Skip to content

Add CWE support in all importers #1137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TG1999 merged 1 commit into from
Nov 15, 2023
Merged

Add CWE support in all importers #1137

TG1999 merged 1 commit into from
Nov 15, 2023

Conversation

@ziadhany
Copy link
Collaborator

@ziadhany ziadhany commented Feb 26, 2023

issues: #1093

@ziadhany ziadhany changed the title Add CWE support for gitlab and redhat Add CWE support in all importers Mar 7, 2023
@TG1999
Copy link
Contributor

TG1999 commented Aug 22, 2023

@ziadhany Thanks++, before associating any vulnerability with CWE please check if it exists in cwe2 DB or not like this #1256, and also please do this for NVD importer too.

TG1999
TG1999 requested changes Nov 10, 2023
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziadhany thanks++, some nits for your consideration

vulnerabilities/importers/github.py Outdated
else:
logger.error(f"Unknown identifier type {identifier_type!r} and value {value!r}")

weaknesses = []
Copy link
Contributor

@TG1999 TG1999 Nov 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make a separate function get_cwes_from_github_advisory and add docstring and tests for that.

Copy link
Collaborator Author

@ziadhany ziadhany Nov 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

ziadhany
ziadhany commented Nov 14, 2023
View reviewed changes
vulnerabilities/importers/github.py
try:
db.get(cwe_id)
weaknesses.append(cwe_id)
except Exception:
Copy link
Collaborator Author

@ziadhany ziadhany Nov 14, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should change this general exception and replace it with ( InvalidCWEError ) after we merge this aboutcode-org/cwe2#10

@ziadhany @TG1999
Remove GitLabBasicImprover
6158b2a 
Add get_cwes_from_github_advisory function and a test
Add CWE support for github importer
Add CWE support for osv
Add CWE support for gitlab and redhat

Signed-off-by: ziadhany <ziadhany2016@gmail.com>
TG1999
TG1999 approved these changes Nov 15, 2023
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@TG1999 TG1999 merged commit a114deb into aboutcode-org:main Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TG1999 TG1999 TG1999 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ziadhany @TG1999