Merge pull request #461 from mitre/447-popover-icons

VULCAN-447: Enable context-aware popover help icons, depending on Status field
mitre · Aug 15, 2022 · 842269c · 842269c
2 parents dda967b + 86c4a37
commit 842269c
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 21 deletions.
diff --git a/app/javascript/components/rules/forms/CheckForm.vue b/app/javascript/components/rules/forms/CheckForm.vue
@@ -160,19 +160,30 @@ export default {
  data: function () {
  return {
  mod: Math.floor(Math.random() * 1000),
- tooltips: {
- system: null,
- content_ref_name: null,
- content_ref_href: null,
- content: "Describe how to check for the presence of the vulnerability",
- },
  };
  },
  computed: {
  check: function () {
  return (this.rule.satisfied_by.length > 0 ? this.rule.satisfied_by[0] : this.rule)
  .checks_attributes[0];
  },
+ tooltips: function () {
+ return {
+ system: null,
+ content_ref_name: null,
+ content_ref_href: null,
+ content:
+ this.rule.status === "Applicable - Configurable"
+ ? "Describe how to validate that the remediation has been properly implemented"
+ : [
+ "Applicable - Does Not Meet",
+ "Applicable - Inherently Meets",
+ "Not Applicable",
+ ].includes(this.rule.status)
+ ? null
+ : "Describe how to check for the presence of the vulnerability",
+ };
+ },
  },
 };
 </script>

diff --git a/app/javascript/components/rules/forms/DisaRuleDescriptionForm.vue b/app/javascript/components/rules/forms/DisaRuleDescriptionForm.vue
@@ -478,22 +478,32 @@ export default {
  data: function () {
  return {
  mod: Math.floor(Math.random() * 1000),
- tooltips: {
+ };
+ },
+ computed: {
+ tooltips: function () {
+ return {
  documentable: null,
  vuln_discussion: "Discuss, in detail, the rationale for this control's vulnerability",
  false_positives: "List any likely false-positives associated with evaluating this control",
  false_negatives: "List any likely false-negatives associated with evaluating this control",
- mitigations:
- "Discuss how the system mitigates this vulnerability in the absence of a configuration that would eliminate it",
+ mitigations: [
+ "Not Yet Determined",
+ "Applicable - Configurable",
+ "Applicable - Inherently Meets",
+ "Not Applicable",
+ ].includes(this.rule.status)
+ ? null
+ : "Discuss how the system mitigates this vulnerability in the absence of a configuration that would eliminate it",
  severity_override_guidance: null,
  potential_impacts:
  "List the potential operational impacts on a system when applying fix discussed in this control",
  third_party_tools: null,
  mitigation_control: null,
  responsibility: null,
  ia_controls: "The Common Control Indicator (CCI) that applies to this vulnerability",
- },
- };
+ };
+ },
  },
 };
 </script>

diff --git a/app/javascript/components/rules/forms/RuleForm.vue b/app/javascript/components/rules/forms/RuleForm.vue
@@ -532,28 +532,52 @@ export default {
  data: function () {
  return {
  mod: Math.floor(Math.random() * 1000),
- tooltips: {
+ };
+ },
+ computed: {
+ status_text: function () {
+ return this.rule.satisfied_by.length > 0 ? "Applicable - Configurable" : this.rule.status;
+ },
+ tooltips: function () {
+ return {
  status: null,
- status_justification: "Explain the rationale behind selecting one of the above statuses",
+ status_justification: ["Applicable - Configurable", "Not Yet Determined"].includes(
+ this.rule.status
+ )
+ ? null
+ : "Explain the rationale behind selecting one of the above statuses",
  title: "Describe the vulnerability for this control",
  version: null,
  rule_severity:
  "Unknown: severity not defined, Info: rule is informational only, CAT III (Low): not a serious problem, CAT II (Medium): fairly serious problem, CAT I (High): a grave or critical problem",
  rule_weight: null,
- artifact_description: null,
+ artifact_description:
+ this.rule.status === "Not Applicable"
+ ? "Provide evidence that the control is not applicable to the system - code files, documentation, screenshots, etc."
+ : [
+ "Not Yet Determined",
+ "Applicable - Configurable",
+ "Applicable - Does Not Meet",
+ ].includes(this.rule.status)
+ ? null
+ : "Provide evidence that the control is inherently met by the system - code files, documentation, screenshots, etc.",
  fix_id: null,
  fixtext_fixref: null,
- fixtext: "Explain how to fix the vulnerability discussed",
+ fixtext:
+ this.rule.status === "Applicable - Configurable"
+ ? "Describe how to correctly configure the requirement to remediate the system vulnerability"
+ : [
+ "Applicable - Does Not Meet",
+ "Applicable - Inherently Meets",
+ "Not Applicable",
+ ].includes(this.rule.status)
+ ? null
+ : "Explain how to fix the vulnerability discussed",
  ident:
  "Typically the Common Control Indicator (CCI) that maps to the vulnerability being discussed in this control",
  ident_system: null,
  vendor_comments: "Provide context to a reviewing authority; not a published field",
- },
- };
- },
- computed: {
- status_text: function () {
- return this.rule.satisfied_by.length > 0 ? "Applicable - Configurable" : this.rule.status;
+ };
  },
  },
 };