# HG changeset patch # User Benoît Allard # Date 1412688622 -7200 # Node ID c6753fb93b3ba12f79ed45e171857f85d41d6072 # Parent 309330b215d300f9eb32595111157155b568e50f Add Description to the vulnerability/edit fields diff -r 309330b215d3 -r c6753fb93b3b farol/templates/vulnerability/edit.j2 --- a/farol/templates/vulnerability/edit.j2 Tue Oct 07 14:47:01 2014 +0200 +++ b/farol/templates/vulnerability/edit.j2 Tue Oct 07 15:30:22 2014 +0200 @@ -24,24 +24,43 @@ -#} {% extends "base.j2" %} -{% from "macros.j2" import textinput, panel %} +{% from "macros.j2" import textinput, panel, examples %} {% block title %}{{ vulnerability._title }}{% endblock %} {% set active="vulnerability" %} {% block content %} +

Vulnerability is a container for the aggregation of all fields that are related to a single vulnerability in the document

- {{ textinput('ordinal', "Ordinal", value=vulnerability._ordinal, required=True, type="number", extras={'min': '1'}) }} - {{ textinput('title', "Title", value=vulnerability._title or '') }} + {% call textinput('ordinal', "Ordinal", value=vulnerability._ordinal, required=True, type="number", extras={'min': '1'}) %} +

Ordinal is a locally significant value used to track vulnerabilities inside a CVRF document. It is provided to enable specific vulnerabilities to be referenced from elsewhere in the document (or even outside the namespace of a document provided that a unique Document Title and Revision information are provided). There should be one of these values for every Vulnerability container in a document, and it is recommended that Ordinal should be instantiated as a monotonically increasing counter, indexed from 1.

+ {% endcall %} + {% call textinput('title', "Title", value=vulnerability._title or '') %} +

Title gives the document producer the ability to apply a canonical name or title to the vulnerability. To avoid confusion, it is recommended that, if employed, this element commensurately match the nomenclature used by any numbering or cataloging systems references elsewhere, such as the Document Title or CVE.

+ {{ examples(['February 2011 TelePresence Vulnerability Bundle']) }} + {% endcall %} {% call panel(heading="ID", title=4, collapsible=False) %} +

ID gives the document producer a place to publish a unique label or tracking ID for the vulnerability (if such information exists).

+

General examples may include an identifier from a vulnerability tracking system that is available to customers, such as a Cisco bug ID, an ID from a Bugzilla system, or an ID from a public vulnerability database such as the X-Force Database. The ID may be a vendor-specific value.

{% with id = vulnerability._id %} - {{ textinput('systemname', "System Name", value= id and (id._systemname or '') or '') }} + {% call textinput('systemname', "System Name", value= id and (id._systemname or '') or '') %} +

The attribute System Name indicates the name of the vulnerability tracking or numbering system that this ID comes from. Every ID value should have exactly one System Name. It is helpful if document producers use unique and consistent system names.

+ {{ examples(['Cisco Bug ID']) }} + {% endcall %} {{ textinput('id_value', "Value", value= id and (id._value or '') or '') }} {% endwith %} {% endcall %} - {{ textinput('discoverydate', "Discovery Date", now.isoformat(), vulnerability._discoverydate and vulnerability._discoverydate.isoformat() or '', type="datetime") }} - {{ textinput('releasedate', "Release Date", now.isoformat(), vulnerability._releasedate and vulnerability._releasedate.isoformat() or '', type="datetime") }} - {{ textinput('cve', "CVE", 'CVE-xxxx-yyyy', vulnerability._cve) }} + {% call textinput('discoverydate', "Discovery Date", now.isoformat(), vulnerability._discoverydate and vulnerability._discoverydate.isoformat() or '', type="datetime") %} +

The Discovery Date is the date the vulnerability was originally discovered. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.

+ {% endcall %} + {% call textinput('releasedate', "Release Date", now.isoformat(), vulnerability._releasedate and vulnerability._releasedate.isoformat() or '', type="datetime") %} +

The Release Date is the date the vulnerability was originally released into the wild. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.

+ {% endcall %} + {% call textinput('cve', "CVE", 'CVE-xxxx-yyyy', vulnerability._cve) %} +

CVE contains the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. CVE is a standard for vulnerability naming that provides improved tracking of vulnerabilities over time across different reporting sources. More information about CVE is available at {{ 'http://cve.mitre.org/' | urlize }}.

+ {{ examples(['CVE-2006-0010']) }} + {% endcall %} + Cancel
{% endblock %}