Burp Enterprise: Support newer format (#11220)

* Burp Enterprise: Support newer format * Forgot partially updated test * Add other tests * Correct tests
DefectDojo · Nov 12, 2024 · 9b1fd65 · 9b1fd65
1 parent c5c1052
commit 9b1fd65
Show file tree

Hide file tree

Showing 6 changed files with 7,633 additions and 199 deletions.
diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum
@@ -1 +1 @@
-60628ca4667641350d3d1854d1a6f863ce2ddeefa4f6e5df83f7e11a700cde0e
+58e2f6cb0ed2c041fe2741d955b72cb7540bfb0923f489d6324717fcf00039da
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
@@ -1744,6 +1744,8 @@ def saml2_attrib_map_format(dict):
     "ELSA": "https://linux.oracle.com/errata/&&.html",  # e.g. https://linux.oracle.com/errata/ELSA-2024-12714.html
     "ELBA": "https://linux.oracle.com/errata/&&.html",  # e.g. https://linux.oracle.com/errata/ELBA-2024-7457.html
     "RXSA": "https://errata.rockylinux.org/",  # e.g. https://errata.rockylinux.org/RXSA-2024:4928
+    "CAPEC": "https://capec.mitre.org/data/definitions/&&.html",  # e.g. https://capec.mitre.org/data/definitions/157.html
+    "CWE": "https://cwe.mitre.org/data/definitions/&&.html",  # e.g. https://cwe.mitre.org/data/definitions/79.html
     "TEMP": "https://security-tracker.debian.org/tracker/",  # e.g. https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF
 }
 # List of acceptable file types that can be uploaded to a given object via arbitrary file upload

diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py
@@ -781,7 +781,12 @@ def vulnerability_url(vulnerability_id):
     for key in settings.VULNERABILITY_URLS:
         if vulnerability_id.upper().startswith(key):
             if "&&" in settings.VULNERABILITY_URLS[key]:
-                return settings.VULNERABILITY_URLS[key].split("&&")[0] + str(vulnerability_id) + settings.VULNERABILITY_URLS[key].split("&&")[1]
+                # Process specific keys specially if need
+                if key in ["CAPEC", "CWE"]:
+                    vuln_id = str(vulnerability_id).replace(f"{key}-", "")
+                else:
+                    vuln_id = str(vulnerability_id)
+                return f'{settings.VULNERABILITY_URLS[key].split("&&")[0]}{vuln_id}{settings.VULNERABILITY_URLS[key].split("&&")[1]}'
             return settings.VULNERABILITY_URLS[key] + str(vulnerability_id)
     return ""
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		60628ca4667641350d3d1854d1a6f863ce2ddeefa4f6e5df83f7e11a700cde0e
		58e2f6cb0ed2c041fe2741d955b72cb7540bfb0923f489d6324717fcf00039da