diff --git a/fetcher/cwe/cwe.go b/fetcher/cwe/cwe.go index 9ad640a..4666456 100644 --- a/fetcher/cwe/cwe.go +++ b/fetcher/cwe/cwe.go @@ -5,6 +5,7 @@ import ( "bytes" "encoding/xml" "fmt" + "strings" "github.com/inconshreveable/log15" "golang.org/x/xerrors" @@ -37,7 +38,8 @@ func parse(res []byte) (map[string][]string, error) { cweIDtoCapecIDs := map[string][]string{} for _, file := range reader.File { - if file.Name != "cwec_v4.6.xml" { + if !strings.HasPrefix(file.Name, "cwec_v4") { + log15.Warn("Skip CWE parsing since only CWE v4 is supported", "file", file.Name) continue } diff --git a/fetcher/cwe/cwe_test.go b/fetcher/cwe/cwe_test.go index 0885a14..754d2f4 100644 --- a/fetcher/cwe/cwe_test.go +++ b/fetcher/cwe/cwe_test.go @@ -14,11 +14,21 @@ func TestParse(t *testing.T) { expected map[string][]string }{ { - in: "testdata/cwec.xml.zip", + in: "testdata/v4.6/cwec.xml.zip", expected: map[string][]string{ "CWE-1021": {"CAPEC-103", "CAPEC-181", "CAPEC-222", "CAPEC-504", "CAPEC-506", "CAPEC-654"}, }, }, + { + in: "testdata/v4.14/cwec_latest.xml.zip", + expected: map[string][]string{ + "CWE-1021": {"CAPEC-103", "CAPEC-181", "CAPEC-222", "CAPEC-504", "CAPEC-506", "CAPEC-587", "CAPEC-654"}, + }, + }, + { + in: "testdata/v5.0/cwec_latest.xml.zip", + expected: map[string][]string{}, + }, } for i, tt := range tests { diff --git a/fetcher/cwe/testdata/v4.14/cwec_latest.xml.zip b/fetcher/cwe/testdata/v4.14/cwec_latest.xml.zip new file mode 100644 index 0000000..af72d28 Binary files /dev/null and b/fetcher/cwe/testdata/v4.14/cwec_latest.xml.zip differ diff --git a/fetcher/cwe/testdata/cwec.xml.zip b/fetcher/cwe/testdata/v4.6/cwec.xml.zip similarity index 100% rename from fetcher/cwe/testdata/cwec.xml.zip rename to fetcher/cwe/testdata/v4.6/cwec.xml.zip diff --git a/fetcher/cwe/testdata/v5.0/cwec_latest.xml.zip b/fetcher/cwe/testdata/v5.0/cwec_latest.xml.zip new file mode 100644 index 0000000..d2261bb Binary files /dev/null and b/fetcher/cwe/testdata/v5.0/cwec_latest.xml.zip differ