Merge pull request #1256 from TG1999/fix_cwe_view_problem

TG1999 · web-flow · commit 0290bf0adcc0 · 2023-08-03T12:32:48.000+05:30
Remove weaknesses from view which are not in DB
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -2,6 +2,13 @@ Release notes
 =============
 
 
+Next Release
+------------
+
+- We filtered out the weakness that are not presented in the 
+  cwe2.database before passing them into the vulnerability details view. 
+
+
 Version v33.2.0
 -----------------
 
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -275,17 +275,26 @@ class Weakness(models.Model):
     vulnerabilities = models.ManyToManyField(Vulnerability, related_name="weaknesses")
     db = Database()
 
+    @property
+    def weakness(self):
+        """
+        Return a queryset of Weakness for this vulnerability.
+        """
+        try:
+            weakness = self.db.get(self.cwe_id)
+            return weakness
+        except Exception as e:
+            logger.warning(f"Could not find CWE {self.cwe_id}: {e}")
+
     @property
     def name(self):
         """Return the weakness's name."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.name
+        return self.weakness.name if self.weakness else ""
 
     @property
     def description(self):
         """Return the weakness's description."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.description
+        return self.weakness.description if self.weakness else ""
 
 
 class VulnerabilityReferenceQuerySet(BaseQuerySet):
diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py
@@ -88,3 +88,9 @@ def test_vulnerability_package(self):
 
         assert v1.vulnerable_packages.all()[0] == p1
         assert v1.patched_packages.all()[0] == p2
+
+    def test_cwe_not_present_in_weaknesses_db(self):
+        w1 = models.Weakness.objects.create(name="189")
+        assert w1.weakness is None
+        assert w1.name is ""
+        assert w1.description is ""
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
@@ -116,6 +116,10 @@ def get_queryset(self):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+        weaknesses = self.object.weaknesses.all()
+        weaknesses_present_in_db = [
+            weakness_object for weakness_object in weaknesses if weakness_object.weakness
+        ]
         context.update(
             {
                 "vulnerability": self.object,
@@ -125,7 +129,7 @@ def get_context_data(self, **kwargs):
                 "aliases": self.object.aliases.all(),
                 "affected_packages": self.object.affected_packages.all(),
                 "fixed_by_packages": self.object.fixed_by_packages.all(),
-                "weaknesses": self.object.weaknesses.all(),
+                "weaknesses": weaknesses_present_in_db,
             }
         )
         return context

Original file line number	Diff line number	Diff line change
`@@ -116,6 +116,10 @@ def get_queryset(self):`
`116`	`116`
`117`	`117`	`def get_context_data(self, **kwargs):`
`118`	`118`	`context = super().get_context_data(**kwargs)`
	`119`	`+ weaknesses = self.object.weaknesses.all()`
	`120`	`+ weaknesses_present_in_db = [`
	`121`	`+ weakness_object for weakness_object in weaknesses if weakness_object.weakness`
	`122`	`+ ]`
`119`	`123`	`context.update(`
`120`	`124`	`{`
`121`	`125`	`"vulnerability": self.object,`
`@@ -125,7 +129,7 @@ def get_context_data(self, **kwargs):`
`125`	`129`	`"aliases": self.object.aliases.all(),`
`126`	`130`	`"affected_packages": self.object.affected_packages.all(),`
`127`	`131`	`"fixed_by_packages": self.object.fixed_by_packages.all(),`
`128`		`- "weaknesses": self.object.weaknesses.all(),`
	`132`	`+ "weaknesses": weaknesses_present_in_db,`
`129`	`133`	`}`
`130`	`134`	`)`
`131`	`135`	`return context`