cvrf.getProductForID(relationship._productreference)._name }} as {{ relationship._relationtype | lower }} {{ cvrf.getProductForID(relationship._relatestoproductreference)._name }} (edit)

+ {% if relationship._product %}

{{ relationship._product._name }} (edit)

{% endif %} + {% if relationship.isOrphaned() %} +

This relationship is orphaned. A product should be created as child of this one.

+ {% endif %} + {% endcall %} + {% endfor %} + add +{% endcall %} +{% call panel(heading="Groups", badge=producttree._groups | length, title=4) %} + {% for group in producttree._groups %} + {% call panel() %} + edit +
    + {% for productid in group._productids %} + {% with product = cvrf.getProductForID(productid) %} +
  • {{ product._name }}
    • + {% endwith %} + {% endfor %} +
+ {% if group._description %}

{{ group._description }}

{% endif %} + {% endcall %} + {% endfor %} + add +{% endcall %} +{% endblock %}