search

Vulnogram / Vulnogram

Vulnogram is a tool for creating and editing CVE information in CVE JSON format
https://vulnogram.github.io/
MIT License
151 stars 41 forks source link

please support timestamp UTC offsets UI #108

Open eslerm opened 1 year ago

eslerm commented 1 year ago

This issue is related to https://github.com/Vulnogram/Vulnogram/issues/51

When a timestamp is is set in Vulnogram, the output JSON timestamp is shifted to UTC based on the users timezones.

This is not optimal for clearly describing the timestamps of patches and correspondence. e.g., 2023-02-22T06:39:56+01:00 is shifted to 2023-02-22T05:39:56Z. With the current implementation, users must manually shift timestamps to their local timezone in order to properly set the Timeline field. This is not immediately clear to users and is likely to result in incorrect data being sent to CVE List. At minimum, removing UCT shift infromation results in lossy data.

It would be ideal to, say, use the exact timestamp used in a patch file, such as 2023-02-22T06:39:56+01:00. This would be less confusing, easier to use, and more accurate. Supporting timezones could also help verify information between CVEs and patches.

Since Vulnograms generates a timestamp with seconds, users should have the option to set this field in the UI as well.

The JSON5 API does allow ISO 8601 UTC offsets in the format ±[hh]:[mm] The specific API regex is:

'^(((2000|2400|2800|(19|2[0-9](0[48]|[2468][048]|[13579][26])))-02-29)|(((19|2[0-9])[0-9]{2})-02-(0[1-9]|1[0-9]|2[0-8]))|(((19|2[0-9])[0-9]{2})-(0[13578]|10|12)-(0[1-9]|[12][0-9]|3[01]))|(((19|2[0-9])[0-9]{2})-(0[469]|11)-(0[1-9]|[12][0-9]|30)))T(2[0-3]|[01][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-][0-9]{2}:[0-9]{2})?$'
zmanion commented 7 months ago

And/or allow user to select the TZ from the UI?