Add CWE support in multiple importers #1526
Conversation
|
@ziadhany I don't know why some tests related to API are failing please check what should I do to resolve that. |
Signed-off-by: ambuj <[email protected]>
ambuj-1211
force-pushed
the
add-cwe-support-in-multiple-importers
branch
from
229b70a to
131f37c
Compare
@ambuj-1211 I don’t see any errors in the test. Please let it fail in the CI so I can investigate the issue. |
Signed-off-by: ambuj <[email protected]>
|
@ziadhany please have a look on this I have resolved the issues which you indicated earlier. |
There was a problem hiding this comment.
@ambuj-1211, you are doing a great job! Please make the required changes, and I hope we can merge this PR this week.
| for problem in problemtype_data: | ||
| for desc in problem["description"]: | ||
| value = desc.get("value", "") | ||
| cwe_pattern = r"CWE-\d+" |
There was a problem hiding this comment.
Please move the CWE regular expression pattern to utils.py file
| if alias: | ||
| problemtype_data = get_item(cve_data, "problemtype", "problemtype_data") or [] | ||
| for problem in problemtype_data: | ||
| for desc in problem["description"]: |
There was a problem hiding this comment.
| for desc in problem["description"]: | |
| for desc in problem.get("description", []) : |
| try: | ||
| db.get(cwe) | ||
| weaknesses.append(cwe) | ||
| except Exception: |
There was a problem hiding this comment.
Please avoid using a Exception general exception. Instead, use the InvalidCWEError exception.
| except Exception: | |
| except InvalidCWEError: |
| """ | ||
|
|
||
| alias = get_item(cve_data, "CVE_data_meta", "ID") | ||
| cwe_id = [] |
There was a problem hiding this comment.
| cwe_id = [] | |
| cwe_ids = [] |
| descriptions = problemTypes[0].get("descriptions", []) if len(problemTypes) > 0 else [] | ||
| for description in descriptions: | ||
| cwe_id_string = description.get("cweId", "") | ||
| cwe_id.append(get_cwe_id(cwe_id_string)) |
There was a problem hiding this comment.
For improved readability, assign the value to a variable, ensure it is validated, and then proceed:
| cwe_id.append(get_cwe_id(cwe_id_string)) | |
| cwe_id = get_cwe_id(cwe_id_string) | |
| cwe_ids.append(cwe_id) |
| if cwe_string: | ||
| cwe_id = get_cwe_id(cwe_string) | ||
| try: | ||
| db.get(cwe_id) | ||
| weaknesses.append(cwe_id) | ||
| except Exception: | ||
| logger.error("Invalid CWE id") | ||
| return weaknesses |
There was a problem hiding this comment.
Please skip invalid or empty cwe_string/cwe_id immediately
| if cwe_string: | |
| cwe_id = get_cwe_id(cwe_string) | |
| try: | |
| db.get(cwe_id) | |
| weaknesses.append(cwe_id) | |
| except Exception: | |
| logger.error("Invalid CWE id") | |
| return weaknesses | |
| if not cwe_string: | |
| continue | |
| cwe_id = get_cwe_id(cwe_string) | |
| if not cwe_id: | |
| logger.error("Invalid CWE id: No CWE ID found") | |
| continue | |
| try: | |
| db.get(cwe_id) | |
| weaknesses.append(cwe_id) | |
| except InvalidCWEError: | |
| logger.error(f"Invalid CWE id: {cwe_id}") | |
| return weaknesses |
| weaknesses = [] | ||
| db = Database() | ||
|
|
||
| for cwe_string in cwe_list: | ||
|
|
||
| if cwe_string: | ||
| cwe_id = get_cwe_id(cwe_string) | ||
| try: | ||
| db.get(cwe_id) | ||
| weaknesses.append(cwe_id) | ||
| except Exception: | ||
| logger.error("Invalid CWE id") | ||
| return weaknesses |
There was a problem hiding this comment.
This section is duplicated; please refactor it into a function, move it to utils.py, and reuse it.
Fixes: #1093
This adds cwe data to following importers: