Vulnogram icon indicating copy to clipboard operation
Vulnogram copied to clipboard
verified publisher icon Vulnogram

Default minimal fields & bug fixes

Open sei-vsarvepalli opened this issue 3 years ago • 2 comments

This fixes a few issues such as #80 and #90 bugs. This new Vulnogram code strips down all the CVE fields to only required fields. There is a button with text "Show All Fields" that opens up the shebang of the fields. The fields impacts and problemTypes are removed from having a default value and being required.

It is all focused on simplifying CVE5.0 format using CVE-Services 2.1x API to manage CVE records. When you load a new CVE from GIT or from CVE Services, the full shebang of fields is opened up again allowing for full flexibility.

Look at the current demo version at https://democert.org/vulnogram/ -

Vijay

sei-vsarvepalli avatar Jul 04 '22 18:07 sei-vsarvepalli

Hi Vijay,

Thank you for this PR, I took in some of the fixes, but there seem to be too many unrelated changes part of the PR (due to how code was pulled and synced from branches) it is hard to review the exact changes.

Moreover looks like it is not that simple to toggle between displaying/hiding optional fields. If someone has entered something into an optional field, but toggles the view, that field gets hidden - but the data entered is still there. There is a risk garbage/half baked data could be submitted to CVE service. IOW if an optional field has user entered data, it should never be hidden.

There has to be better way to do this in JSON-editor and schema definition without relying on CSS.

chandanbn avatar Jul 18 '22 17:07 chandanbn

Hi Vijay,

Thank you for this PR, I took in some of the fixes, but there seem to be too many unrelated changes part of the PR (due to how code was pulled and synced from branches) it is hard to review the exact changes.

Moreover looks like it is not that simple to toggle between displaying/hiding optional fields. If someone has entered something into an optional field, but toggles the view, that field gets hidden - but the data entered is still there. There is a risk garbage/half baked data could be submitted to CVE service. IOW if an optional field has user entered data, it should never be hidden.

There has to be better way to do this in JSON-editor and schema definition without relying on CSS.

Yeh - sounds good. The JSON-editor schema change how I tried the first implementation. I just ran into a number of bugs when two schemas have multiple fields overlap. Didn't have time to really analyze the issue, so the broken CSS approach at least for those like our (CERT/CC's) own team needing a simple interface.

Vijay

sei-vsarvepalli avatar Jul 18 '22 17:07 sei-vsarvepalli