123123 ("duplicate" , "Duplicate" ),
124124 ("out_of_scope" , "Out of Scope" ))
125125
126+ CVSS_CALCULATOR_URLS = {
127+ "https://www.first.org/cvss/calculator/3-0" : "CVSS3 Calculator by FIRST" ,
128+ "https://www.first.org/cvss/calculator/4-0" : "CVSS4 Calculator by FIRST" ,
129+ "https://www.metaeffekt.com/security/cvss/calculator/" : "CVSS2/3/4 Calculator by Metaeffekt" ,
130+ }
131+
132+
126133vulnerability_ids_field = forms .CharField (max_length = 5000 ,
127134 required = False ,
128135 label = "Vulnerability Ids" ,
@@ -1231,11 +1238,7 @@ class AdHocFindingForm(forms.ModelForm):
12311238
12321239 cvss_info = forms .CharField (
12331240 label = "CVSS" ,
1234- widget = BulletListDisplayWidget ({
1235- "https://www.first.org/cvss/calculator/3-0" : "CVSS3 Calculator by FIRST" ,
1236- "https://www.first.org/cvss/calculator/4-0" : "CVSS4 Calculator by FIRST" ,
1237- "https://www.metaeffekt.com/security/cvss/calculator/" : "CVSS2/3/4 Calculator by Metaeffekt" ,
1238- }),
1241+ widget = BulletListDisplayWidget (CVSS_CALCULATOR_URLS ),
12391242 required = False ,
12401243 disabled = True )
12411244
@@ -1324,6 +1327,13 @@ class PromoteFindingForm(forms.ModelForm):
13241327 widget = forms .TextInput (attrs = {"class" : "datepicker" , "autocomplete" : "off" }))
13251328 cwe = forms .IntegerField (required = False )
13261329 vulnerability_ids = vulnerability_ids_field
1330+
1331+ cvss_info = forms .CharField (
1332+ label = "CVSS" ,
1333+ widget = BulletListDisplayWidget (CVSS_CALCULATOR_URLS ),
1334+ required = False ,
1335+ disabled = True )
1336+
13271337 cvssv3 = forms .CharField (label = "CVSS3" , max_length = 117 , required = False , widget = forms .TextInput (attrs = {"class" : "cvsscalculator" , "data-toggle" : "dropdown" , "aria-haspopup" : "true" , "aria-expanded" : "false" }))
13281338 cvssv3_score = forms .FloatField (label = "CVSS3 Score" , required = False , max_value = 10.0 , min_value = 0.0 )
13291339 cvssv4 = forms .CharField (label = "CVSS4" , max_length = 255 , required = False )
@@ -1344,7 +1354,7 @@ class PromoteFindingForm(forms.ModelForm):
13441354 references = forms .CharField (widget = forms .Textarea , required = False )
13451355
13461356 # the onyl reliable way without hacking internal fields to get predicatble ordering is to make it explicit
1347- field_order = ("title" , "group" , "date" , "sla_start_date" , "sla_expiration_date" , "cwe" , "vulnerability_ids" , "severity" , "cvssv3" ,
1357+ field_order = ("title" , "group" , "date" , "sla_start_date" , "sla_expiration_date" , "cwe" , "vulnerability_ids" , "severity" , "cvss_info" , " cvssv3"
13481358 "cvssv3_score" , "cvssv4" , "cvssv4_score" , "description" , "mitigation" , "impact" , "request" , "response" , "steps_to_reproduce" ,
13491359 "severity_justification" , "endpoints" , "endpoints_to_add" , "references" , "active" , "mitigated" , "mitigated_by" , "verified" ,
13501360 "false_p" , "duplicate" , "out_of_scope" , "risk_accept" , "under_defect_review" )
@@ -1388,6 +1398,13 @@ class FindingForm(forms.ModelForm):
13881398 widget = forms .TextInput (attrs = {"class" : "datepicker" , "autocomplete" : "off" }))
13891399 cwe = forms .IntegerField (required = False )
13901400 vulnerability_ids = vulnerability_ids_field
1401+
1402+ cvss_info = forms .CharField (
1403+ label = "CVSS" ,
1404+ widget = BulletListDisplayWidget (CVSS_CALCULATOR_URLS ),
1405+ required = False ,
1406+ disabled = True )
1407+
13911408 cvssv3 = forms .CharField (label = "CVSS3" , max_length = 117 , required = False , widget = forms .TextInput (attrs = {"class" : "cvsscalculator" , "data-toggle" : "dropdown" , "aria-haspopup" : "true" , "aria-expanded" : "false" }))
13921409 cvssv3_score = forms .FloatField (label = "CVSS3 Score" , required = False , max_value = 10.0 , min_value = 0.0 )
13931410 cvssv4 = forms .CharField (label = "CVSS4" , max_length = 255 , required = False )
@@ -1423,7 +1440,7 @@ class FindingForm(forms.ModelForm):
14231440 "invalid_choice" : EFFORT_FOR_FIXING_INVALID_CHOICE })
14241441
14251442 # the only reliable way without hacking internal fields to get predicatble ordering is to make it explicit
1426- field_order = ("title" , "group" , "date" , "sla_start_date" , "sla_expiration_date" , "cwe" , "vulnerability_ids" , "severity" , "cvssv3" ,
1443+ field_order = ("title" , "group" , "date" , "sla_start_date" , "sla_expiration_date" , "cwe" , "vulnerability_ids" , "severity" , "cvss_info" , " cvssv3"
14271444 "cvssv3_score" , "cvssv4" , "cvssv4_score" , "description" , "mitigation" , "impact" , "request" , "response" , "steps_to_reproduce" , "severity_justification" ,
14281445 "endpoints" , "endpoints_to_add" , "references" , "active" , "mitigated" , "mitigated_by" , "verified" , "false_p" , "duplicate" ,
14291446 "out_of_scope" , "risk_accept" , "under_defect_review" )
0 commit comments