diff options
Diffstat (limited to 'app/assets/javascripts/helpers/cve_id_request_helper.js')
-rw-r--r-- | app/assets/javascripts/helpers/cve_id_request_helper.js | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/app/assets/javascripts/helpers/cve_id_request_helper.js b/app/assets/javascripts/helpers/cve_id_request_helper.js new file mode 100644 index 00000000000..71d3fd4c4fe --- /dev/null +++ b/app/assets/javascripts/helpers/cve_id_request_helper.js @@ -0,0 +1,50 @@ +export function createCveIdRequestIssueBody(fullPath, iid) { + return `### Vulnerability Submission + +**NOTE:** Only maintainers of GitLab-hosted projects may request a CVE for +a vulnerability within their project. + +Project issue: ${fullPath}#${iid} + +#### Publishing Schedule + +After a CVE request is validated, a CVE identifier will be assigned. On what +schedule should the details of the CVE be published? + +* [ ] Publish immediately +* [ ] Wait to publish + +<!-- +Please fill out the yaml codeblock below +--> + +\`\`\`yaml +reporter: + name: "TODO" # "First Last" + email: "TODO" # "email@domain.tld" +vulnerability: + description: "TODO" # "[VULNTYPE] in [COMPONENT] in [VENDOR][PRODUCT] [VERSION] allows [ATTACKER] to [IMPACT] via [VECTOR]" + cwe: "TODO" # "CWE-22" # Path Traversal + product: + gitlab_path: "${fullPath}" + vendor: "TODO" # "Deluxe Sandwich Maker Company" + name: "TODO" # "Deluxe Sandwich Maker 2" + affected_versions: + - "TODO" # "1.2.3" + - "TODO" # ">1.3.0, <=1.3.9" + fixed_versions: + - "TODO" # "1.2.4" + - "TODO" # "1.3.10" + impact: "TODO" # "CVSS v3 string" # https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator + solution: "TODO" # "Upgrade to version 1.2.4 or 1.3.10" + credit: "TODO" + references: + - "TODO" # "https://some.domain.tld/a/reference" +\`\`\` + +CVSS scores can be computed by means of the [NVD CVSS Calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). + +/relate ${fullPath}#${iid} +/label ~"devops::secure" ~"group::vulnerability research" ~"vulnerability research::cve" ~"advisory::queued" + `; +} |