Fix requirements.txt , Fix migration conflict

Add cwe name instead of Hyperlinks Add nexB/cwe package Fix test , remove empty lines Add CWE in the new UI Signed-off-by: ziadhany <[email protected]>
aboutcode-org · Nov 22, 2022 · 329afc5 · 329afc5
1 parent 83b2bc6
commit 329afc5
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 3 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -120,4 +120,5 @@ drf-spectacular-sidecar==2022.10.1
 drf-spectacular==0.24.2
 coreapi==2.3.3
 coreschema==0.0.4
-itypes==1.2.0
+itypes==1.2.0
+cwe2==2.0.0
diff --git a/setup.cfg b/setup.cfg
@@ -84,6 +84,7 @@ install_requires =
     Markdown>=3.3.0
     dateparser>=1.1.1
     cvss>=2.4
+    cwe2>=2.0.0
 
     # networking
     GitPython>=3.1.17

diff --git a/vulnerabilities/migrations/0034_alter_vulnerabilityseverity_options_and_more.py b/vulnerabilities/migrations/0034_alter_vulnerabilityseverity_options_and_more.py
@@ -0,0 +1,30 @@
+# Generated by Django 4.0.7 on 2022-11-22 13:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0033_alter_vulnerabilityseverity_scoring_system'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='vulnerabilityseverity',
+            options={'ordering': ['reference', 'scoring_system', 'value', 'cwe_ids']},
+        ),
+        migrations.AlterUniqueTogether(
+            name='vulnerabilityseverity',
+            unique_together=set(),
+        ),
+        migrations.AddField(
+            model_name='vulnerabilityseverity',
+            name='cwe_ids',
+            field=models.JSONField(blank=True, default=list, help_text="Example: ['CWE-327']"),
+        ),
+        migrations.AlterUniqueTogether(
+            name='vulnerabilityseverity',
+            unique_together={('reference', 'scoring_system', 'value', 'cwe_ids')},
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -12,6 +12,7 @@
 import logging
 from contextlib import suppress
 
+from cwe2.database import Database
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import UserManager
 from django.core import exceptions
@@ -691,9 +692,21 @@ class VulnerabilitySeverity(models.Model):
         "For example a CVSS vector string as used to compute a CVSS score.",
     )
 
+    cwe_ids = models.JSONField(blank=True, default=list, help_text="Example: ['CWE-327']")
+
+    @property
+    def cwe_details(self):
+        details = []
+        for cwe_id in self.cwe_ids:
+            cid = int(cwe_id.split("-")[1])
+            db = Database()
+            weakness = db.get(cid)
+            details.append(weakness.__dict__)
+        return details
+
     class Meta:
-        unique_together = ["reference", "scoring_system", "value"]
-        ordering = ["reference", "scoring_system", "value"]
+        unique_together = ["reference", "scoring_system", "value", "cwe_ids"]
+        ordering = ["reference", "scoring_system", "value", "cwe_ids"]
 
 
 class AliasQuerySet(BaseQuerySet):

diff --git a/vulnerabilities/templates/vulnerability_details.html b/vulnerabilities/templates/vulnerability_details.html
@@ -116,6 +116,40 @@
                         </table>
                     </div>
 
+                    <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
+                        Weakness
+                    </div>
+
+                    <div class="tab-nested-div">
+                        <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
+                            <tr>
+                                <th> CWE id </th>
+                                <th> Name </th>
+                            </tr>
+
+                            {% for severity in severities %}
+                            {% for cwe_detail in severity.cwe_details %}
+                            <tr>
+                                <td>CWE-{{ cwe_detail.cwe_id }}</td>
+                                <td>
+                                    <a href="https://cwe.mitre.org/data/definitions/{{ cwe_detail.cwe_id }}.html" target="_blank"
+                                     title="CWE-{{ cwe_detail.cwe_id }} : description: {{cwe_detail.description}}">
+                                    {{ cwe_detail.name }} <i class="fa fa-external-link fa_link_custom"></i>
+                                    </a>
+                                    </td>
+                            </tr>
+                               {% empty %}
+                               <tr>
+                                    <td colspan="3">
+                                        There are no known CWE.
+                                    </td>
+                               </tr>
+                            {% endfor %}
+
+                            {% endfor %}
+
+                        </table>
+                    </div>
 
                     <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
                         Fixed by packages ({{ fixed_by_packages|length }})