Skip to content

Commit

Permalink
Address review comments
Browse files Browse the repository at this point in the history 
Signed-off-by: Tushar Goel <[email protected]>
  • Loading branch information
@TG1999
TG1999 committed Jan 17, 2025
1 parent ca61981 commit 921898c
Show file tree
Hide file tree
Showing 3 changed files with 129 additions and 19 deletions.
103 changes: 103 additions & 0 deletions vulnerabilities/templates/vulnerability_details.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,13 @@
</span>
</a>
</li>
<li data-tab="severities-vectors">
<a>
<span>
Severity details ({{ severity_vectors|length }})
</span>
</a>
</li>

{% if vulnerability.exploits %}
<li data-tab="exploits">
Expand Down Expand Up @@ -398,6 +405,102 @@
</tr>
{% endfor %}
</div>

<div class="tab-div content" data-content="severities-vectors">
{% for severity_vector in severity_vectors %}
{% if severity_vector.version == '2.0' %}
Vector: {{ severity_vector.vectorString }}
<table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
<tr>
<th>Exploitability (E)</th>
<th>Access Vector (AV)</th>
<th>Access Complexity (AC)</th>
<th>Authentication (Au)</th>
<th>Confidentiality Impact (C)</th>
<th>Integrity Impact (I)</th>
<th>Availability Impact (A)</th>
</tr>
<tr>
<td>{{ severity_vector.exploitability|cvss_printer:"high,functional,unproven,proof_of_concept,not_defined" }}</td>
<td>{{ severity_vector.accessVector|cvss_printer:"local,adjacent_network,network" }}</td>
<td>{{ severity_vector.accessComplexity|cvss_printer:"high,medium,low" }}</td>
<td>{{ severity_vector.authentication|cvss_printer:"multiple,single,none" }}</td>
<td>{{ severity_vector.confidentialityImpact|cvss_printer:"none,partial,complete" }}</td>
<td>{{ severity_vector.integrityImpact|cvss_printer:"none,partial,complete" }}</td>
<td>{{ severity_vector.availabilityImpact|cvss_printer:"none,partial,complete" }}</td>
</tr>
</table>
{% elif severity_vector.version == '3.1' or severity_vector.version == '3.0'%}
Vector: {{ severity_vector.vectorString }}
<table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
<tr>
<th>Attack Vector (AV)</th>
<th>Attack Complexity (AC)</th>
<th>Privileges Required (PR)</th>
<th>User Interaction (UI)</th>
<th>Scope (S)</th>
<th>Confidentiality Impact (C)</th>
<th>Integrity Impact (I)</th>
<th>Availability Impact (A)</th>
</tr>
<tr>
<td>{{ severity_vector.attackVector|cvss_printer:"network,adjacent_network,local,physical"}}</td>
<td>{{ severity_vector.attackComplexity|cvss_printer:"low,high" }}</td>
<td>{{ severity_vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
<td>{{ severity_vector.userInteraction|cvss_printer:"none,required"}}</td>
<td>{{ severity_vector.scope|cvss_printer:"unchanged,changed" }}</td>
<td>{{ severity_vector.confidentialityImpact|cvss_printer:"high,low,none" }}</td>
<td>{{ severity_vector.integrityImpact|cvss_printer:"high,low,none" }}</td>
<td>{{ severity_vector.availabilityImpact|cvss_printer:"high,low,none" }}</td>
</tr>
</table>
{% elif severity_vector.version == '4' %}
Vector: {{ severity_vector.vectorString }}
<table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
<tr>
<th>Attack Vector (AV)</th>
<th>Attack Complexity (AC)</th>
<th>Attack Requirements (AT)</th>
<th>Privileges Required (PR)</th>
<th>User Interaction (UI)</th>

<th>Vulnerable System Impact Confidentiality (VC)</th>
<th>Vulnerable System Impact Integrity (VI)</th>
<th>Vulnerable System Impact Availability (VA)</th>

<th>Subsequent System Impact Confidentiality (SC)</th>
<th>Subsequent System Impact Integrity (SI)</th>
<th>Subsequent System Impact Availability (SA)</th>
</tr>
<tr>
<td>{{ severity_vector.attackVector|cvss_printer:"network,adjacent,local,physical"}}</td>
<td>{{ severity_vector.attackComplexity|cvss_printer:"low,high" }}</td>
<td>{{ severity_vector.attackRequirement|cvss_printer:"none,present" }}</td>
<td>{{ severity_vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
<td>{{ severity_vector.userInteraction|cvss_printer:"none,passive,active"}}</td>

<td>{{ severity_vector.vulnerableSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
<td>{{ severity_vector.vulnerableSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
<td>{{ severity_vector.vulnerableSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>

<td>{{ severity_vector.subsequentSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
<td>{{ severity_vector.subsequentSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
<td>{{ severity_vector.subsequentSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>
</tr>
</table>
{% elif severity_vector.version == 'ssvc' %}
<hr/>
Vector: {{ severity_vector.vectorString }}
<hr/>
{% endif %}
{% empty %}
<tr>
<td>
There are no known vectors.
</td>
</tr>
{% endfor %}
</div>


<div class="tab-div content" data-content="epss">
Expand Down
22 changes: 4 additions & 18 deletions vulnerabilities/templates/vulnerability_package_details.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
{% load url_filters %}

{% block title %}
VulnerableCode Vulnerability Details - {{ vulnerability.vulnerability_id }}
VulnerableCode Vulnerability Package Details - {{ vulnerability.vulnerability_id }}
{% endblock %}

{% block content %}
Expand All @@ -16,27 +16,14 @@
<div class="details-container">
<article class="panel is-info panel-header-only">
<div class="panel-heading py-2 is-size-6">
Vulnerability details:
Vulnerable and Fixing Package details for Vulnerability:
<span class="tag is-white custom">
{{ vulnerability.vulnerability_id }}
</span>
</div>
</article>

<div class="tabs is-boxed" id="tabs">
<ul>
<li data-tab="affected-fixed-by">
<a>
<span>
Affected/Fixed by packages ({{ affected_packages|length }}/{{ fixed_by_packages|length }})
</span>
</a>
</li>
</ul>
</div>
<div id="tab-content">
<div class="tab-div is-active" data-content="affected-fixed-by">
<table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
<div id="tab-content">
<table class="table vcio-table width-100-pct mt-2">
<thead>
<tr>
<th style="width: 50%;">Affected</th>
Expand Down Expand Up @@ -76,7 +63,6 @@
</tbody>
</table>
</div>
</div>
</div>
</section>
{% endif %}
Expand Down
23 changes: 22 additions & 1 deletion vulnerabilities/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,12 +182,33 @@ def get_context_data(self, **kwargs):
if weakness_object.weakness
]

severity_vectors = []
severity_values = set()
for s in self.object.severities.all():
if s.scoring_system == EPSS.identifier:
continue

if s.scoring_elements and s.scoring_system in SCORING_SYSTEMS:
try:
vector_values = SCORING_SYSTEMS[s.scoring_system].get(s.scoring_elements)
severity_vectors.append(vector_values)
except (
CVSS2MalformedError,
CVSS3MalformedError,
CVSS4MalformedError,
NotImplementedError,
):
logging.error(f"CVSSMalformedError for {s.scoring_elements}")

if s.value:
severity_values.add(s.value)

context.update(
{
"vulnerability": vulnerability,
"vulnerability_search_form": VulnerabilitySearchForm(self.request.GET),
"severities": list(vulnerability.severities.all()),
"severity_score_range": "",
"severity_vectors": severity_vectors,
"references": list(vulnerability.references.all()),
"aliases": list(vulnerability.aliases.all()),
"weaknesses": weaknesses_present_in_db,
Expand Down

0 comments on commit 921898c

Please sign in to comment.