@@ -161,67 +161,106 @@ def fetch_links(url):
161161
162162
163163def get_weaknesses (cve_data ):
164- """
165- Extract CWE IDs from CVE data.
166-
167- Args:
168- cve_data (dict): The CVE data in a dictionary format.
169-
170- Returns:
171- List[int]: A list of unique CWE IDs.
172-
173- >>> mock_cve_data = {
174- ... "containers": {
175- ... "cna": {
176- ... "providerMetadata": {
177- ... "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
178- ... },
179- ... "title": "mod_macro buffer over-read",
180- ... "problemTypes": [
181- ... {
182- ... "descriptions": [
183- ... {
184- ... "description": "CWE-125 Out-of-bounds Read",
185- ... "lang": "en",
186- ... "cweId": "CWE-125",
187- ... "type": "CWE"
188- ... }
189- ... ]
190- ... }
191- ... ]
192- ... }
193- ... }
194- ... }
195- >>> get_weaknesses(mock_cve_data)
196- [125]
197- """
198- problem_types = cve_data .get ("containers" , {}).get ("cna" , {}).get ("problemTypes" , [])
199- descriptions = problem_types [0 ].get ("descriptions" , []) if len (problem_types ) > 0 else []
200- cwe_string = descriptions [0 ].get ("cweId" , "" ) if len (descriptions ) > 0 else ""
201- cwe_pattern = r"CWE-\d+"
202- description = descriptions [0 ].get ("description" , "" ) if len (descriptions ) > 0 else ""
203- matches = re .findall (cwe_pattern , description )
164+ # """
165+ # Extract CWE IDs from CVE data.
166+
167+ # Args:
168+ # cve_data (dict): The CVE data in a dictionary format.
169+
170+ # Returns:
171+ # List[int]: A list of unique CWE IDs.
172+
173+ # Examples:
174+ # >>> mock_cve_data1 = {
175+ # ... "containers": {
176+ # ... "cna": {
177+ # ... "providerMetadata": {
178+ # ... "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
179+ # ... },
180+ # ... "title": "mod_macro buffer over-read",
181+ # ... "problemTypes": [
182+ # ... {
183+ # ... "descriptions": [
184+ # ... {
185+ # ... "description": "CWE-125 Out-of-bounds Read",
186+ # ... "lang": "en",
187+ # ... "cweId": "CWE-125",
188+ # ... "type": "CWE"
189+ # ... }
190+ # ... ]
191+ # ... }
192+ # ... ]
193+ # ... }
194+ # ... }
195+ # ... }
196+ # >>> mock_cve_data2 = {
197+ # ... "data_type": "CVE",
198+ # ... "data_format": "MITRE",
199+ # ... "data_version": "4.0",
200+ # ... "generator": {
201+ # ... "engine": "Vulnogram 0.0.9"
202+ # ... },
203+ # ... "CVE_data_meta": {
204+ # ... "ID": "CVE-2022-28614",
205+ # ... "ASSIGNER": "[email protected] ", 206+ # ... "TITLE": "read beyond bounds via ap_rwrite() ",
207+ # ... "STATE": "PUBLIC"
208+ # ... },
209+ # ... "problemtype": {
210+ # ... "problemtype_data": [
211+ # ... {
212+ # ... "description": [
213+ # ... {
214+ # ... "lang": "eng",
215+ # ... "value": "CWE-190 Integer Overflow or Wraparound"
216+ # ... }
217+ # ... ]
218+ # ... },
219+ # ... {
220+ # ... "description": [
221+ # ... {
222+ # ... "lang": "eng",
223+ # ... "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
224+ # ... }
225+ # ... ]
226+ # ... }
227+ # ... ]
228+ # ... }
229+ # ... }
230+
231+ # >>> get_weaknesses(mock_cve_data1)
232+ # [125]
233+
234+ # >>> get_weaknesses(mock_cve_data2)
235+ # [190, 200]
236+ # """
237+
238+ alias = get_item (cve_data , "CVE_data_meta" , "ID" )
239+ cwe_id = []
204240 db = Database ()
241+ if alias :
242+ problemtype_data = get_item (cve_data , "problemtype" , "problemtype_data" ) or []
243+ for problem in problemtype_data :
244+ for desc in problem ["description" ]:
245+ value = desc .get ("value" , "" )
246+ cwe_pattern = r"CWE-\d+"
247+ cwe_id_string_list = re .findall (cwe_pattern , value )
248+ for cwe_id_string in cwe_id_string_list :
249+ cwe_id .append (get_cwe_id (cwe_id_string ))
250+
251+ else :
252+ problemTypes = cve_data .get ("containers" , {}).get ("cna" , {}).get ("problemTypes" , [])
253+ descriptions = problemTypes [0 ].get ("descriptions" , []) if len (problemTypes ) > 0 else []
254+ for description in descriptions :
255+ cwe_id_string = description .get ("cweId" , "" )
256+ cwe_id .append (get_cwe_id (cwe_id_string ))
257+
205258 weaknesses = []
206- cwe_string_from_description = ""
207- if matches :
208- cwe_string_from_description = matches [0 ]
209- if cwe_string or cwe_string_from_description :
210- if cwe_string :
211- cwe_id = get_cwe_id (cwe_string )
212- try :
213- db .get (cwe_id )
214- weaknesses .append (cwe_id )
215- except Exception :
216- logger .error ("Invalid CWE id" )
217- elif cwe_string_from_description :
218- cwe_id = get_cwe_id (cwe_string_from_description )
219- try :
220- db .get (cwe_id )
221- weaknesses .append (cwe_id )
222- except Exception :
223- logger .error ("Invalid CWE id" )
224-
225- seen = set ()
226- unique_cwe = [x for x in weaknesses if not (x in seen or seen .add (x ))]
227- return unique_cwe
259+ for cwe in cwe_id :
260+ try :
261+ db .get (cwe )
262+ weaknesses .append (cwe )
263+ except Exception :
264+ logger .error ("Invalid CWE id" )
265+
266+ return weaknesses
0 commit comments