Skip to content

Extract and add CWE IDs from CVE problem-types #4167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Oct 20, 2025
Merged

Extract and add CWE IDs from CVE problem-types #4167

merged 7 commits into from
Oct 20, 2025
+35 −3

Conversation

Mritunjay09
Copy link
Contributor

Closes #4159
Introduces the attachCWEs
function to extract CWE IDs from both CNA and ADP problem-types in CVE5 records and store them in the Vulnerability's DatabaseSpecific field. Also updates the ProblemTypes struct to include a CWEID field for more accurate parsing.

  • Updated ProblemTypes struct to include CweID field to match CVE5 JSON schema.
  • Updated attachCWEs() function to store both CWE ID and human-readable description.

@Mritunjay09
Extract and add CWE IDs from CVE problem-types
4c2fb9a 
Closes google#4159
Introduces the attachCWEs
 function to extract CWE IDs from both CNA and ADP problem-types in CVE5 records and store them in the Vulnerability's DatabaseSpecific field. Also updates the ProblemTypes struct to include a CWEID field for more accurate parsing.

- Updated ProblemTypes struct to include `CweID` field to match CVE5 JSON schema.
- Updated attachCWEs() function to store both CWE ID and human-readable description.
@google-cla Google CLA
Copy link

google-cla bot commented Oct 15, 2025

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@Mritunjay09 Mritunjay09 mentioned this pull request Oct 15, 2025
Closed
@jess-lowe jess-lowe self-requested a review October 15, 2025 23:35
jess-lowe
jess-lowe requested changes Oct 16, 2025
View reviewed changes
Copy link
Contributor

@jess-lowe jess-lowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution and the work you put into this PR! It’s awesome to have you contributing.

I’ve left a few inline suggestions. If you could revise based on the comments to reduce the overall complexity, that would be perfect. We look forward to merging your work soon!

@Mritunjay09
Copy link
Contributor Author

Updated attachCWEs function per review feedback. Now uses only the CWEID field and removes regex/description parsing. The PR is ready for another review.

@jess-lowe
Copy link
Contributor

Awesome thanks for that improvement! It looks like the tests are failing as they will need to be updated with the additional data. To run the tests to check, use make vulnfeed-tests.

To check for linting errors, run make lint

@Mritunjay09 Mritunjay09 marked this pull request as draft October 17, 2025 07:02
@Mritunjay09 Mritunjay09 marked this pull request as draft October 17, 2025 07:02
@Mritunjay09 Mritunjay09 marked this pull request as ready for review October 17, 2025 07:34
@Mritunjay09
Copy link
Contributor Author

@jess-lowe made all the necessary changes and also checked that lint and vulnfeed-tests return no error

@Mritunjay09 Mritunjay09 requested a review from jess-lowe October 18, 2025 19:54
@jess-lowe
Copy link
Contributor

/gcbrun

jess-lowe
jess-lowe approved these changes Oct 20, 2025
View reviewed changes
Copy link
Contributor

@jess-lowe jess-lowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jess-lowe jess-lowe merged commit bde844c into google:master Oct 20, 2025
17 checks passed
@Mritunjay09
Copy link
Contributor Author

Let me know if there's anything else I can contribute to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jess-lowe jess-lowe jess-lowe approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support CWE in CVE5 conversion.

2 participants

@Mritunjay09 @jess-lowe