Mercurial > farol

changeset 167:000114da182d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
New lifting for the 'new' page
author Benoît Allard <benoit.allard@greenbone.net>
date Mon, 05 Jan 2015 11:38:46 +0100
parents ff8f4639c6be
children 2cf820f0990b
files CHANGES farol/main.py farol/templates/new.j2
diffstat 3 files changed, 102 insertions(+), 39 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Mon Jan 05 11:37:44 2015 +0100
+++ b/CHANGES	Mon Jan 05 11:38:46 2015 +0100
@@ -6,6 +6,7 @@
 * Set the User-Agent to external requests to a non-default value.
 * Add support for HTML export and CVE import
 * Full product Tree can be directly created from the CPE information.
+* Improve styling of the 'new' page.
 
 Farol 1.0.1 (2014-11-17)
 ========================
--- a/farol/main.py	Mon Jan 05 11:37:44 2015 +0100
+++ b/farol/main.py	Mon Jan 05 11:38:46 2015 +0100
@@ -103,7 +103,7 @@
 def welcome():
     return render_template('welcome.j2',
         version=__version__,
-        imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)],
+        imports=[('New', 100), ('CVRF', 100), ('CVE', 90)],
         exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ],
         use_cases=[('Create a security advisory and publish as CVRF', 100),
                    ('Edit a security advisory in CVRF format', 100)]
@@ -178,7 +178,64 @@
 @app.route('/new', methods=['GET', 'POST'])
 def new():
     if request.method != 'POST':
-        return render_template('new.j2', has_document=has_current(), now=utcnow())
+        input_choices = [
+            ('RHSA', 'YYYY:nnnn', '2014:0981', """
+RedHat publishes their advisories in CVRF format since May 2012
+covering all of their products.
+
+Redhat provides a FAQ about the CVRF support here:
+https://access.redhat.com/articles/124913
+
+Farol downloads the CVRF documents from this location:
+https://www.redhat.com/security/data/cvrf/
+"""),
+            ('Oracle', 'nnnnnnn', '2188432', """
+Oracle uses the CVRF format to publish their Critical Patch Updates (CPUs).
+
+Oracle published an article about adopting CVRF:
+https://blogs.oracle.com/security/entry/use_of_the_common_vulnerability
+
+The FAQ for the CPUs is available here:
+http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html
+
+Farol downloads the CVRF documents from this location:
+http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent
+"""),
+            ('Cisco', 'sa-YYYYMMDD-xxx', 'sa-20140605-openssl', """
+Cisco was one of the main actors driving the CVRF format.
+
+See also the Blog post at CISCO:
+http://blogs.cisco.com/tag/cvrf
+
+Farol downloads the CVRF documents from this location:
+http://tools.cisco.com/security/center/contentxml
+"""),
+            ('CVE', 'CVE-YYYY-NNNN', 'CVE-2014-7088', """
+It is possible to convert CVE information into CVRF format.
+
+Read here about Common Vulnerabilities and Exposures (CVEs):
+http://cve.mitre.org/
+
+MITRE publishes CVE in CVRF Format:
+https://cve.mitre.org/cve/cvrf.html
+
+However, those CVRF documents do not cover all of the CVE content.
+Therefore, Farol downloads the XML object of CVEs from Greenbone's
+SecInfo Portal via the web interface "Greenbone Security Assistant".
+The CVE XML data retrieved from there are identical to the CVE
+publication by NIST.
+
+Greenbone's SecInfo Portal:
+https://secinfo.greenbone.net
+"""),
+            ('URL', 'https://...', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf', """
+Farol can download a given URL for a CVRF document.
+
+The provided example is a Greenbone Security Advisory from
+http://www.greenbone.net/technology/security.html
+""")
+        ]
+        return render_template('new.j2', input_choices=input_choices, has_document=has_current(), now=utcnow())
 
     if 'rhsa' in request.form:
         set_RHSA(request.form['id'])
@@ -190,7 +247,7 @@
         flash("I'm not able to parse NASL scripts yet", 'danger')
         return redirect(url_for('new'))
     elif 'url' in request.form:
-        download_url(request.form['url'])
+        download_url(request.form['id'])
     elif 'cve' in request.form:
         parse_cve_from_gsa(request.form['id'])
     elif 'local' in request.files:
--- a/farol/templates/new.j2	Mon Jan 05 11:37:44 2015 +0100
+++ b/farol/templates/new.j2	Mon Jan 05 11:38:46 2015 +0100
@@ -27,6 +27,36 @@
 {% from "macros.j2" import textinput, textarea, panel %}
 {% from "common_edits.j2" import edit_title_type %}
 
+{% macro input_download(width, type, placeholder, example, help) %}
+<div class="col-lg-{{ width }}">
+  {% call modal(type | lower + "_modal", type + " help") %}
+    {% for p in help.split('\n\n') %}
+    <p>{{ p | urlize }}</p>
+    {% endfor %}
+  {% endcall %}
+  <form role="form" method="POST">
+    <input type="hidden" name="{{ type | lower}}">
+    <div class="form-group">
+      <div class="input-group">
+        <span class="input-group-addon">{{ type }}: </span>
+        <input type="text" class="form-control" name="id" placeholder="{{ placeholder }}" id="{{ type | lower }}_id" required>
+        <div class="input-group-btn">
+          <button class="btn btn-primary" type="submit">Download</button>
+          <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+            <span class="caret"></span>
+            <span class="sr-only">Toggle dropdown</span>
+          </button>
+          <ul class="dropdown-menu drop-down-menu-right" role="menu">
+            <li><a href="#{{ type | lower }}_modal" data-toggle="modal">Help</a></li>
+            <li><a href="#" onclick="$('#{{ type | lower }}_id').val('{{ example }}')">Example</a></li>
+          </ul>
+        </div><!-- /input-group-btn -->
+      </div><!-- /input-group -->
+    </div>
+  </form>
+</div>
+{% endmacro %}
+
 {% set active='new' %}
 
 {% block title %}New{% endblock %}
@@ -43,49 +73,22 @@
     <div class="panel-heading">
       <h4 class="panel-title">
         <a data-toggle="collapse" data-parent="#accordion" href="#fromURL">
-          Download a document
+          Upload a remote document
         </a>
       </h4>
     </div>
     <div id="fromURL" class="panel-collapse collapse in">
       <div class="panel-body">
+        {% for row in input_choices[:-1] | batch(3) %}
         <div class="row">
-          {% for (type, placeholder) in [
-                ('RHSA', 'YYYY:nnnn'),
-                ('Oracle', 'nnnnnnn'),
-                ('Cisco', 'sa-YYYYMMDD-xxx'),('CVE', 'CVE-YYYY-NNNN')] %}
-          <div class="col-lg-4">
-            <form role="form" method="POST">
-              <input type="hidden" name="{{ type | lower}}">
-              <div class="form-group">
-                <div class="input-group">
-                  <span class="input-group-addon">{{ type }}: </span>
-                  <input type="text" class="form-control" name="id" placeholder="{{ placeholder }}" id="{{ type | lower }}_id" required>
-                  <span class="input-group-btn">
-                    <button class="btn btn-primary" type="submit">Download</button>
-                  </span>
-                </div><!-- /input-group -->
-              </div>
-            </form>
-          </div>
+          {% for (type, placeholder, example, help) in row %}
+            {{ input_download(4, type, placeholder, example, help) }}
           {% endfor %}
         </div>
-        <div class="">
-        <form role="form" method="POST">
-          <div class="form-group">
-            <div class="input-group">
-              <span class="input-group-addon">URL: </span>
-              <input type="url" class="form-control" name="url" placeholder="https://..." id="url_id" required>
-              <span class="input-group-btn">
-                <button class="btn btn-primary" type="submit">Download</button>
-              </span>
-            </div><!-- /input-group -->
-          </div>
-        </form>
+        {% endfor %}
+        <div class="row">
+          {{ input_download(12, *input_choices[-1]) }}
         </div>
-        <hr>
-        {% set comma = joiner(', ') %}
-        <p>Some examples: {% for (name, id, value) in [('Red Hat Security Advisory: kernel security, bug fix, and enhancement update', 'rhsa', '2014:0981'), ('Oracle Critical Patch Update Advisory - April 2014', 'oracle' , '2188432'), ('Multiple Vulnerabilities in OpenSSL Affecting Cisco Products','cisco','sa-20140605-openssl'), ('Greenbone Security Advisory 2013-01', 'url', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf')] %}{{ comma() }}<a href="#" onclick="$('#{{ id }}_id').val('{{ value }}')">{{ name }}</a>{% endfor %}
       </div>
     </div>
   </div>
@@ -94,7 +97,7 @@
     <div class="panel-heading">
       <h4 class="panel-title">
         <a data-toggle="collapse" data-parent="#accordion" href="#fromFile">
-          Upload a document
+          Upload a local document
         </a>
       </h4>
     </div>
@@ -112,7 +115,7 @@
     <div class="panel-heading">
       <h4 class="panel-title">
         <a data-toggle="collapse" data-parent="#accordion" href="#fromText">
-          Raw text
+          Upload raw text
         </a>
       </h4>
     </div>
@@ -179,6 +182,8 @@
           {{ POST_button(url_for('cache.load', element=element), text=element, style="btn-link") }}
         {% endif %}
       </li>
+    {% else %}
+      <li><em>Cache is empty</em></li>
     {% endfor %}
   </ul>
   {% endcall %}
http://farol.wald.intevation.org