add CWE for the new UI

aboutcode-org · Sep 10, 2022 · 89ff4d0 · 89ff4d0
1 parent 377826e
commit 89ff4d0
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 1 deletion.
diff --git a/requirements.txt b/requirements.txt
@@ -114,3 +114,4 @@ yarl==1.7.2
 zipp==3.8.0
 dateparser==1.1.1
 fetchcode==0.1.0
+cwe==1.6
diff --git a/setup.cfg b/setup.cfg
@@ -78,6 +78,7 @@ install_requires =
     defusedxml>=0.7.1
     Markdown>=3.3.0
     dateparser>=1.1.1
+    cwe>=1.6
 
     # networking
     GitPython>=3.1.17

diff --git a/vulnerabilities/migrations/0028_alter_vulnerabilityseverity_unique_together_and_more.py b/vulnerabilities/migrations/0028_alter_vulnerabilityseverity_unique_together_and_more.py
@@ -0,0 +1,26 @@
+# Generated by Django 4.0.7 on 2022-09-10 22:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0027_alter_vulnerabilityreference_url'),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='vulnerabilityseverity',
+            unique_together=set(),
+        ),
+        migrations.AddField(
+            model_name='vulnerabilityseverity',
+            name='cwe_ids',
+            field=models.JSONField(blank=True, default=list, help_text="Example: ['CWE-327']"),
+        ),
+        migrations.AlterUniqueTogether(
+            name='vulnerabilityseverity',
+            unique_together={('reference', 'scoring_system', 'value', 'cwe_ids')},
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -12,6 +12,7 @@
 import logging
 from contextlib import suppress
 
+from cwe import Database
 from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.core.validators import MaxValueValidator
@@ -371,8 +372,20 @@ class VulnerabilitySeverity(models.Model):
 
     value = models.CharField(max_length=50, help_text="Example: 9.0, Important, High")
 
+    cwe_ids = models.JSONField(blank=True, default=list, help_text="Example: ['CWE-327']")
+
+    @property
+    def cwe_details(self):
+        details = []
+        for cwe_id in self.cwe_ids:
+            cid = int(cwe_id.split("-")[1])
+            db = Database()
+            weakness = db.get(cid)
+            details.append(weakness.to_dict())
+        return details
+
     class Meta:
-        unique_together = ["reference", "scoring_system", "value"]
+        unique_together = ["reference", "scoring_system", "value", "cwe_ids"]
         ordering = ["reference", "scoring_system", "value"]
 
 

diff --git a/vulnerabilities/templates/vulnerability_details.html b/vulnerabilities/templates/vulnerability_details.html
@@ -99,6 +99,7 @@
                                 <th> Found at </th>
                             </tr>
                             {% for severity in severities %}
+
                             <tr>
                                 <td>{{ severity.scoring_system }}</td>
                                 <td>{{ severity.value }}</td>
@@ -116,9 +117,40 @@
                                 </td>
                             </tr>
                             {% endfor %}
+
                         </table>
                     </div>
 
+                    <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
+                        Weakness
+                    </div>
+                    <div class="tab-nested-div">
+                        <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
+                            <tr>
+                                <th> CWE id </th>
+                                <th> URL </th>
+                            </tr>
+                            {% for severity in severities %}
+                            {% for cwe_detail in severity.cwe_details %}
+                            <tr>
+                                <td>CWE-{{ cwe_detail.cwe_id }}</td>
+                                <td>
+                                    <a href="https://cwe.mitre.org/data/definitions/{{ cwe_detail.cwe_id }}.html" target="_blank"
+                                     title="CWE-{{ cwe_detail.cwe_id }} : description: {{cwe_detail.description}}">
+                                    https://cwe.mitre.org/data/definitions/{{ cwe_detail.cwe_id }}.html<i class="fa fa-external-link fa_link_custom"></i></a>
+                                    </td>
+                            </tr>
+                           {% empty %}
+                            <tr>
+                                <td colspan="3">
+                                    There are no known CWEs.
+                                </td>
+                            </tr>
+                            {% endfor %}
+                         {% endfor %}
+
+                        </table>
+                    </div>
 
                     <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
                         Fixed by packages ({{ vulnerability.resolved_to.all|length }})