diff --git a/vulnerabilities/importers/apache_httpd.py b/vulnerabilities/importers/apache_httpd.py index 3914f4aae..b6501daad 100644 --- a/vulnerabilities/importers/apache_httpd.py +++ b/vulnerabilities/importers/apache_httpd.py @@ -161,79 +161,79 @@ def fetch_links(url): def get_weaknesses(cve_data): - # """ - # Extract CWE IDs from CVE data. + """ + Extract CWE IDs from CVE data. - # Args: - # cve_data (dict): The CVE data in a dictionary format. + Args: + cve_data (dict): The CVE data in a dictionary format. - # Returns: - # List[int]: A list of unique CWE IDs. + Returns: + List[int]: A list of unique CWE IDs. - # Examples: - # >>> mock_cve_data1 = { - # ... "containers": { - # ... "cna": { - # ... "providerMetadata": { - # ... "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09" - # ... }, - # ... "title": "mod_macro buffer over-read", - # ... "problemTypes": [ - # ... { - # ... "descriptions": [ - # ... { - # ... "description": "CWE-125 Out-of-bounds Read", - # ... "lang": "en", - # ... "cweId": "CWE-125", - # ... "type": "CWE" - # ... } - # ... ] - # ... } - # ... ] - # ... } - # ... } - # ... } - # >>> mock_cve_data2 = { - # ... "data_type": "CVE", - # ... "data_format": "MITRE", - # ... "data_version": "4.0", - # ... "generator": { - # ... "engine": "Vulnogram 0.0.9" - # ... }, - # ... "CVE_data_meta": { - # ... "ID": "CVE-2022-28614", - # ... "ASSIGNER": "security@apache.org", - # ... "TITLE": "read beyond bounds via ap_rwrite() ", - # ... "STATE": "PUBLIC" - # ... }, - # ... "problemtype": { - # ... "problemtype_data": [ - # ... { - # ... "description": [ - # ... { - # ... "lang": "eng", - # ... "value": "CWE-190 Integer Overflow or Wraparound" - # ... } - # ... ] - # ... }, - # ... { - # ... "description": [ - # ... { - # ... "lang": "eng", - # ... "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" - # ... } - # ... ] - # ... } - # ... ] - # ... } - # ... } + Examples: + >>> mock_cve_data1 = { + ... "containers": { + ... "cna": { + ... "providerMetadata": { + ... "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09" + ... }, + ... "title": "mod_macro buffer over-read", + ... "problemTypes": [ + ... { + ... "descriptions": [ + ... { + ... "description": "CWE-125 Out-of-bounds Read", + ... "lang": "en", + ... "cweId": "CWE-125", + ... "type": "CWE" + ... } + ... ] + ... } + ... ] + ... } + ... } + ... } + >>> mock_cve_data2 = { + ... "data_type": "CVE", + ... "data_format": "MITRE", + ... "data_version": "4.0", + ... "generator": { + ... "engine": "Vulnogram 0.0.9" + ... }, + ... "CVE_data_meta": { + ... "ID": "CVE-2022-28614", + ... "ASSIGNER": "security@apache.org", + ... "TITLE": "read beyond bounds via ap_rwrite() ", + ... "STATE": "PUBLIC" + ... }, + ... "problemtype": { + ... "problemtype_data": [ + ... { + ... "description": [ + ... { + ... "lang": "eng", + ... "value": "CWE-190 Integer Overflow or Wraparound" + ... } + ... ] + ... }, + ... { + ... "description": [ + ... { + ... "lang": "eng", + ... "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + ... } + ... ] + ... } + ... ] + ... } + ... } - # >>> get_weaknesses(mock_cve_data1) - # [125] + >>> get_weaknesses(mock_cve_data1) + [125] - # >>> get_weaknesses(mock_cve_data2) - # [190, 200] - # """ + >>> get_weaknesses(mock_cve_data2) + [190, 200] + """ alias = get_item(cve_data, "CVE_data_meta", "ID") cwe_id = [] diff --git a/vulnerabilities/importers/fireeye.py b/vulnerabilities/importers/fireeye.py index de9d8fddd..69ce84176 100644 --- a/vulnerabilities/importers/fireeye.py +++ b/vulnerabilities/importers/fireeye.py @@ -151,10 +151,12 @@ def md_list_to_dict(md_list): def get_weaknesses(cwe_data): """ Return the list of CWE IDs as integers from a list of weakness summaries, e.g., [379]. - Extract the CWE strings from a list of weakness descriptions, - e.g., ["CWE-379: Creation of Temporary File in Directory with Insecure Permissions"], to obtain CWE IDs like CWE-379. - Remove the "CWE-" prefix from each CWE string and convert it to an integer (e.g., 379). - Then, check if the CWE ID exists in the CWE database. + + >>> get_weaknesses([ + ... "CWE-379: Creation of Temporary File in Directory with Insecure Permissions", + ... "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" + ... ]) + [379, 362] """ cwe_list = [] for line in cwe_data: