Vulnerability

Vulnerability and Instance Model Variables for Template Customization

In APTRS, the Vulnerability and Vulnerableinstance models are used to manage and track vulnerabilities and their instances across various projects. APTRS provide {{vulnerabilities}} tag with list of all vulnerabilities and its instances. Below is an overview of the variables available for use in templates when working with these models.

Available Variables for Vulnerability Model

vulnerability.vulnerabilityname

The name of the vulnerability (e.g., "SQL Injection").

Example usage:

Python

{% for vulnerability in vulnerabilities %}
Vulnerability Name: {{ vulnerability.vulnerabilityname }}
{% endfor %}

vulnerability.vulnerabilityseverity

The severity of the vulnerability (e.g., "High", "Medium").

Example usage:

Python

{% for vulnerability in vulnerabilities %}
Severity: {{ vulnerability.vulnerabilityseverity }}
{% endfor %}

vulnerability.cvssscore

The CVSS score associated with the vulnerability.

Example usage:

Python

{% for vulnerability in vulnerabilities %}
CVSS Score: {{ vulnerability.cvssscore }}
{% endfor %}

vulnerability.cvssvector

The CVSS vector associated with the vulnerability.

Example usage:

Python

{% for vulnerability in vulnerabilities %}
CVSS Vector: {{ vulnerability.cvssvector }}
{% endfor %}

vulnerability.status
- The status of the vulnerability, based on STATUS_CHOICES (e.g., Vulnerable, Confirm Fixed, Accepted Risk).
- Example usage:
  Python
```
{% for vulnerability in vulnerabilities %}
Status: {{ vulnerability.status }}
{% endfor %}
```
vulnerability.vulnerabilitydescription
- A description of the vulnerability.
- Example usage:
  Python
```
{% for vulnerability in vulnerabilities %}
Description: {{p vulnerability.vulnerabilitydescription }}
{% endfor %}
```
- It uses CKeditor HTML data, its converted into the docx format from HTML, hence its required to use p at the start of the tag.
vulnerability.POC
- The proof of concept (POC) for the vulnerability.
- Example usage:
  Python
```
{% for vulnerability in vulnerabilities %}
POC: {{p vulnerability.POC }}
{% endfor %}
```
- It uses CKeditor HTML data, its converted into the docx format from HTML, hence its required to use p at the start of the tag.
vulnerability.vulnerabilitysolution
- The recommended solution for the vulnerability.
- Example usage:
  Python
```
{% for vulnerability in vulnerabilities %}
Solution: {{p vulnerability.vulnerabilitysolution }}
{% endfor %}
```
- It uses CKeditor HTML data, its converted into the docx format from HTML, hence its required to use p at the start of the tag.
vulnerability.vulnerabilityreferlnk
- A reference link related to the vulnerability.
- Example usage:
  Python
```
{% for vulnerability in vulnerabilities %}
Reference Link: {{p vulnerability.vulnerabilityreferlnk }}
{% endfor %}
```
- It uses CKeditor HTML data, its converted into the docx format from HTML, hence its required to use p at the start of the tag.

vulnerability.created

The timestamp when the vulnerability was created.

Example usage:

Python

{% for vulnerability in vulnerabilities %}
Created: {{ vulnerability.created }}
{% endfor %}

vulnerability.created_by
- The user who created the vulnerability.
- Example usage:
  Python
```
{% for vulnerability in vulnerabilities %}
Created By: {{ vulnerability.created_by.username }}
{{ vulnerability.created_by.full_name }}
{% endfor %}
```
- Similar to project owner, you can use other filed as well like email, number or postion etc.

vulnerability.last_updated_by

The user who last updated the vulnerability.

Example usage:

Python

{% for vulnerability in vulnerabilities %}
Last Updated By: {{ vulnerability.last_updated_by.username }}
{{ vulnerability.last_updated_by.full_name }}
{% endfor %}

vulnerability.instances_data

Acess all instaces of the vulnerability.

Example usage:

Python

{% for vulnerability in vulnerabilities %}

      {for instance in vulnerability.instances_data %}
      ## This give all instances for vulnerabiltiy in current loop

        URL: {{ instance.URL }}
        Parameter: {{ instance.Parameter }}
        Parameter: {{ instance.Status }}

      {% endfor %}

{% endfor %}

Example

Python

{% for vulnerability in vulnerabilities %}

    Vulnerability Name: {{ vulnerability.vulnerabilityname }}

    Severity: {{ vulnerability.vulnerabilityseverity }}

    CVSS Score: {{ vulnerability.cvssscore }}

    CVSS Vector: {{ vulnerability.cvssvector }}

    Status: {{ vulnerability.status }}

    Description:  
    {{p vulnerability.vulnerabilitydescription }}

    POC:  
    {{p vulnerability.POC }}

    Solution:  
    {{p vulnerability.vulnerabilitysolution }}

    Reference Link:  
    {{p vulnerability.vulnerabilityreferlnk }}

    Created On: {{ vulnerability.created }}

    Created By:  
    - Username: {{ vulnerability.created_by.username }}  
    - Full Name: {{ vulnerability.created_by.full_name }}
    - Email: {{ vulnerability.created_by.email }}
    - Number: {{ vulnerability.created_by.number }}

    Last Updated By:  
    - Username: {{ vulnerability.last_updated_by.username }}
    - Full Name: {{ vulnerability.last_updated_by.full_name }}
    - Email: {{ vulnerability.last_updated_by.email }}
    - Number: {{ vulnerability.last_updated_by.number }}

    Instances

      {for instance in vulnerability.instances_data %}

        URL: {{ instance.URL }}
        Parameter: {{ instance.Parameter }}
        Parameter: {{ instance.Status }}

      {% endfor %}

{% endfor %}

Reference

For reference you can see vulnerabilities tag as below json object

JSON

vulnerabilities = [
    {
        "project": "Project Name or ID",  
        "vulnerabilityname": "SQL Injection in Login Page",
        "vulnerabilityseverity": "High",
        "cvssscore": 9.8,
        "cvssvector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "status": "Vulnerable",
        "vulnerabilitydescription": "Converted DOCX content for vulnerability 1 description",
        "POC": "Converted DOCX content for vulnerability 1 proof of concept",
        "created": "2024-11-20T10:15:30Z",
        "vulnerabilitysolution": "Converted DOCX content for vulnerability 1 solution",
        "vulnerabilityreferlnk": "Converted DOCX content for vulnerability 1 reference link",
        "created_by": "User1",
        "last_updated_by": "User2",
        "instances_data": [
            {
                "URL": "https://example.com/vulnerable-endpoint-1",
                "Parameter": "user_id",
                "Status": "Open"
            },
            {
                "URL": "https://example.com/another-endpoint-1",
                "Parameter": "",
                "Status": "Closed"
            }
        ]
    },
    {
        "project": "Project Name or ID",  
        "vulnerabilityname": "Cross-Site Scripting in Search Page",
        "vulnerabilityseverity": "Medium",
        "cvssscore": 6.5,
        "cvssvector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "status": "Vulnerable",
        "vulnerabilitydescription": "Converted DOCX content for vulnerability 2 description",
        "POC": "Converted DOCX content for vulnerability 2 proof of concept",
        "created": "2024-11-19T14:10:45Z",
        "vulnerabilitysolution": "Converted DOCX content for vulnerability 2 solution",
        "vulnerabilityreferlnk": "Converted DOCX content for vulnerability 2 reference link",
        "created_by": "User3",
        "last_updated_by": "User4",
        "instances_data": [
            {
                "URL": "https://example.com/vulnerable-endpoint-2",
                "Parameter": "session_id",
                "Status": "Open"
            },
            {
                "URL": "https://example.com/another-endpoint-2",
                "Parameter": "order_id",
                "Status": "Closed"
            }
        ]
    }
]