# HG changeset patch # User Benoît Allard # Date 1412753303 -7200 # Node ID 8ffd3ec96f7cc0f4903bcc3e7ebc6a70530a6273 # Parent 249b3ad750b13a247d43ccb1a676aadb820bf415 Add Descriptions for the CVSS fields diff -r 249b3ad750b1 -r 8ffd3ec96f7c farol/templates/vulnerability/edit_cvss.j2 --- a/farol/templates/vulnerability/edit_cvss.j2 Tue Oct 07 17:08:28 2014 +0200 +++ b/farol/templates/vulnerability/edit_cvss.j2 Wed Oct 08 09:28:23 2014 +0200 @@ -24,18 +24,29 @@ -#} {% extends "base.j2" %} -{% from "macros.j2" import selectinput, textinput, textarea, selectinput2 %} +{% from "macros.j2" import selectinput, textinput, textarea, selectinput2, examples %} {% block title %}Edit CVSS{% endblock %} {% set active = 'vulnerability' %} {% block content %} +

The Score Set container holds actual CVSS metrics. For more details about CVSS, see {{ 'http://www.first.org/cvss/cvss-guide.html' | urlize }}. The only required element of CVSS is the Base Score. If a value of the temporal or environmental score is set to “not defined,” either Temporal Score or Environmental Score can be omitted.

+

A Score Set container can be tied to one or more specific products by referencing these products using the Product ID child element. If the Score Set is meant to be applied for all products, the Product ID attribute should be omitted.

-{{ textinput('basescore', "Base Score", '0.0', basescore, type="number", extras={'step':'0.1'}, required=True) }} -{{ textinput('temporalscore', "Temporal Score", '0.0', temporalscore, type="number", extras={'step':'0.1'}) }} -{{ textinput('environmentalscore', "Environmental Score", '0.0', environmentalscore, type="number", extras={'step':'0.1'}) }} -{{ textinput('vector', "Vector", value=vector) }} +{% call textinput('basescore', "Base Score", '0.0', basescore, type="number", extras={'step':'0.1', 'min': '0', 'max': '10'}, required=True) %} +

Base Score contains the numeric value of the computed CVSS base score, which should be a float from 0 to 10.0.

+{% endcall %} +{% call textinput('temporalscore', "Temporal Score", '0.0', temporalscore, type="number", extras={'step':'0.1', 'min': '0', 'max': '10'}) %} +

Temporal Score contains the numeric value of the computed CVSS temporal score, which should be a float from 0 to 10.0.

+{% endcall %} +{% call textinput('environmentalscore', "Environmental Score", '0.0', environmentalscore, type="number", extras={'step':'0.1', 'min': '0', 'max': '10'}) %} +

Environmental Score contains the numeric value of the computed CVSS environmental score, which should be a float from 0 to 10.0. This metric is typically reserved for use by the end user and is specific to the environment in which the affected product is deployed.

+{% endcall %} +{% call textinput('vector', "Vector", value=vector, extras={'maxlength': '76'}) %} +

Vector contains the official notation that displays all the values used to compute the CVSS base, temporal, and environmental scores. This notation will follow the guidelines set forth in the CVSS v2 documentation at {{ 'http://www.first.org/cvss/cvss-guide.html#i2.4' | urlize }}.

+{{ examples(['AV:N/AC:L/Au:N/C:P/I:P/A:C/E:P/RL:O/RC:C/CDP:H/TD:M/CR:H/IR:H/AR:H']) }} +{% endcall %} {{ selectinput2('products', "Products", products, productids, multiple=True) }}