Skip to content

Commit fc8cb63

Browse files
TristanCacquerayTristanCacqueray
committed
Update hsec-tools to support textual CWE
1 parent 76de7ce commit fc8cb63

File tree

4 files changed

+12
-8
lines changed

4 files changed

+12
-8
lines changed

code/hsec-tools/cabal.project

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
tested-with: GHC==9.2.5
22

3-
packages: *.cabal
3+
packages: *.cabal ../cwe/cwe.cabal
44

55
package hsec-tools

code/hsec-tools/hsec-tools.cabal

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,9 @@ library
5050
aeson >= 2.0.1.0 && < 3,
5151
pandoc-types >= 1.22 && < 2,
5252
parsec >= 3 && < 4,
53-
commonmark-pandoc >= 0.2 && < 0.3
54-
, safe >= 0.3
53+
commonmark-pandoc >= 0.2 && < 0.3,
54+
safe >= 0.3,
55+
cwe >= 0.1 && < 2,
5556
hs-source-dirs: src
5657
default-language: Haskell2010
5758
ghc-options: -Wall

code/hsec-tools/src/Security/Advisories/Definition.hs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ module Security.Advisories.Definition
1212
)
1313
where
1414

15+
import CWE (CWEID)
1516
import Data.Text (Text)
1617
import Data.Time (ZonedTime)
1718
import Distribution.Types.VersionRange (VersionRange)
@@ -25,7 +26,7 @@ data Advisory = Advisory
2526
{ advisoryId :: HsecId
2627
, advisoryModified :: ZonedTime
2728
, advisoryPublished :: ZonedTime
28-
, advisoryCWEs :: [CWE]
29+
, advisoryCWEs :: [CWEID]
2930
, advisoryKeywords :: [Keyword]
3031
, advisoryAliases :: [Text]
3132
, advisoryRelated :: [Text]

code/hsec-tools/src/Security/Advisories/Parse.hs

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ module Security.Advisories.Parse
1717
)
1818
where
1919

20+
import qualified CWE
2021
import Control.Monad ((>=>))
2122
import Data.Bifunctor (first)
2223
import Data.Foldable (toList)
@@ -172,7 +173,7 @@ parseAdvisoryTable oob policy table doc summary details html = runTableParser $
172173

173174
cats <-
174175
fromMaybe []
175-
<$> optional advisory "cwe" (isArrayOf (fmap CWE . isInt))
176+
<$> optional advisory "cwe" (isArrayOf (isCWE))
176177
kwds <-
177178
fromMaybe []
178179
<$> optional advisory "keywords" (isArrayOf (fmap Keyword . isString))
@@ -417,9 +418,10 @@ onKey ::
417418
onKey tbl k absent present =
418419
maybe absent present $ Map.lookup k tbl
419420

420-
isInt :: TOML.Value -> TableParser Integer
421-
isInt (TOML.Integer i) = pure i
422-
isInt other = throwError $ InvalidFormat "Integer" (describeValue other) "42"
421+
isCWE :: TOML.Value -> TableParser CWE.CWEID
422+
isCWE (TOML.Integer i) | Just cwe <- CWE.mkCWEID i, Map.member cwe CWE.cweNames = pure cwe
423+
isCWE (TOML.String txt) | Just cwe <- Map.lookup txt CWE.cweIds = pure cwe
424+
isCWE other = throwError $ InvalidFormat "Integer" (describeValue other) "42"
423425

424426
isString :: TOML.Value -> TableParser T.Text
425427
isString (TOML.String txt) = pure txt

0 commit comments

Comments
 (0)