From 6a09fd70f7b29288e0b7c29bc99b7c620a08c48a Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Sun, 26 Dec 2021 20:18:23 -0500 Subject: [PATCH 01/15] Use an issue form for product submissions Switch to using a GitHub Issues form for product submission issues. This will provide a smoother interface for users to submit products to the database and ensure that certain values are included with a submission. --- .../product-submission-template.md | 27 ------- .../product-submission-template.yml | 73 +++++++++++++++++++ 2 files changed, 73 insertions(+), 27 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/product-submission-template.md create mode 100644 .github/ISSUE_TEMPLATE/product-submission-template.yml diff --git a/.github/ISSUE_TEMPLATE/product-submission-template.md b/.github/ISSUE_TEMPLATE/product-submission-template.md deleted file mode 100644 index a92609b..0000000 --- a/.github/ISSUE_TEMPLATE/product-submission-template.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Product Submission Template -about: Template for product submissions of all publicly available information - and vendor-supplied advisories regarding the log4j vulnerability. ---- -# Submission Template # - -Please provide the following information. - -- Vendor Name -- Product Name -- Version(s) affected -- Status: Please choose from one of the following - Unknown, Affected, - Not Affected, Fixed, and Under Investigation. -- Update Available: Yes or No (If Yes, please provide link to information) -- Notes -- References -- Last Updated: Date of last update - -For questions about choice for status, please see the information below. - -- Unknown - Status unknown. Default choice. -- Affected - Reported to be affected by CVE-2021-44228. -- Not Affected - Reported to NOT be affected by CVE-2021-44228 and no further - action necessary. -- Fixed - Patch and/or mitigations available (see provided links). -- Under Investigation - Vendor investigating status. diff --git a/.github/ISSUE_TEMPLATE/product-submission-template.yml b/.github/ISSUE_TEMPLATE/product-submission-template.yml new file mode 100644 index 0000000..c5a66b1 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/product-submission-template.yml @@ -0,0 +1,73 @@ +--- +name: Submit a Product +description: Submit a product to the database +title: "[Product Submission]: - " +body: + - type: markdown + attributes: + value: | + For questions about choice for status, please see the information below. + + - Unknown - Status unknown. Default choice. + - Affected - Reported to be affected by CVE-2021-44228. + - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no + further action necessary. + - Fixed - Patch and/or mitigations available (see provided links). + - Under Investigation - Vendor investigating status. + - type: input + id: product-vendor + attributes: + label: Product vendor + description: Who is the vendor for the product? + validations: + required: true + - type: input + id: product-name + attributes: + label: Product name + description: What is the product? + validations: + required: true + - type: input + id: product-versions + attributes: + label: Product version(s) + description: What version(s) of the product are affected? + validations: + required: true + - type: dropdown + id: product-status + attributes: + label: Product status + description: What is the current status of the affected product? + options: + - Unknown + - Affected + - Not Affected + - Fixed + - Under Investigation + validations: + required: true + - type: dropdown + id: product-updated + attributes: + label: Product update available + description: Is there an update available for the product? + options: + - "Yes" + - "No" + validations: + required: true + - type: input + id: product-update-link + attributes: + label: Product update link + description: If an update is available where can it be found? + - type: textarea + id: product-notes + attributes: + label: Notes + - type: textarea + id: product-references + attributes: + label: References From 847a4f248eb017acc4c7a826153ce1e5830a32d0 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Sun, 26 Dec 2021 20:23:20 -0500 Subject: [PATCH 02/15] Add an issue form for product updates Provide an issue form for product updates to complement the one for product submissions. This will encourage people to follow the specific workflows for submissions and updates. --- .../product-update-template.yml | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/product-update-template.yml diff --git a/.github/ISSUE_TEMPLATE/product-update-template.yml b/.github/ISSUE_TEMPLATE/product-update-template.yml new file mode 100644 index 0000000..109c12c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/product-update-template.yml @@ -0,0 +1,58 @@ +--- +name: Update a Product +description: Update information about a product in the database +title: "[Product Update]: - " +body: + - type: markdown + attributes: + value: | + For questions about choice for status, please see the information below. + + - Unknown - Status unknown. Default choice. + - Affected - Reported to be affected by CVE-2021-44228. + - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no + further action necessary. + - Fixed - Patch and/or mitigations available (see provided links). + - Under Investigation - Vendor investigating status. + - type: textarea + id: update-context + attributes: + label: Context + description: Please provide context around the update + - type: input + id: product-versions + attributes: + label: Product version(s) + description: What version(s) of the product are affected? + - type: dropdown + id: product-status + attributes: + label: Product status + description: What is the current status of the affected product? + options: + - Unknown + - Affected + - Not Affected + - Fixed + - Under Investigation + - type: dropdown + id: product-updated + attributes: + label: Product update available + description: Is there an update available for the product? + options: + - "Yes" + - "No" + - type: input + id: product-update-link + attributes: + label: Product update link + description: If an update is available where can it be found? + - type: textarea + id: product-notes + attributes: + label: Notes + - type: textarea + id: product-references + attributes: + label: References From 20f82c96c0b77a7cc9357ed856c1b2e447a93a0c Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Sun, 26 Dec 2021 20:27:25 -0500 Subject: [PATCH 03/15] Rename template files to reflect that they are now forms --- ...roduct-submission-template.yml => product-submission-form.yml} | 0 .../{product-update-template.yml => product-update-form.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .github/ISSUE_TEMPLATE/{product-submission-template.yml => product-submission-form.yml} (100%) rename .github/ISSUE_TEMPLATE/{product-update-template.yml => product-update-form.yml} (100%) diff --git a/.github/ISSUE_TEMPLATE/product-submission-template.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml similarity index 100% rename from .github/ISSUE_TEMPLATE/product-submission-template.yml rename to .github/ISSUE_TEMPLATE/product-submission-form.yml diff --git a/.github/ISSUE_TEMPLATE/product-update-template.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml similarity index 100% rename from .github/ISSUE_TEMPLATE/product-update-template.yml rename to .github/ISSUE_TEMPLATE/product-update-form.yml From aa710d2818599379bc9db6e95d7e74ab6e2e8736 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Sun, 26 Dec 2021 20:32:00 -0500 Subject: [PATCH 04/15] Add missing input to issue forms Added an input to provide information about the date of a product's last update. --- .github/ISSUE_TEMPLATE/product-submission-form.yml | 5 +++++ .github/ISSUE_TEMPLATE/product-update-form.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index c5a66b1..6e71253 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -63,6 +63,11 @@ body: attributes: label: Product update link description: If an update is available where can it be found? + - type: input + id: product-last-updated + attributes: + label: Last updated + description: When was the product last updated? - type: textarea id: product-notes attributes: diff --git a/.github/ISSUE_TEMPLATE/product-update-form.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml index 109c12c..2789269 100644 --- a/.github/ISSUE_TEMPLATE/product-update-form.yml +++ b/.github/ISSUE_TEMPLATE/product-update-form.yml @@ -48,6 +48,11 @@ body: attributes: label: Product update link description: If an update is available where can it be found? + - type: input + id: product-last-updated + attributes: + label: Last updated + description: When was the product last updated? - type: textarea id: product-notes attributes: From 41e536e228aeb482bccab31f5bc6e448c6b6264b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 10:08:20 -0500 Subject: [PATCH 05/15] Adjust markdown element in product submission form Move the markdown element that explains available statuses down so it appears close to where a user is selecting the status. Given how form elements are rendered it has been adjusted to appear after the dropdown itself. Co-authored-by: dav3r --- .../product-submission-form.yml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index 6e71253..aa83f80 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -3,17 +3,6 @@ name: Submit a Product description: Submit a product to the database title: "[Product Submission]: - " body: - - type: markdown - attributes: - value: | - For questions about choice for status, please see the information below. - - - Unknown - Status unknown. Default choice. - - Affected - Reported to be affected by CVE-2021-44228. - - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no - further action necessary. - - Fixed - Patch and/or mitigations available (see provided links). - - Under Investigation - Vendor investigating status. - type: input id: product-vendor attributes: @@ -48,6 +37,17 @@ body: - Under Investigation validations: required: true + - type: markdown + attributes: + value: | + Please use the information below when selecting a status. + + - Unknown - Status unknown. Default choice. + - Affected - Reported to be affected by CVE-2021-44228. + - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no + further action necessary. + - Fixed - Patch and/or mitigations available (see provided links). + - Under Investigation - Vendor investigating status. - type: dropdown id: product-updated attributes: From b5ab6c3fb9f0ae8abc17048433deee67ac035c3f Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 10:18:59 -0500 Subject: [PATCH 06/15] Adjust a description in the product submission form Adjust the product name description to be more similar to other descriptions. --- .github/ISSUE_TEMPLATE/product-submission-form.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index aa83f80..af54400 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -14,7 +14,7 @@ body: id: product-name attributes: label: Product name - description: What is the product? + description: What is the name of the product? validations: required: true - type: input From 0804f1e8e92af46a11ad97e81daa1cb7f78f729d Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 10:20:14 -0500 Subject: [PATCH 07/15] Update dropdown in the product submission form Update the product update dropdown's label and options. Mainly focused on removing usage of Yes/No because these are boolean values in YAML and thus needed special handling compared to other strings. Co-authored-by: dav3r Co-authored-by: Shane Frasier --- .github/ISSUE_TEMPLATE/product-submission-form.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index af54400..0504f98 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -51,11 +51,11 @@ body: - type: dropdown id: product-updated attributes: - label: Product update available + label: Product update description: Is there an update available for the product? options: - - "Yes" - - "No" + - Available + - Not Available validations: required: true - type: input From 230b4c999e47f0967ab130bdbf6a8a6eb3fdec1b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 10:27:14 -0500 Subject: [PATCH 08/15] Add placeholders in the product submission form Add placeholders for some of the required inputs in the form. This will be most helpful for the product version, but for completeness they have also been added for the product vendor and name. Co-authored-by: dav3r --- .github/ISSUE_TEMPLATE/product-submission-form.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index 0504f98..345c5d7 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -8,6 +8,7 @@ body: attributes: label: Product vendor description: Who is the vendor for the product? + placeholder: Cisco, Dell, IBM, etc. validations: required: true - type: input @@ -15,6 +16,7 @@ body: attributes: label: Product name description: What is the name of the product? + placeholder: AppDynamics, BigFix Inventory, Centera, etc. validations: required: true - type: input @@ -22,6 +24,7 @@ body: attributes: label: Product version(s) description: What version(s) of the product are affected? + placeholder: v2; 1.5; >3; >=4; >5, <6; etc. validations: required: true - type: dropdown From abc70b1787fa5e26e26f2c907c6d6db900e5caf0 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 10:54:24 -0500 Subject: [PATCH 09/15] Adjust markdown element in product update form Move the markdown element that explains available statuses down so it appears close to where a user is selecting the status. Given how form elements are rendered it has been adjusted to appear after the dropdown itself. This mirrors changes made in the product submission form. --- .../ISSUE_TEMPLATE/product-update-form.yml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/product-update-form.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml index 2789269..3ce52de 100644 --- a/.github/ISSUE_TEMPLATE/product-update-form.yml +++ b/.github/ISSUE_TEMPLATE/product-update-form.yml @@ -3,17 +3,6 @@ name: Update a Product description: Update information about a product in the database title: "[Product Update]: - " body: - - type: markdown - attributes: - value: | - For questions about choice for status, please see the information below. - - - Unknown - Status unknown. Default choice. - - Affected - Reported to be affected by CVE-2021-44228. - - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no - further action necessary. - - Fixed - Patch and/or mitigations available (see provided links). - - Under Investigation - Vendor investigating status. - type: textarea id: update-context attributes: @@ -35,6 +24,17 @@ body: - Not Affected - Fixed - Under Investigation + - type: markdown + attributes: + value: | + Please use the information below when selecting a status. + + - Unknown - Status unknown. Default choice. + - Affected - Reported to be affected by CVE-2021-44228. + - Not Affected - Reported to NOT be affected by CVE-2021-44228 and no + further action necessary. + - Fixed - Patch and/or mitigations available (see provided links). + - Under Investigation - Vendor investigating status. - type: dropdown id: product-updated attributes: From df6ac390835efadda738624f4eb133f44b7fda74 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 12:21:46 -0500 Subject: [PATCH 10/15] Add inputs to product update form Add product vendor and product name inputs to the update form. This will ensure that even if a submitter does not update the title we capture this information. --- .github/ISSUE_TEMPLATE/product-update-form.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/product-update-form.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml index 3ce52de..2167d7e 100644 --- a/.github/ISSUE_TEMPLATE/product-update-form.yml +++ b/.github/ISSUE_TEMPLATE/product-update-form.yml @@ -3,6 +3,22 @@ name: Update a Product description: Update information about a product in the database title: "[Product Update]: - " body: + - type: input + id: product-vendor + attributes: + label: Product vendor + description: Who is the vendor for the product? + placeholder: Cisco, Dell, IBM, etc. + validations: + required: true + - type: input + id: product-name + attributes: + label: Product name + description: What is the name of the product? + placeholder: AppDynamics, BigFix Inventory, Centera, etc. + validations: + required: true - type: textarea id: update-context attributes: From a91ebf78a6ef8e7d564c4d54d99a930977e0d841 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 12:39:38 -0500 Subject: [PATCH 11/15] Add missing punctuation in description in product update form --- .github/ISSUE_TEMPLATE/product-update-form.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/product-update-form.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml index 2167d7e..58f6ec9 100644 --- a/.github/ISSUE_TEMPLATE/product-update-form.yml +++ b/.github/ISSUE_TEMPLATE/product-update-form.yml @@ -23,7 +23,7 @@ body: id: update-context attributes: label: Context - description: Please provide context around the update + description: Please provide context around the update. - type: input id: product-versions attributes: From 90a215e6188daba6c5893f2dd17ba7bafd2fa21b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 12:45:46 -0500 Subject: [PATCH 12/15] Add a placeholder to the product issue forms Add a placeholder value for the last updated input in both the product submission and product update issue forms. This will encourage the appropriate timestamp format. --- .github/ISSUE_TEMPLATE/product-submission-form.yml | 1 + .github/ISSUE_TEMPLATE/product-update-form.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index 345c5d7..9353ce6 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -71,6 +71,7 @@ body: attributes: label: Last updated description: When was the product last updated? + placeholder: "2021-12-06" - type: textarea id: product-notes attributes: diff --git a/.github/ISSUE_TEMPLATE/product-update-form.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml index 58f6ec9..0f66eb8 100644 --- a/.github/ISSUE_TEMPLATE/product-update-form.yml +++ b/.github/ISSUE_TEMPLATE/product-update-form.yml @@ -69,6 +69,7 @@ body: attributes: label: Last updated description: When was the product last updated? + placeholder: "2021-12-06" - type: textarea id: product-notes attributes: From 01a719c4c61f46292b818c06307c2d0c32f7bd20 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 13:59:16 -0500 Subject: [PATCH 13/15] Update dropdown in the product update form Update the product update dropdown's label and options. Mainly focused on removing usage of Yes/No because these are boolean values in YAML and thus needed special handling compared to other strings. This mirrors changes done to the product submission form. --- .github/ISSUE_TEMPLATE/product-update-form.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/product-update-form.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml index 0f66eb8..4e914e1 100644 --- a/.github/ISSUE_TEMPLATE/product-update-form.yml +++ b/.github/ISSUE_TEMPLATE/product-update-form.yml @@ -54,11 +54,11 @@ body: - type: dropdown id: product-updated attributes: - label: Product update available + label: Product update description: Is there an update available for the product? options: - - "Yes" - - "No" + - Available + - Not Available - type: input id: product-update-link attributes: From c5c6c68dc8f757999a7944492d3118474076d69d Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 28 Dec 2021 14:25:47 -0500 Subject: [PATCH 14/15] Update description for product update link in forms Update the description for the product update link input in both the product submission and product update forms. Co-authored-by: dav3r Co-authored-by: Shane Frasier --- .github/ISSUE_TEMPLATE/product-submission-form.yml | 2 +- .github/ISSUE_TEMPLATE/product-update-form.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index 9353ce6..37258d7 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -65,7 +65,7 @@ body: id: product-update-link attributes: label: Product update link - description: If an update is available where can it be found? + description: Where can the update be found, if one is available? - type: input id: product-last-updated attributes: diff --git a/.github/ISSUE_TEMPLATE/product-update-form.yml b/.github/ISSUE_TEMPLATE/product-update-form.yml index 4e914e1..d32f6fb 100644 --- a/.github/ISSUE_TEMPLATE/product-update-form.yml +++ b/.github/ISSUE_TEMPLATE/product-update-form.yml @@ -63,7 +63,7 @@ body: id: product-update-link attributes: label: Product update link - description: If an update is available where can it be found? + description: Where can the update be found, if one is available? - type: input id: product-last-updated attributes: From 22346d167663c4464accedfaf994a11e007f7d2b Mon Sep 17 00:00:00 2001 From: Nick <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 29 Dec 2021 09:54:17 -0500 Subject: [PATCH 15/15] Update input description in the product submission form Update the description for the product version input so that it fully accounts for multiple versions. Co-authored-by: Shane Frasier --- .github/ISSUE_TEMPLATE/product-submission-form.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/product-submission-form.yml b/.github/ISSUE_TEMPLATE/product-submission-form.yml index 37258d7..ebdabe5 100644 --- a/.github/ISSUE_TEMPLATE/product-submission-form.yml +++ b/.github/ISSUE_TEMPLATE/product-submission-form.yml @@ -23,7 +23,7 @@ body: id: product-versions attributes: label: Product version(s) - description: What version(s) of the product are affected? + description: What version(s) of the product is (are) affected? placeholder: v2; 1.5; >3; >=4; >5, <6; etc. validations: required: true