Mercurial > farol
changeset 164:4d8218fbe686
merged
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 30 Dec 2014 14:34:48 +0100 |
| parents | 1d63a532ccce (diff) 5df0bef667ea (current diff) |
| children | c3243555ed09 |
| files | farol/main.py |
| diffstat | 7 files changed, 43 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/farol/main.py Mon Dec 22 15:26:48 2014 +0100 +++ b/farol/main.py Tue Dec 30 14:34:48 2014 +0100 @@ -31,6 +31,7 @@ import farolluz from farolluz.cvrf import CVRF, ValidationError +from farolluz.parsers.cve import parse_CVE_from_GSA from farolluz.parsers.cvrf import parse from farolluz.renderer import render as render_cvrf from farolluz.utils import utcnow @@ -102,8 +103,8 @@ def welcome(): return render_template('welcome.j2', version=__version__, - imports=[('New', 100), ('CVRF', 100)], - exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('OVAL', 5) ], + imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], + exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] ) @@ -158,6 +159,15 @@ return download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) +def parse_cve_from_gsa(id_): + url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_ + try: content = urllib2.urlopen(url).read() + except urllib2.HTTPError as e: + flash('Unable to download CVE %s: %s' % (url, e)) + return + doc = parse_CVE_from_GSA(content) + set_current(doc) + def set_text(text): try: doc = parse(text) except ET.ParseError as e: @@ -181,6 +191,8 @@ return redirect(url_for('new')) elif 'url' in request.form: download_url(request.form['url']) + elif 'cve' in request.form: + parse_cve_from_gsa(request.form['id']) elif 'local' in request.files: upload = request.files['local'] fpath = os.path.join(app.instance_path, 'tmp',
--- a/farol/producttree.py Mon Dec 22 15:26:48 2014 +0100 +++ b/farol/producttree.py Tue Dec 30 14:34:48 2014 +0100 @@ -32,6 +32,7 @@ from farolluz.cvrf import (CVRFProductBranch, CVRFFullProductName, CVRFRelationship, CVRFGroup) +from farolluz.parsers.cpe import parse as parseCPE from .session import document_required, get_current producttree = Blueprint('producttree', __name__) @@ -217,16 +218,22 @@ rels = [('', '')] + [(ptree.getNameOfRelationship(r), str(i)) for i, r in ptree.getOrphanedRelationships()] return render_template('producttree/edit_product.j2', product=product, action='Add', orphaned_leaves=leaves, orphaned_relationships=rels, current_rel='') - if request.form['parent_branch'] and request.form['parent_relationship']: + if bool(request.form['parent_branch']) + bool(request.form['parent_relationship']) + bool(request.form['from_cpe']) > 1: flash('Cannot set a parent branch and parent relationship', 'danger') return redirect(url_for('.add_product')) + if request.form['from_cpe'] and not request.form['cpe']: + flash('You need to specify the cpe value to infer the branching/relation from that value.', 'danger') + return redirect(url_for('.add_product')) + parent = ptree if request.form['parent_branch']: try: parent = ptree.getBranch([int(p) for p in request.form['parent_branch'].split('/')]) except (ValueError, IndexError): abort(404) elif request.form['parent_relationship']: parent = ptree._relationships[int(request.form['parent_relationship'])] + elif request.form['from_cpe']: + parent = parseCPE(request.form['cpe']).addToDoc(cvrf, finalProduct=False) product = CVRFFullProductName(request.form['productid'], request.form['name'], parent, request.form['cpe'] or None) ptree.addProduct(product)
--- a/farol/templates/base.j2 Mon Dec 22 15:26:48 2014 +0100 +++ b/farol/templates/base.j2 Tue Dec 30 14:34:48 2014 +0100 @@ -71,7 +71,7 @@ <li class="dropdown{{ ' active' if active == 'render' }}"> <a href="#" class="dropdown-toggle" data-toggle="dropdown">Export <span class="caret"></span></a> <ul class="dropdown-menu" role="menu"> - {% for format in ('cvrf', 'nasl', 'oval') %}<li><a href="{{ url_for('render', format_=format)}}">as {{ format | upper }}</a></li>{% endfor %} + {% for format in ('cvrf', 'nasl', 'oval', 'html') %}<li><a href="{{ url_for('render', format_=format)}}">as {{ format | upper }}</a></li>{% endfor %} </ul> </li> {% endif %}
--- a/farol/templates/document/edit_revision.j2 Mon Dec 22 15:26:48 2014 +0100 +++ b/farol/templates/document/edit_revision.j2 Tue Dec 30 14:34:48 2014 +0100 @@ -24,7 +24,7 @@ -#} {% extends "base.j2" %} -{% from "macros.j2" import textinput, textarea, examples %} +{% from "macros.j2" import textinput, textarea, examples, checkbox %} {% block title %}Edit Revision{% endblock %} {% block content %} @@ -49,13 +49,7 @@ {{ examples(['initial public release']) }} {% endcall %} {% if action == 'Add' %} - <div class="form-group"> - <div class="checkbox"> - <label> - <input name="update_tracking" type="checkbox" checked> Update Tracking Information - </label> - </div> - </div> + {{ checkbox('update_tracking', "Update Tracking Information", True) }} {% endif %} <button class="btn btn-primary" type="submit">{{ action or 'Update' }}</button> <a class="btn btn-danger" href="{{ url_for('.view') }}">Cancel</a>
--- a/farol/templates/macros.j2 Mon Dec 22 15:26:48 2014 +0100 +++ b/farol/templates/macros.j2 Tue Dec 30 14:34:48 2014 +0100 @@ -106,6 +106,16 @@ </div> {% endmacro %} +{% macro checkbox(name, label, checked=False) %} +<div class="form-group"> + <div class="checkbox"> + <label> + <input name="{{ name }}" type="checkbox"{{ ' checked' if checked }}> {{ label }} + </label> + </div> +</div> +{% endmacro %} + {% macro panel(type="default", heading=None, badge=None, title=0, collapsible=True, extended=False) %} {% if not heading %} {% set collapsible = False %}
--- a/farol/templates/new.j2 Mon Dec 22 15:26:48 2014 +0100 +++ b/farol/templates/new.j2 Tue Dec 30 14:34:48 2014 +0100 @@ -53,7 +53,7 @@ {% for (type, placeholder) in [ ('RHSA', 'YYYY:nnnn'), ('Oracle', 'nnnnnnn'), - ('Cisco', 'sa-YYYYMMDD-xxx')] %} + ('Cisco', 'sa-YYYYMMDD-xxx'),('CVE', 'CVE-YYYY-NNNN')] %} <div class="col-lg-4"> <form role="form" method="POST"> <input type="hidden" name="{{ type | lower}}">
--- a/farol/templates/producttree/edit_product.j2 Mon Dec 22 15:26:48 2014 +0100 +++ b/farol/templates/producttree/edit_product.j2 Tue Dec 30 14:34:48 2014 +0100 @@ -24,7 +24,7 @@ -#} {% extends "base.j2" %} -{% from "macros.j2" import textinput, selectinput2, examples %} +{% from "macros.j2" import textinput, selectinput2, examples, checkbox %} {% block title %}Edit the product{% endblock %} {% set active = 'product' %} @@ -40,12 +40,17 @@ <p>The <em>Product ID</em> attribute is required to identify a <strong>Full Product Name</strong> so that it can be referred to from other parts in the document. There is no predefined or required format for the <em>Product ID</em> as long as it uniquely identifies a product in the context of the current document. Examples include incremental integers or Globally Unique Identifiers (GUIDs).</p> {{ examples(['CVRFPID-0004']) }} {% endcall %} -{% call textinput('cpe', "CPE", placeholder="cpe:/a:...", value=product._cpe) %} +{% call textinput('cpe', "CPE", placeholder="cpe:...", value=product._cpe) %} <p>The Common Platform Enumeration (<em>CPE</em>) attribute refers to a method for naming platforms. The structure for CPE is described at http://cpe.mitre.org. The <em>CPE</em> can be either an integer (if MITRE has an entry for the platform in question) or a candidate string from the vendor if no MITRE entry yet exists.</p> {% endcall %} <hr> {{ selectinput2('parent_branch', "Parent Branch", orphaned_leaves , product.getParentPath()) }} +<p class="text-center"><em>-- or --</em></p> {{ selectinput2('parent_relationship', "Parent relationship", orphaned_relationships, current_rel) }} +<p class="text-center"><em>-- or --</em></p> +{% if action == "Add" %} + {{ checkbox('from_cpe', "Create branches/relation from CPE Value") }} +{% endif %} <button class="btn btn-primary" type="submit">{{ action }}</button> <a class="btn btn-danger" href="{{ url_for('.view') }}">Cancel</a>