Add CWE library

This change adds a new library to parse CWE names.

Author: TristanCacqueray

code/cwe/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## 0.1
+
+- Initial version

code/cwe/RenderCsvData.hs

@@ -0,0 +1,45 @@
+#!/usr/bin/env cabal
+{- cabal:
+build-depends: base, csv
+-}
+-- | Use this script to update the CWE.Raw module:
+-- Go to https://cwe.mitre.org/data/downloads.html
+-- Download and extract the 'Software Development' and 'CWE Simplified Mapping' CSV.zip files
+-- Run the following command: ./RenderCsvData.hs | fourmolu --stdin-input-file ./src/CWE/Raw.hs > src/CWE/Raw.hs
+module Main where
+
+import Data.List
+import Data.Maybe
+import Text.CSV
+import Text.Read
+
+main :: IO ()
+main = do
+    dbs <- traverse readCSV ["699.csv", "1003.csv"]
+    putStrLn $ unlines $ renderSource $ concat dbs
+
+readCSV :: FilePath -> IO CSV
+readCSV fp = do
+    txt <- readFile fp
+    case Text.CSV.parseCSV "stdin" txt of
+        Left e -> error ("bad csv: " <> show e)
+        Right records -> pure (drop 1 records)
+
+renderSource :: [Record] -> [String]
+renderSource xs =
+    [ "{-# LANGUAGE OverloadedStrings #-}"
+    , "module CWE.Data where"
+    , "import Data.Text"
+    , "cweData :: [(Word, Text)]"
+    , "cweData = ["
+    ]
+        <> map renderEntry (zip [0 ..] (sortOn byNum xs))
+        <> ["  ]"]
+  where
+    byNum (num : _) = fromMaybe (42 :: Int) (readMaybe num)
+    renderEntry (pos, (num : desc : _)) = "  " <> sep <> " (" <> num <> ", \"" <> name <> "\")"
+      where
+        sep = if pos == 0 then " " else ","
+        -- Remove extra info in parenthesis
+        name = dropWhileEnd (== ' ') $ takeWhile (/= '(') desc
+    renderEntry _ = ""

code/cwe/cwe.cabal

@@ -0,0 +1,27 @@
+cabal-version:   2.4
+name:            cwe
+version:         0.1
+synopsis:        Common Weakness Enumaration database
+description:     Use this library to lookup or validate CWE numbers.
+license:         BSD-3-Clause
+author:          Tristan de Cacqueray
+maintainer:      [email protected]
+category:        Data
+extra-doc-files: CHANGELOG.md
+tested-with:     GHC ==8.10.7 || ==9.0.2 || ==9.2.7 || ==9.4.5 || ==9.6.2
+
+library
+  exposed-modules:  CWE
+  other-modules:    CWE.Data
+  build-depends:
+    , base        >=4.14 && <5
+    , containers  >=0.6  && <0.7
+    , parsec      >=3    && <4
+    , text >= 1.2 && < 3
+
+
+  hs-source-dirs:   src
+  default-language: Haskell2010
+  ghc-options:
+    -Wall -Wcompat -Widentities -Wincomplete-record-updates
+    -Wincomplete-uni-patterns -Wpartial-fields -Wredundant-constraints

code/cwe/src/CWE.hs

@@ -0,0 +1,26 @@
+{-# LANGUAGE ViewPatterns #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE OverloadedStrings #-}
+module CWE (CWEID, mkCWEID, cweNames, cweIds) where
+
+import CWE.Data
+import Data.Text (Text)
+import Data.Coerce
+import Data.Map.Strict as Map
+import GHC.Bits
+
+-- | A CWE identifier.
+newtype CWEID = CWEID Word
+  deriving newtype (Eq, Ord, Show)
+
+mkCWEID :: (Integral a, Bits a) => a -> Maybe CWEID
+mkCWEID num = CWEID <$> toIntegralSized num
+
+-- | A map to lookup CWE names.
+cweNames :: Map CWEID Text
+cweNames = Map.fromList (coerce cweData)
+
+-- | A map to lookup CWEID.
+cweIds :: Map Text CWEID
+cweIds = Map.fromList $ (\(k, v) -> (v, k)) <$> (coerce cweData)