🐛 Correct CWE Service logic

RedHatProductSecurity · Jan 24, 2025 · 49c5269 · 49c5269
1 parent 5898c43
commit 49c5269
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 14 deletions.
diff --git a/src/services/CweService.ts b/src/services/CweService.ts
@@ -15,10 +15,28 @@ interface CweViews {
 interface CweCategories {
   Categories: {
     ID: string;
+    MappingNotes: {
+      Usage: string;
+    };
     Name: string;
+    Relationships: Array<any>;
+    Status: string;
+    Summary: string;
   }[];
 }
 
+interface CweWeaknesses {
+  Weaknesses: {
+    ID: string;
+    MappingNotes: {
+      Usage: string;
+    };
+    Name: string;
+    Status: string;
+    Summary: string;
+  }[];
+};
+
 export async function updateCWEData() {
   const baseUrl = osimRuntime.value.backends.mitre;
   try {
@@ -56,33 +74,50 @@ async function checkNewVersion(baseUrl: string): Promise<[string, boolean]> {
 }
 
 async function fetchAndCache(baseUrl: string) {
-  const cweIds = await fetchCweIds(baseUrl);
-  const cweData = await fetchCweNames(baseUrl, cweIds);
-  localStorage.setItem(DATA_KEY, JSON.stringify(cweData));
+  const cweView = await fetchCweView(baseUrl);
+  const cweCategories = await fetchCweCategories(baseUrl, cweView);
+  const cweWeaknesses = await fetchCweWeaknesses(baseUrl, cweCategories);
+  localStorage.setItem(DATA_KEY, JSON.stringify(cweWeaknesses));
   console.debug('✅ CWE API cache updated.');
 }
 
-async function fetchCweIds(baseUrl: string) {
+async function fetchCweView(baseUrl: string) {
   // 699 is the id for the "Software Development" CWE view
   const view = await fetch(`${baseUrl}/cwe/view/699`);
   if (!view.ok) {
     throw new Error('Failed to fetch CWE OpenAPI data');
   }
   const cweData: CweViews = await view.json();
-  const cweIds = cweData.Views[0].Members.map(member => member.CweID);
-  return cweIds;
+  const cweCategoryIds = cweData.Views[0].Members.map(member => member.CweID);
+  return cweCategoryIds;
+}
+
+async function fetchCweCategories(baseUrl: string, cweCategoryIds: string[]) {
+  const detailedResponse = await fetch(`${baseUrl}/cwe/category/${cweCategoryIds.join(',')}`);
+  if (!detailedResponse.ok) {
+    throw new Error('Failed to fetch CWE categories data');
+  }
+
+  const cweCategoryData: CweCategories = await detailedResponse.json();
+  const cweWeaknessIds = cweCategoryData.Categories.flatMap(member =>
+    member.Relationships.map(relationship => relationship.CweID),
+  );
+  return cweWeaknessIds;
 }
 
-async function fetchCweNames(baseUrl: string, cweIds: string[]) {
-  const detailedResponse = await fetch(`${baseUrl}/cwe/category/${cweIds.join(',')}`);
+async function fetchCweWeaknesses(baseUrl: string, cweIds: string[]) {
+  const detailedResponse = await fetch(`${baseUrl}/cwe/weakness/${cweIds.join(',')}`);
   if (!detailedResponse.ok) {
     throw new Error('Failed to fetch detailed CWE data');
   }
 
-  const detailedData: CweCategories = await detailedResponse.json();
-  const customStructure: CWEMemberType[] = detailedData.Categories.map(category => ({
+  const detailedData: CweWeaknesses = await detailedResponse.json();
+  const customStructure: CWEMemberType[] = detailedData.Weaknesses.map(category => ({
     id: category.ID,
     name: category.Name,
+    status: category.Status,
+    summary: category.Summary,
+    usage: category.MappingNotes.Usage,
   }));
   return customStructure;
 }
diff --git a/src/types/mitreCwe.ts b/src/types/mitreCwe.ts
@@ -1,4 +1,7 @@
 export interface CWEMemberType {
   id: string;
   name: string;
+  status: string;
+  summary: string;
+  usage: string;
 }
diff --git a/src/types/zodMitre.ts b/src/types/zodMitre.ts