Loader for the CWE Catalog (.xml.zip)

Make format-detection more less-nested. - Try'em all in-order until we find a match Wire up endpoints for /api/v1/weakness and /api/v1/weakness/{id} todo: an importer
ctron · Aug 27, 2024 · 2f4268f · 2f4268f
1 parent b7c0398
commit 2f4268f
Show file tree

Hide file tree

Showing 24 changed files with 977 additions and 65 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -92,6 +92,7 @@ rand = "0.8.5"
 regex = "1.10.3"
 reqwest = "0.12"
 ring = "0.17.8"
+roxmltree = "0.20.0"
 rstest = "0.22"
 rust-s3 = "0.34"
 sbom-walker = { version = "0.9.0", default-features = false, features = ["crypto-openssl", "cyclonedx-bom", "spdx-rs"] }
@@ -132,6 +133,7 @@ uuid = "1.7.0"
 walkdir = "2.5"
 walker-common = "0.9.0"
 walker-extras = "0.9.0"
+zip = "2.2.0"
 
 trustify-auth = { path = "common/auth", features = ["actix", "swagger"] }
 trustify-common = { path = "common" }

diff --git a/entity/src/lib.rs b/entity/src/lib.rs
@@ -30,3 +30,4 @@ pub mod version_scheme;
 pub mod versioned_purl;
 pub mod vulnerability;
 pub mod vulnerability_description;
+pub mod weakness;
diff --git a/entity/src/weakness.rs b/entity/src/weakness.rs
@@ -0,0 +1,24 @@
+use sea_orm::entity::prelude::*;
+
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel)]
+#[sea_orm(table_name = "weakness")]
+pub struct Model {
+    #[sea_orm(primary_key)]
+    pub id: String,
+    pub description: Option<String>,
+    pub extended_description: Option<String>,
+    pub child_of: Option<Vec<String>>,
+    pub parent_of: Option<Vec<String>>,
+    pub starts_with: Option<Vec<String>>,
+    pub can_follow: Option<Vec<String>>,
+    pub can_precede: Option<Vec<String>>,
+    pub required_by: Option<Vec<String>>,
+    pub requires: Option<Vec<String>>,
+    pub can_also_be: Option<Vec<String>>,
+    pub peer_of: Option<Vec<String>>,
+}
+
+#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
+pub enum Relation {}
+
+impl ActiveModelBehavior for ActiveModel {}
diff --git a/etc/test-data/cwec_latest.xml.zip b/etc/test-data/cwec_latest.xml.zip
diff --git a/migration/src/lib.rs b/migration/src/lib.rs
@@ -8,7 +8,6 @@ mod m0000040_create_vulnerability;
 mod m0000050_create_vulnerability_description;
 mod m0000060_create_advisory;
 mod m0000070_create_cvss3;
-mod m0000070_create_cwe;
 mod m0000080_create_cvss4;
 pub mod m0000090_create_advisory_vulnerability;
 mod m0000100_create_package;
@@ -70,6 +69,7 @@ mod m0000550_create_cpe_license_assertion;
 mod m0000560_alter_vulnerability_cwe_column;
 mod m0000565_alter_advisory_vulnerability_cwe_column;
 mod m0000570_add_import_progress;
+mod m0000575_create_weakness;
 
 pub struct Migrator;
 
@@ -146,6 +146,7 @@ impl MigratorTrait for Migrator {
             Box::new(m0000560_alter_vulnerability_cwe_column::Migration),
             Box::new(m0000565_alter_advisory_vulnerability_cwe_column::Migration),
             Box::new(m0000570_add_import_progress::Migration),
+            Box::new(m0000575_create_weakness::Migration),
         ]
     }
 }

diff --git a/migration/src/m0000070_create_cwe.rs b/migration/src/m0000070_create_cwe.rs