# HG changeset patch # User Benoît Allard # Date 1414148385 -7200 # Node ID b4bb5966af019a1a3787ff194174eaf1e9f4caa9 # Parent 812e613cbbb43d8da7de7ca083958061c4ee382f# Parent b74bf98ff87985191fcf528a22208640dbee286a merged diff -r b74bf98ff879 -r b4bb5966af01 farol/controller.py --- a/farol/controller.py Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/controller.py Fri Oct 24 12:59:45 2014 +0200 @@ -35,10 +35,10 @@ except ImportError: from farolluz.py2 import FixedTimeZone as timezone -from flask import request +from flask import request, flash from farolluz.cvrf import CVRFNote, CVRFReference, CVRFAcknowledgment -from farolluz.parsers.cvrf import parseDate as parseXMLDate +from farolluz.parsers.cvrf import parseDate as parseXMLDate, parseVersion as parseXMLVersion def split_fields(field, separator=','): if not field: @@ -89,5 +89,15 @@ except AttributeError: pass # Absorb AttributeError, and try to parse it a second time ... m = re.match('(\d{4})-(\d{2})-(\d{2})', string) + if m is None: + flash('Cannot parse date: "%s"' % string, 'warning') + return None return datetime(int(m.group(1)), int(m.group(2)), int(m.group(3)), tzinfo=timezone(timedelta(hours=0, minutes=0))) + +def parseVersion(string): + """ An extended version, one that doesn't throw exceptions """ + try: return parseXMLVersion(string) + except ValueError: + flash('Cannot parse Version string: "%s"' % string) + return None diff -r b74bf98ff879 -r b4bb5966af01 farol/document.py --- a/farol/document.py Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/document.py Fri Oct 24 12:59:45 2014 +0200 @@ -25,7 +25,6 @@ from flask import (Blueprint, render_template, abort, redirect, request, url_for, flash) -from farolluz.parsers.cvrf import parseVersion from farolluz.cvrf import (CVRFNote, CVRFReference, CVRFPublisher, CVRFTracking, CVRFTrackingID, CVRFGenerator, CVRFRevision, CVRFAggregateSeverity) @@ -34,8 +33,8 @@ from .controller import (update_note_from_request, create_note_from_request, update_reference_from_request, create_reference_from_request, update_acknowledgment_from_request, create_acknowledgment_from_request, - split_fields, parseDate) -from .session import document_required, get_current + split_fields, parseDate, parseVersion) +from .session import document_required, get_current, del_current document = Blueprint('document', __name__) @@ -46,6 +45,11 @@ cvrf = get_current() return render_template('document/view.j2', cvrf=cvrf) +@document.route('/delete', methods=['POST']) +def delete(): + del_current() + return redirect(url_for('welcome')) + @document.route('/title/edit', methods=['GET', 'POST']) @document_required def edit_title(): @@ -87,7 +91,9 @@ aliases = split_fields(request.form['id_aliases']) tracking._identification._aliases = aliases tracking._status = request.form['status'] - tracking._version = parseVersion(request.form['version']) + version = parseVersion(request.form['version']) + if version is not None: + tracking._version = version tracking._initialDate = parseDate(request.form['initial']) tracking._currentDate = parseDate(request.form['current']) if wasNone: @@ -116,7 +122,9 @@ if request.method != 'POST': return render_template('document/edit_revision.j2', number='.'.join('%s'%v for v in revision._number), date=revision._date, description=revision._description, action='Update') - revision._number = parseVersion(request.form['number']) + version = parseVersion(request.form['number']) + if version is not None: + revision._number = version revision._date = parseDate(request.form['date']) revision._description = request.form['description'] return redirect(url_for('.view')) @@ -133,7 +141,7 @@ version = version[:-1] + (version[-1] + 1,) return render_template('document/edit_revision.j2', number='.'.join("%d"%v for v in version), date=utcnow(), action='Add') - version = parseVersion(request.form['number']) + version = parseVersion(request.form['number']) or (0,0) date = parseDate(request.form['date']) revision = CVRFRevision(version, date, request.form['description']) tracking.addRevision(revision) diff -r b74bf98ff879 -r b4bb5966af01 farol/main.py --- a/farol/main.py Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/main.py Fri Oct 24 12:59:45 2014 +0200 @@ -89,7 +89,13 @@ @app.route('/') def welcome(): - return render_template('welcome.j2') + return render_template('welcome.j2', + version=__version__, + imports=[('New', 100), ('CVRF', 100)], + exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('OVAL', 5) ], + use_cases=[('Create a security advisory and publish as CVRF', 100), + ('Edit a security advisory in CVRF format', 100)] + ) def set_url(url): try: content = urlopen(url).read() @@ -156,9 +162,6 @@ set_url(request.form['url']) elif 'local' in request.files: upload = request.files['local'] - if not upload.filename.endswith('.xml'): - flash('Uploaded files should end in .xml', 'danger') - return redirect(url_for('new')) fpath = os.path.join(app.instance_path, 'tmp', secure_filename(upload.filename)) if not os.path.exists(os.path.dirname(fpath)): diff -r b74bf98ff879 -r b4bb5966af01 farol/templates/about.j2 --- a/farol/templates/about.j2 Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/templates/about.j2 Fri Oct 24 12:59:45 2014 +0200 @@ -30,14 +30,12 @@ {% block content %}
-

Farol A Security Advisory Management (Web) Platform

+

Farol The Security Advisory Management Platform

-

Security Advisories have existed for ever. Whenever someone discovered a danger, a vulnerability, he immediately started spreading the words about it.

-

In the IT World, each Party involved with security vulnerabilities have its own way of dealing with the matter, and although standards exist they aren't used much to their full extend.

-

This Platform is an attempt at bringing all those worlds together.

-

In the current version, Advisories not currently saved are kept in memory of the running process. If the process terminates, and they are not saved, documents are lost.

+

This web platform offers to review, create, edit and transform security advisories supporting various input and output formats.

+

During your session the advisory is stored in a cache from which you should save your changes to your local file system.

{% if config.DEBUG and not config.DEBUG_SURE %}

Debug Mode

diff -r b74bf98ff879 -r b4bb5966af01 farol/templates/base.j2 --- a/farol/templates/base.j2 Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/templates/base.j2 Fri Oct 24 12:59:45 2014 +0200 @@ -65,7 +65,7 @@ View Product Tree - {% for name, productid in products %} + {% for name, productid in products | sort %}
  • {{ name }}
    • {% endfor %} @@ -84,15 +84,15 @@ {% if has_current %} {% if error %} -

    Document is invalid

    +

    Document is invalid

    {% else %} -

    Document looks valid

    +

    Document looks valid

    {% endif %} {% endif %}
    +
    delete
    +{% call modal('delete_modal', 'Delete document') %} +

    This will delete the document {{ current_id }}.

    +

    Are you sure ?

    + +
    + + {{ POST_button(url_for('.delete'), text="Delete " + cvrf.getDocId(), style="btn-danger") }} +{% endcall %} {% endblock %} diff -r b74bf98ff879 -r b4bb5966af01 farol/templates/macros.j2 --- a/farol/templates/macros.j2 Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/templates/macros.j2 Fri Oct 24 12:59:45 2014 +0200 @@ -23,7 +23,7 @@ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -#} -{% macro textinput(name, label, placeholder="", value=None, required=False, type="text", extras={}, help='') %} +{% macro textinput(name, label, placeholder="", value=None, required=False, type="text", extras={}, help='', regex=None) %}
    {% if caller %} {% set content=caller () %} @@ -42,6 +42,9 @@ id="{{ name }}" name="{{ name }}" {%- if placeholder %} placeholder="{{ placeholder }}"{% endif %} {%- if value %} value="{{ value }}"{% endif %} + {%- if regex %} pattern="{{ regex }}" + {%- elif type == "datetime" %} pattern="\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}:\d{2}(\.\d+)?([+-]\d+(:\d+)?|Z)?)?" + {%- endif %} {%- if required %} required{% endif %} {{- extras | xmlattr }}> {% if type == "datetime" %} diff -r b74bf98ff879 -r b4bb5966af01 farol/templates/welcome.j2 --- a/farol/templates/welcome.j2 Fri Oct 17 16:11:08 2014 +0200 +++ b/farol/templates/welcome.j2 Fri Oct 24 12:59:45 2014 +0200 @@ -24,36 +24,43 @@ -#} {% extends "base.j2" %} +{% from "macros.j2" import panel %} + +{% macro progress_label(progress) -%} +{{ progress }}% +{%- endmacro %} {% block title %}Welcome{% endblock %} {% block content %} -
    -

    Farol A Security Advisory Management Platform

    -

    Farol is a web platform to manipulate Security Advisories. The main structure is highly inspired from the structure of a CVRF document.

    -

    This platform is meant as a way to review / create / edit / publish Security Advisories in an accessible way.

    -

    Start !

    +
    +

    Farol The Security Advisory Management Platform

    +
    Start !
    +

    This web platform offers to review, create, edit and transform security advisories supporting various input and output formats. During your session the advisory is stored in a cache from which you should save your changes to your local file system.

    -Security Advisories interactions
    -
    -
    -

    Security Advisories

    -

    A Security Advisory is about the communication of the information that some vulnerability is present in some product.

    -
    -
    communication
    -
    In order to be fully effective, Security Advisories should be sahred.
    -
    vulnerability
    -
    A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. (Wikipedia)
    -
    product
    -
    A product contains vulnerabilities.
    -
    -
    -
    -
    -

    Advisory formats

    -

    Each Party publish Advisories in a format that fit them ...

    -
    +
    Security Advisories interactions
    +
    + {% call panel(heading="Platform status", collapsible=False) %} +
    {{ version }}Farol version:
    + {% endcall %} + {% call panel(heading="Supported input formats", collapsible=False) %} + {% for format, progress in imports %} +
    {{ format }} {{ progress_label(progress) }}
    + {% endfor %} + {% endcall %} + {% call panel(heading="Supported output formats", collapsible=False) %} + {% for format, progress in exports %} +
    {{ format }} {{ progress_label(progress) }}
    + {% endfor %} + {% endcall %} + {% call panel(heading="Supported use cases", collapsible=False) %} + {% for use_case, progress in use_cases %} +
    {{ progress_label(progress) }}{{ use_case }}
    + {% endfor %} + {% endcall %}
    {% endblock %}