Mercurial > farol
changeset 48:c6753fb93b3b
Add Description to the vulnerability/edit fields
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 07 Oct 2014 15:30:22 +0200 |
| parents | 309330b215d3 |
| children | 5583ddcd6164 |
| files | farol/templates/vulnerability/edit.j2 |
| diffstat | 1 files changed, 26 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/farol/templates/vulnerability/edit.j2 Tue Oct 07 14:47:01 2014 +0200 +++ b/farol/templates/vulnerability/edit.j2 Tue Oct 07 15:30:22 2014 +0200 @@ -24,24 +24,43 @@ -#} {% extends "base.j2" %} -{% from "macros.j2" import textinput, panel %} +{% from "macros.j2" import textinput, panel, examples %} {% block title %}{{ vulnerability._title }}{% endblock %} {% set active="vulnerability" %} {% block content %} +<p><strong>Vulnerability</strong> is a container for the aggregation of all fields that are related to a single vulnerability in the document</p> <form role="form" method="POST"> - {{ textinput('ordinal', "Ordinal", value=vulnerability._ordinal, required=True, type="number", extras={'min': '1'}) }} - {{ textinput('title', "Title", value=vulnerability._title or '') }} + {% call textinput('ordinal', "Ordinal", value=vulnerability._ordinal, required=True, type="number", extras={'min': '1'}) %} + <p><em>Ordinal</em> is a locally significant value used to track vulnerabilities inside a CVRF document. It is provided to enable specific vulnerabilities to be referenced from elsewhere in the document (or even outside the namespace of a document provided that a unique <strong>Document Title</strong> and Revision information are provided). There should be one of these values for every <strong>Vulnerability</strong> container in a document, and it is recommended that <em>Ordinal</em> should be instantiated as a monotonically increasing counter, indexed from 1.</p> + {% endcall %} + {% call textinput('title', "Title", value=vulnerability._title or '') %} + <p><strong>Title</strong> gives the document producer the ability to apply a canonical name or title to the vulnerability. To avoid confusion, it is recommended that, if employed, this element commensurately match the nomenclature used by any numbering or cataloging systems references elsewhere, such as the <strong>Document Title</strong> or <strong>CVE</strong>.</p> + {{ examples(['February 2011 TelePresence Vulnerability Bundle']) }} + {% endcall %} {% call panel(heading="ID", title=4, collapsible=False) %} + <p>ID gives the document producer a place to publish a unique label or tracking ID for the vulnerability (if such information exists).</p> + <p>General examples may include an identifier from a vulnerability tracking system that is available to customers, such as a Cisco bug ID, an ID from a Bugzilla system, or an ID from a public vulnerability database such as the X-Force Database. The <strong>ID</strong> may be a vendor-specific value.</p> {% with id = vulnerability._id %} - {{ textinput('systemname', "System Name", value= id and (id._systemname or '') or '') }} + {% call textinput('systemname', "System Name", value= id and (id._systemname or '') or '') %} + <p>The attribute <em>System Name</em> indicates the name of the vulnerability tracking or numbering system that this <strong>ID</strong> comes from. Every <strong>ID</strong> value should have exactly one <em>System Name</em>. It is helpful if document producers use unique and consistent system names.</p> + {{ examples(['Cisco Bug ID']) }} + {% endcall %} {{ textinput('id_value', "Value", value= id and (id._value or '') or '') }} {% endwith %} {% endcall %} - {{ textinput('discoverydate', "Discovery Date", now.isoformat(), vulnerability._discoverydate and vulnerability._discoverydate.isoformat() or '', type="datetime") }} - {{ textinput('releasedate', "Release Date", now.isoformat(), vulnerability._releasedate and vulnerability._releasedate.isoformat() or '', type="datetime") }} - {{ textinput('cve', "CVE", 'CVE-xxxx-yyyy', vulnerability._cve) }} + {% call textinput('discoverydate', "Discovery Date", now.isoformat(), vulnerability._discoverydate and vulnerability._discoverydate.isoformat() or '', type="datetime") %} + <p>The <strong>Discovery Date</strong> is the date the vulnerability was originally discovered. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.</p> + {% endcall %} + {% call textinput('releasedate', "Release Date", now.isoformat(), vulnerability._releasedate and vulnerability._releasedate.isoformat() or '', type="datetime") %} + <p>The <strong>Release Date</strong> is the date the vulnerability was originally released into the wild. All dateTime values in CVRF require a time, and we recommend the inclusion of a time zone as well (ICASI endorses the use of GMT or “Zulu time”). If a time zone is excluded, Zulu should be assumed.</p> + {% endcall %} + {% call textinput('cve', "CVE", 'CVE-xxxx-yyyy', vulnerability._cve) %} + <p><strong>CVE</strong> contains the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. CVE is a standard for vulnerability naming that provides improved tracking of vulnerabilities over time across different reporting sources. More information about CVE is available at {{ 'http://cve.mitre.org/' | urlize }}.</p> + {{ examples(['CVE-2006-0010']) }} + {% endcall %} <button type="submit" class="btn btn-primary">{{ action or 'Update' }}</button> + <a class="btn btn-danger" href="{% if action=='Add' %}{{ url_for('document.view') }}{% else %}{{ url_for('.view', ordinal=vulnerability._ordinal) }}{% endif %}">Cancel</a> </form> {% endblock %}