Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CWE support in all importers #1137

Merged
merged 1 commit into from
Nov 15, 2023
Merged

Add CWE support in all importers #1137

merged 1 commit into from
Nov 15, 2023

Conversation

ziadhany
Copy link
Collaborator

issues: #1093

@ziadhany ziadhany changed the title Add CWE support for gitlab and redhat Add CWE support in all importers Mar 7, 2023
@TG1999
Copy link
Contributor

TG1999 commented Aug 22, 2023

@ziadhany Thanks++, before associating any vulnerability with CWE please check if it exists in cwe2 DB or not like this #1256, and also please do this for NVD importer too.

TG1999
TG1999 requested changes Nov 10, 2023
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziadhany thanks++, some nits for your consideration

vulnerabilities/importers/github.py Outdated
@@ -227,10 +233,18 @@ def process_response(resp: dict, package_type: str) -> Iterable[AdvisoryData]:
else:
logger.error(f"Unknown identifier type {identifier_type!r} and value {value!r}")

weaknesses = []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make a separate function get_cwes_from_github_advisory and add docstring and tests for that.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

vulnerabilities/importers/gitlab.py Outdated Show resolved Hide resolved
ziadhany
ziadhany commented Nov 14, 2023
View reviewed changes
vulnerabilities/importers/github.py
try:
db.get(cwe_id)
weaknesses.append(cwe_id)
except Exception:
Copy link
Collaborator Author

@ziadhany ziadhany Nov 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should change this general exception and replace it with ( InvalidCWEError ) after we merge this aboutcode-org/cwe2#10

@ziadhany @TG1999
Remove GitLabBasicImprover
6158b2a 
Add get_cwes_from_github_advisory function and a test
Add CWE support for github importer
Add CWE support for osv
Add CWE support for gitlab and redhat

Signed-off-by: ziadhany <[email protected]>
TG1999
TG1999 approved these changes Nov 15, 2023
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@TG1999 TG1999 merged commit a114deb into aboutcode-org:main Nov 15, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TG1999 TG1999 TG1999 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ziadhany @TG1999