Hello all,
This post is in the context of Display security issues directly inside XWiki Standard (in summary, being able to display known security issues of installed extensions in the wiki), with a focus on the dashboard and its content.
The dashboard would be displayed in a new section in the administration (I’m thinking of Extensions -> Security Dashboard
).
Following a discussion with @tmortagne we realized that the information could be presented in two ways:
- one row per extension with known vulnerabilities
- on row per vulnerability
While a focus on vulnerabilities can be interesting, we agreed that the first goal is to know which extensions have know vulnerabilities, and the details of which ones comes second.
Therefore, I propose to list the following information:
Column Name | Content Example |
---|---|
Name | Refactoring Application + link to http://localhost:8080/xwiki/bin/admin/XWiki/XWikiPreferences?section=XWiki.Extensions&extensionId=org.xwiki.platform%3Axwiki-platform-refactoring-ui&extensionVersion=15.4 |
Current Version | 15.4 |
Id | org.xwiki.platform:xwiki-platform-refactoring-ui |
Max CVSS | 8.4 |
CVEs | link to CVE1, link to CVE2, […], link to CVE5 |
Number of CVEs | 5 |
Which would be displayed as follows (see the design page for more details on the content of the columns, filtering, etc.)
Let me know if this is the correct way to present information, or if you think some column should be added.
And if the location as an entry in the administration is the right one.
Thanks