fix(fetcher/cwe): support all v4 series (#118)

vulsio · Jul 8, 2024 · 4198383 · 4198383
1 parent db7e01a
commit 4198383
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 2 deletions.
diff --git a/fetcher/cwe/cwe.go b/fetcher/cwe/cwe.go
@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"encoding/xml"
 	"fmt"
+	"strings"
 
 	"github.com/inconshreveable/log15"
 	"golang.org/x/xerrors"
@@ -37,7 +38,8 @@ func parse(res []byte) (map[string][]string, error) {
 
 	cweIDtoCapecIDs := map[string][]string{}
 	for _, file := range reader.File {
-		if file.Name != "cwec_v4.6.xml" {
+		if !strings.HasPrefix(file.Name, "cwec_v4") {
+			log15.Warn("Skip CWE parsing since only CWE v4 is supported", "file", file.Name)
 			continue
 		}
 

diff --git a/fetcher/cwe/cwe_test.go b/fetcher/cwe/cwe_test.go
@@ -14,11 +14,21 @@ func TestParse(t *testing.T) {
 		expected map[string][]string
 	}{
 		{
-			in: "testdata/cwec.xml.zip",
+			in: "testdata/v4.6/cwec.xml.zip",
 			expected: map[string][]string{
 				"CWE-1021": {"CAPEC-103", "CAPEC-181", "CAPEC-222", "CAPEC-504", "CAPEC-506", "CAPEC-654"},
 			},
 		},
+		{
+			in: "testdata/v4.14/cwec_latest.xml.zip",
+			expected: map[string][]string{
+				"CWE-1021": {"CAPEC-103", "CAPEC-181", "CAPEC-222", "CAPEC-504", "CAPEC-506", "CAPEC-587", "CAPEC-654"},
+			},
+		},
+		{
+			in:       "testdata/v5.0/cwec_latest.xml.zip",
+			expected: map[string][]string{},
+		},
 	}
 
 	for i, tt := range tests {

diff --git a/fetcher/cwe/testdata/v4.14/cwec_latest.xml.zip b/fetcher/cwe/testdata/v4.14/cwec_latest.xml.zip
diff --git a/fetcher/cwe/testdata/cwec.xml.zip → fetcher/cwe/testdata/v4.6/cwec.xml.zip b/fetcher/cwe/testdata/cwec.xml.zip → fetcher/cwe/testdata/v4.6/cwec.xml.zip
diff --git a/fetcher/cwe/testdata/v5.0/cwec_latest.xml.zip b/fetcher/cwe/testdata/v5.0/cwec_latest.xml.zip