default/cve/render.pug - security-vulnogram - Git at Google

 extends ../../views/render.pug

 block prepend content
     mixin slide(cve)
         .page.wht.shd.pad2.gap
             b.slideTitle
                 if cve.source && cve.source.advisory
                     = cve.source.advisory
                     |
                 = cve.CVE_data_meta.TITLE + ' (' + cve.CVE_data_meta.ID + ')'
             ul.bullets
                 li
                     b.term CVSS:
                     span.text
                         if cve.impact && cve.impact.cvss
                             +CVSS(cve.impact.cvss)
                 li
                     b.term PR:
                     span.text= cve.source.defect
                 li
                     b.term Affects:
                     span.text= getProductAffected(cve)
                 li
                     b.term Problem:
                     span.text
                         +mpara(cve.description.description_data.slice(0,1))
                         if cmap && Object.keys(cmap).length > 0 && cmap.constructor === Object
                             +mpara(cve.CNA_private.CVE_table_description)
                             each x, id in cmap
                                 = id + " "
                 li
                     b.term Workaround:
                     span.text
                         +mpara(cve.work_around)
                 li
                     b.term Solution:
                     span.text
                         +mpara(cve.solution)

 block pageDef
     mixin page(cve)
         - var sourceText = {"INTERNAL":"This issue was found during internal product security testing or research.", "EXTERNAL":"This issue was discovered during an external security research.", "USER":"This issue was seen during production usage.", "UNKNOWN":""};
         - var CDM = cve.CVE_data_meta;
         - var cveid = CDM.ID.match(/^CVE-[0-9-]+$/)? CDM.ID : 'CVE-yyyy-nnnn';
         h2
             if cve.source && cve.source.advisory
                 = cve.source.advisory
                 |
             = CDM.TITLE + ' (' + cveid + ')'

         h4 PRODUCT AFFECTED:

         p= getProductAffected(cve)

         h4 PROBLEM:
         if cve.impact
            for r in cve.impact
                p= "Severity: " + r.other
         +mpara(cve.description.description_data)
         +mpara(cve.configuration)
         +mpara(cve.exploit)
         if cve.source
             if sourceText[cve.source.discovery]
                 p=sourceText[cve.source.discovery]
             if CDM.AKA
                 p This issue is also known as
                     = CDM.AKA
                     |.
         if cmap && Object.keys(cmap).length > 0 && cmap.constructor === Object
             +mpara(cve.CNA_private.CVE_table_description)
             table.striped
                 tr.rowHead
                     th CVE
                     th CVSS
                     th Summary
                 each x, id in cmap
                     tr
                         td=id
                         td
                             if cmap[id] && cmap[id].impact
                                 +CVSS(cmap[id].impact.cvss)
                         td
                             if cmap[id] && cmap[id].summary
                                 =cmap[id].summary

         else
             p This issue has been assigned
                 a(href="https://www.cve.org/CVERecord?id="+cveid)=cveid
                 |.

         if cve.solution && cve.solution.length > 0
             h4 SOLUTION:

             +mpara(cve.solution)

         if cve.source.defect && cve.source.defect.length > 0
             p This issue is being tracked as
                 +linklist(cve.source.defect, defectURL)
                 |.
         if cve.work_around && cve.work_around.length > 0
             h4 WORKAROUND:
             +mpara(cve.work_around)

         h4 MODIFICATION HISTORY:

         p
             ul
                 li
                     +renderDate(CDM.DATE_PUBLIC)
                     | : Initial Publication.

         h4 RELATED LINKS:

         ul
             if CDM.ID
                 li
                     a(href="https://www.cve.org/CVERecord?id="+cveid)=cveid + " at cve.org"
             each r in cve.references.reference_data
                 li
                     a(href=r.url)=r.url

         if cve.impact && cve.impact.cvss
             h4 CVSS SCORE:
             p
                 +CVSS(cve.impact.cvss)
             if cve.impact.cvss.baseSeverity
                 h4 RISK LEVEL:
                 p=cve.impact.cvss.baseSeverity

         if cve.credit && cve.credit.length > 0
             h4 ACKNOWLEDGEMENTS:
             ul
                 each c in cve.credit
                     li= c.value

         if cve.CNA_private && cve.CNA_private.internal_comments
             h4 INTERNAL COMMENTS:
             p
                 +para(cve.CNA_private.internal_comments)

 mixin mitre(cve)
     h2 MITRE CVE entry preview
     #GeneratedTable
         table(cellpadding=0,cellspacing=0,border=0)
             tbody
                 tr
                     th(colspan=2) CVE-ID
                 tr
                     td(nowrap="nowrap")
                         h2=cve.CVE_data_meta.ID
                     td.ltgreybackground
                         .larger
                             a Learn more at National Vulnerability Database (NVD)
                         .smaller • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
                 tr
                     th(colspan=2) Description
                 tr
                     td(colspan=2)
                         each d in cve.description.description_data
                             =d.value
                             = ' '
                 tr
                     th(colspan=2) References
                 tr
                     td.note(colspan=2)
                         b Note:
                         a References
                         |  are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
                 tr
                     td(colspan=2)
                         ul
                             each r in cve.references.reference_data
                                 li
                                     a(target="_blank",href=r.url)=r.url
                 tr
                     th(colspan=2) Assigning CNA
                 tr
                     td(colspan=2)=cve.CVE_data_meta.ASSIGNER
                         |  (MITRE uses CNA name instead of email address)
                 tr
                     th(colspan=2) Date Entry Created
                 tr
                     td
                         b YYYYMMDD
                     td.ltgreybackground Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
	extends ../../views/render.pug

	block prepend content
	mixin slide(cve)
	.page.wht.shd.pad2.gap
	b.slideTitle
	if cve.source && cve.source.advisory
	= cve.source.advisory
	\|
	= cve.CVE_data_meta.TITLE + ' (' + cve.CVE_data_meta.ID + ')'
	ul.bullets
	li
	b.term CVSS:
	span.text
	if cve.impact && cve.impact.cvss
	+CVSS(cve.impact.cvss)
	li
	b.term PR:
	span.text= cve.source.defect
	li
	b.term Affects:
	span.text= getProductAffected(cve)
	li
	b.term Problem:
	span.text
	+mpara(cve.description.description_data.slice(0,1))
	if cmap && Object.keys(cmap).length > 0 && cmap.constructor === Object
	+mpara(cve.CNA_private.CVE_table_description)
	each x, id in cmap
	= id + " "
	li
	b.term Workaround:
	span.text
	+mpara(cve.work_around)
	li
	b.term Solution:
	span.text
	+mpara(cve.solution)

	block pageDef
	mixin page(cve)
	- var sourceText = {"INTERNAL":"This issue was found during internal product security testing or research.", "EXTERNAL":"This issue was discovered during an external security research.", "USER":"This issue was seen during production usage.", "UNKNOWN":""};
	- var CDM = cve.CVE_data_meta;
	- var cveid = CDM.ID.match(/^CVE-[0-9-]+$/)? CDM.ID : 'CVE-yyyy-nnnn';
	h2
	if cve.source && cve.source.advisory
	= cve.source.advisory
	\|
	= CDM.TITLE + ' (' + cveid + ')'

	h4 PRODUCT AFFECTED:

	p= getProductAffected(cve)

	h4 PROBLEM:
	if cve.impact
	for r in cve.impact
	p= "Severity: " + r.other
	+mpara(cve.description.description_data)
	+mpara(cve.configuration)
	+mpara(cve.exploit)
	if cve.source
	if sourceText[cve.source.discovery]
	p=sourceText[cve.source.discovery]
	if CDM.AKA
	p This issue is also known as
	= CDM.AKA
	\|.
	if cmap && Object.keys(cmap).length > 0 && cmap.constructor === Object
	+mpara(cve.CNA_private.CVE_table_description)
	table.striped
	tr.rowHead
	th CVE
	th CVSS
	th Summary
	each x, id in cmap
	tr
	td=id
	td
	if cmap[id] && cmap[id].impact
	+CVSS(cmap[id].impact.cvss)
	td
	if cmap[id] && cmap[id].summary
	=cmap[id].summary

	else
	p This issue has been assigned
	a(href="https://www.cve.org/CVERecord?id="+cveid)=cveid
	\|.

	if cve.solution && cve.solution.length > 0
	h4 SOLUTION:

	+mpara(cve.solution)

	if cve.source.defect && cve.source.defect.length > 0
	p This issue is being tracked as
	+linklist(cve.source.defect, defectURL)
	\|.
	if cve.work_around && cve.work_around.length > 0
	h4 WORKAROUND:
	+mpara(cve.work_around)

	h4 MODIFICATION HISTORY:

	p
	ul
	li
	+renderDate(CDM.DATE_PUBLIC)
	\| : Initial Publication.

	h4 RELATED LINKS:

	ul
	if CDM.ID
	li
	a(href="https://www.cve.org/CVERecord?id="+cveid)=cveid + " at cve.org"
	each r in cve.references.reference_data
	li
	a(href=r.url)=r.url

	if cve.impact && cve.impact.cvss
	h4 CVSS SCORE:
	p
	+CVSS(cve.impact.cvss)
	if cve.impact.cvss.baseSeverity
	h4 RISK LEVEL:
	p=cve.impact.cvss.baseSeverity

	if cve.credit && cve.credit.length > 0
	h4 ACKNOWLEDGEMENTS:
	ul
	each c in cve.credit
	li= c.value

	if cve.CNA_private && cve.CNA_private.internal_comments
	h4 INTERNAL COMMENTS:
	p
	+para(cve.CNA_private.internal_comments)

	mixin mitre(cve)
	h2 MITRE CVE entry preview
	#GeneratedTable
	table(cellpadding=0,cellspacing=0,border=0)
	tbody
	tr
	th(colspan=2) CVE-ID
	tr
	td(nowrap="nowrap")
	h2=cve.CVE_data_meta.ID
	td.ltgreybackground
	.larger
	a Learn more at National Vulnerability Database (NVD)
	.smaller • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
	tr
	th(colspan=2) Description
	tr
	td(colspan=2)
	each d in cve.description.description_data
	=d.value
	= ' '
	tr
	th(colspan=2) References
	tr
	td.note(colspan=2)
	b Note:
	a References
	\| are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
	tr
	td(colspan=2)
	ul
	each r in cve.references.reference_data
	li
	a(target="_blank",href=r.url)=r.url
	tr
	th(colspan=2) Assigning CNA
	tr
	td(colspan=2)=cve.CVE_data_meta.ASSIGNER
	\| (MITRE uses CNA name instead of email address)
	tr
	th(colspan=2) Date Entry Created
	tr
	td
	b YYYYMMDD
	td.ltgreybackground Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.