Fix migration conflict

Add Weakness model

Fix requirements.txt , Fix migration conflict

Add cwe name instead of Hyperlinks

Add nexB/cwe package

Fix test , remove empty lines

Add CWE in the new UI

Signed-off-by: ziadhany <ziadhany2016@gmail.com>

Author: ziadhany

requirements.txt

@@ -120,4 +120,5 @@ drf-spectacular-sidecar==2022.10.1
 drf-spectacular==0.24.2
 coreapi==2.3.3
 coreschema==0.0.4
-itypes==1.2.0
+itypes==1.2.0
+cwe2==2.0.0

setup.cfg

@@ -84,6 +84,7 @@ install_requires =
     Markdown>=3.3.0
     dateparser>=1.1.1
     cvss>=2.4
+    cwe2>=2.0.0
 
     # networking
     GitPython>=3.1.17

vulnerabilities/migrations/0037_weakness.py

@@ -0,0 +1,21 @@
+# Generated by Django 4.0.7 on 2022-12-01 16:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0036_alter_package_package_url_and_more'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Weakness',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('cwe_id', models.IntegerField()),
+                ('vulnerabilities', models.ManyToManyField(related_name='weaknesses', to='vulnerabilities.vulnerability')),
+            ],
+        ),
+    ]

vulnerabilities/models.py

@@ -12,6 +12,7 @@
 import logging
 from contextlib import suppress
 
+from cwe2.database import Database
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import UserManager
 from django.core import exceptions
@@ -249,6 +250,25 @@ def get_related_purls(self):
         return [p.package_url for p in self.packages.distinct().all()]
 
 
+class Weakness(models.Model):
+    cwe_id = models.IntegerField()
+    vulnerabilities = models.ManyToManyField(Vulnerability, related_name="weaknesses")
+
+    @property
+    def name(self):
+        """Return the weakness's name."""
+        db = Database()
+        weakness = db.get(self.cwe_id)
+        return weakness.name
+
+    @property
+    def description(self):
+        """Return the weakness's description."""
+        db = Database()
+        weakness = db.get(self.cwe_id)
+        return weakness.description
+
+
 class VulnerabilityReferenceQuerySet(BaseQuerySet):
     def for_cpe(self):
         """
@@ -700,7 +720,6 @@ def update_or_create(self):
 
 
 class VulnerabilitySeverity(models.Model):
-
     reference = models.ForeignKey(VulnerabilityReference, on_delete=models.CASCADE)
 
     scoring_system_choices = tuple(

vulnerabilities/templates/vulnerability_details.html

@@ -116,7 +116,6 @@
                         </table>
                     </div>
 
-
                     <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
                         Fixed by packages ({{ fixed_by_packages|length }})
                     </div>
@@ -174,6 +173,36 @@
                             {% endif %}
                         </table>
                     </div>
+
+                    <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
+                        Weaknesses ({{ weaknesses|length }})
+                    </div>
+                     <div class="tab-nested-div">
+                        <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
+                            <tr>
+                                <th> CWE id  </th>
+                                <th> Name </th>
+                            </tr>
+                            {% for weakness in weaknesses %}
+                            <tr>
+                                <td class="wrap-strings">CWE-{{ weakness.cwe_id }}</td>
+                                <td class="wrap-strings">
+                                    <a href="https://cwe.mitre.org/data/definitions/{{ weakness.cwe_id }}.html" target="_blank"
+                                     title="CWE-{{ weakness.cwe_id }} : description: {{weakness.description}}">
+                                    {{ weakness.name }} <i class="fa fa-external-link fa_link_custom"></i>
+                                    </a>
+                                </td>
+
+                            </tr>
+                           {% empty %}
+                            <tr>
+                                <td colspan="3">
+                                    There are no known CWE.
+                                </td>
+                            </tr>
+                            {% endfor %}
+                        </table>
+                    </div>
                 </div>
 
                 <div class="tab-div content" data-content="references">

vulnerabilities/views.py

@@ -23,6 +23,7 @@
 from vulnerabilities.forms import ApiUserCreationForm
 from vulnerabilities.forms import PackageSearchForm
 from vulnerabilities.forms import VulnerabilitySearchForm
+from vulnerabilities.models import Weakness
 from vulnerablecode.settings import env
 
 PAGE_SIZE = 20
@@ -111,7 +112,7 @@ class VulnerabilityDetails(DetailView):
     slug_field = "vulnerability_id"
 
     def get_queryset(self):
-        return super().get_queryset().prefetch_related("references", "aliases")
+        return super().get_queryset().prefetch_related("references", "aliases", "weaknesses")
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
@@ -124,6 +125,7 @@ def get_context_data(self, **kwargs):
                 "aliases": self.object.aliases.all(),
                 "affected_packages": self.object.affected_packages.all(),
                 "fixed_by_packages": self.object.fixed_by_packages.all(),
+                "weaknesses": self.object.weaknesses.all(),
             }
         )
         return context