Vulnerability

Vulnerability and Instance Model Variables for Template Customization

In APTRS, the Vulnerability and Vulnerableinstance models are used to manage and track vulnerabilities and their instances across various projects. Below is an overview of the variables available for use in templates when working with these models.

Available Variables for Vulnerability Model

vulnerability.vulnerabilityname

The name of the vulnerability (e.g., "SQL Injection").

Example usage:

HTML

{% for vulnerability in vuln %}
<p>Vulnerability Name: {{ vulnerability.vulnerabilityname }}</p>
{% endfor %}

vulnerability.vulnerabilityseverity
- The severity of the vulnerability (e.g., "High", "Medium").
- Example usage:
 HTML
```
{% for vulnerability in vuln %}
Severity: {{ vulnerability.vulnerabilityseverity }}
{% endfor %}
```

vulnerability.cvssscore

The CVSS score associated with the vulnerability.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>CVSS Score: {{ vulnerability.cvssscore }}</p>
{% endfor %}

vulnerability.cvssvector

The CVSS vector associated with the vulnerability.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>CVSS Vector: {{ vulnerability.cvssvector }}</p>
{% endfor %}

vulnerability.status
- The status of the vulnerability, based on STATUS_CHOICES (e.g., Vulnerable, Confirm Fixed, Accepted Risk).
- Example usage:
 HTML
```
{% for vulnerability in vuln %}
Status: {{ vulnerability.status }}
{% endfor %}
```

vulnerability.vulnerabilitydescription

A description of the vulnerability.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>Description: {{ vulnerability.vulnerabilitydescription|clean_html }}</p>
{% endfor %}

vulnerability.POC

The proof of concept (POC) for the vulnerability.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>POC: {{ vulnerability.POC|clean_html }}</p>
{% endfor %}

vulnerability.vulnerabilitysolution

The recommended solution for the vulnerability.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>Solution: {{ vulnerability.vulnerabilitysolution|clean_html }}</p>
{% endfor %}

vulnerability.vulnerabilityreferlnk

A reference link related to the vulnerability.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>Reference Link: {{ vulnerability.vulnerabilityreferlnk|clean_html }}</p>
{% endfor %}

vulnerability.created

The timestamp when the vulnerability was created.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>Created: {{ vulnerability.created }}</p>
{% endfor %}

vulnerability.created_by
- The user who created the vulnerability.
- Example usage:
 HTML
```
{% for vulnerability in vuln %}
Created By: {{ vulnerability.created_by.username }}
{{ vulnerability.created_by.full_name }}
{% endfor %}
```
- Similar to project owner, you can use other filed as well like email, number or postion etc.

vulnerability.last_updated_by

The user who last updated the vulnerability.

Example usage:

HTML

{% for vulnerability in vuln %}
<p>Last Updated By: {{ vulnerability.last_updated_by.username }}</p>
{% endfor %}

Available Variables for Vulnerableinstance Model

instance.vulnerabilityid
The Vulnerability object associated with the instance.

Example usage:

HTML

{% for instance in instances %}
<p>Vulnerability Name: {{ instance.vulnerabilityid.vulnerabilityname }}</p>
{% endfor %}

instance.project
The project associated with the vulnerable instance.

Example usage:

HTML

{% for instance in instances %}
<p>Project: {{ instance.project.name }}</p>
{% endfor %}

instance.URL
The URL of the vulnerable instance.

Example usage:

HTML

{% for instance in instances %}
<p>URL: {{ instance.URL }}</p>
{% endfor %}

instance.Parameter
The parameter of the vulnerable instance.

Example usage:

HTML

{% for instance in instances %}
<p>Parameter: {{ instance.Parameter }}</p>
{% endfor %}

instance.status
The status of the vulnerable instance, based on STATUS_CHOICES (e.g., Vulnerable, Confirm Fixed, Accepted Risk).

Example usage:

HTML

{% for instance in instances %}
<p>Status: {{ instance.status }}</p>
{% endfor %}

Displaying Vulnerable Instances for a Specific Vulnerability in a Template

The instances query set or list does not associate with the vulnerability name, instances variable contain all instances for the project, In most cases we need all instances for a vulnerability. We can do that as well, you can check in the original vulnerabilities.html in the template or you can use this:

To display the instances for a specific vulnerability within a loop for vulnerabilities, you can use the following approach:

HTML

{% for vulnerability in vuln %}

 <p>Vulnerability Name: {{ vulnerability.vulnerabilityname }}</p>

<p>{{ vulnerability.vulnerabilitysolution|clean_html }}</p>

<p>{{ vulnerability.vulnerabilityreferlnk|clean_html }}</p>

<p>POC: {{ vulnerability.POC|clean_html }}</p>

  <p>Description: {{ vulnerability.vulnerabilitydescription|clean_html }}</p>

   <p>Status: {{ vulnerability.status }}</p>

   <p>CVSS Vector: {{ vulnerability.cvssvector }}</p>

   <p>Severity: {{ vulnerability.vulnerabilityseverity }}</p>

  {% for instance in instances %}

    {% if instance.vulnerabilityid.id == vulnerability.id %}
      <tr>
        <td>{{ instance.URL }}</td>
        <td>{{ instance.Parameter }}</td>
        <td>{{ instance.status }}</td>
      </tr>
    {% endif %}

  {% endfor %}

{% endfor %}