# HG changeset patch # User Benoît Allard # Date 1414148385 -7200 # Node ID b4bb5966af019a1a3787ff194174eaf1e9f4caa9 # Parent 812e613cbbb43d8da7de7ca083958061c4ee382f# Parent b74bf98ff87985191fcf528a22208640dbee286a merged diff -r b74bf98ff879 -r b4bb5966af01 farol/controller.py --- a/farol/controller.py Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/controller.py Fri Oct 24 12:59:45 2014 +0200 @@ -35,10 +35,10 @@ except ImportError: from farolluz.py2 import FixedTimeZone as timezone -from flask import request +from flask import request, flash from farolluz.cvrf import CVRFNote, CVRFReference, CVRFAcknowledgment -from farolluz.parsers.cvrf import parseDate as parseXMLDate +from farolluz.parsers.cvrf import parseDate as parseXMLDate, parseVersion as parseXMLVersion def split_fields(field, separator=','): if not field: @@ -89,5 +89,15 @@ except AttributeError: pass # Absorb AttributeError, and try to parse it a second time ... m = re.match('(\d{4})-(\d{2})-(\d{2})', string) + if m is None: + flash('Cannot parse date: "%s"' % string, 'warning') + return None return datetime(int(m.group(1)), int(m.group(2)), int(m.group(3)), tzinfo=timezone(timedelta(hours=0, minutes=0))) + +def parseVersion(string): + """ An extended version, one that doesn't throw exceptions """ + try: return parseXMLVersion(string) + except ValueError: + flash('Cannot parse Version string: "%s"' % string) + return None diff -r b74bf98ff879 -r b4bb5966af01 farol/document.py --- a/farol/document.py Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/document.py Fri Oct 24 12:59:45 2014 +0200 @@ -25,7 +25,6 @@ from flask import (Blueprint, render_template, abort, redirect, request, url_for, flash) -from farolluz.parsers.cvrf import parseVersion from farolluz.cvrf import (CVRFNote, CVRFReference, CVRFPublisher, CVRFTracking, CVRFTrackingID, CVRFGenerator, CVRFRevision, CVRFAggregateSeverity) @@ -34,8 +33,8 @@ from .controller import (update_note_from_request, create_note_from_request, update_reference_from_request, create_reference_from_request, update_acknowledgment_from_request, create_acknowledgment_from_request, - split_fields, parseDate) -from .session import document_required, get_current + split_fields, parseDate, parseVersion) +from .session import document_required, get_current, del_current document = Blueprint('document', __name__) @@ -46,6 +45,11 @@ cvrf = get_current() return render_template('document/view.j2', cvrf=cvrf) +@document.route('/delete', methods=['POST']) +def delete(): + del_current() + return redirect(url_for('welcome')) + @document.route('/title/edit', methods=['GET', 'POST']) @document_required def edit_title(): @@ -87,7 +91,9 @@ aliases = split_fields(request.form['id_aliases']) tracking._identification._aliases = aliases tracking._status = request.form['status'] - tracking._version = parseVersion(request.form['version']) + version = parseVersion(request.form['version']) + if version is not None: + tracking._version = version tracking._initialDate = parseDate(request.form['initial']) tracking._currentDate = parseDate(request.form['current']) if wasNone: @@ -116,7 +122,9 @@ if request.method != 'POST': return render_template('document/edit_revision.j2', number='.'.join('%s'%v for v in revision._number), date=revision._date, description=revision._description, action='Update') - revision._number = parseVersion(request.form['number']) + version = parseVersion(request.form['number']) + if version is not None: + revision._number = version revision._date = parseDate(request.form['date']) revision._description = request.form['description'] return redirect(url_for('.view')) @@ -133,7 +141,7 @@ version = version[:-1] + (version[-1] + 1,) return render_template('document/edit_revision.j2', number='.'.join("%d"%v for v in version), date=utcnow(), action='Add') - version = parseVersion(request.form['number']) + version = parseVersion(request.form['number']) or (0,0) date = parseDate(request.form['date']) revision = CVRFRevision(version, date, request.form['description']) tracking.addRevision(revision) diff -r b74bf98ff879 -r b4bb5966af01 farol/main.py --- a/farol/main.py Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/main.py Fri Oct 24 12:59:45 2014 +0200 @@ -89,7 +89,13 @@ @app.route('/') def welcome(): - return render_template('welcome.j2') + return render_template('welcome.j2', + version=__version__, + imports=[('New', 100), ('CVRF', 100)], + exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('OVAL', 5) ], + use_cases=[('Create a security advisory and publish as CVRF', 100), + ('Edit a security advisory in CVRF format', 100)] + ) def set_url(url): try: content = urlopen(url).read() @@ -156,9 +162,6 @@ set_url(request.form['url']) elif 'local' in request.files: upload = request.files['local'] - if not upload.filename.endswith('.xml'): - flash('Uploaded files should end in .xml', 'danger') - return redirect(url_for('new')) fpath = os.path.join(app.instance_path, 'tmp', secure_filename(upload.filename)) if not os.path.exists(os.path.dirname(fpath)): diff -r b74bf98ff879 -r b4bb5966af01 farol/templates/about.j2 --- a/farol/templates/about.j2 Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/templates/about.j2 Fri Oct 24 12:59:45 2014 +0200 @@ -30,14 +30,12 @@ {% block content %}
-

Security Advisories have existed for ever. Whenever someone discovered a danger, a vulnerability, he immediately started spreading the words about it.

-

In the IT World, each Party involved with security vulnerabilities have its own way of dealing with the matter, and although standards exist they aren't used much to their full extend.

-

This Platform is an attempt at bringing all those worlds together.

-

In the current version, Advisories not currently saved are kept in memory of the running process. If the process terminates, and they are not saved, documents are lost.

+

This web platform offers to review, create, edit and transform security advisories supporting various input and output formats.

+

During your session the advisory is stored in a cache from which you should save your changes to your local file system.

{% if config.DEBUG and not config.DEBUG_SURE %}

Debug Mode

diff -r b74bf98ff879 -r b4bb5966af01 farol/templates/base.j2 --- a/farol/templates/base.j2 Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/templates/base.j2 Fri Oct 24 12:59:45 2014 +0200 @@ -65,7 +65,7 @@ View Product Tree - {% for name, productid in products %} + {% for name, productid in products | sort %}
  • {{ name }}
  • {% endfor %} @@ -84,15 +84,15 @@ {% if has_current %} {% if error %} - + {% else %} - + {% endif %} {% endif %}
    +
    delete
    +{% call modal('delete_modal', 'Delete document') %} +

    This will delete the document {{ current_id }}.

    +

    Are you sure ?

    + +