-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscript.py
64 lines (50 loc) · 2.15 KB
/
script.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import json
import os
import zipfile
import requests
from pathlib import Path
from lxml import etree
def fetch_and_parse_cwe_data():
# Download the latest CWE data
print("Downloading CWE data...")
cwe_zip_url = "https://cwe.mitre.org/data/xml/cwec_latest.xml.zip"
zip_file_name = 'cwec_latest.xml.zip'
response = requests.get(cwe_zip_url, timeout=10)
with open(zip_file_name, 'wb') as zip_file:
zip_file.write(response.content)
# Extract the XML file from the ZIP
with zipfile.ZipFile(zip_file_name, 'r') as zip_ref:
zip_ref.extractall(".")
# Locate the extracted XML file
extracted_xml_file = next(file_name for file_name in os.listdir() if file_name.endswith(".xml"))
# Parse the extracted XML file
cwe_entries = []
with open(extracted_xml_file, 'rb') as xml_file:
xml_tree = etree.parse(xml_file, etree.XMLParser(resolve_entities=False))
# Retrieve namespaces from the XML root
xml_namespaces = xml_tree.getroot().nsmap
# Find all Weakness elements
weakness_elements = xml_tree.findall('./Weaknesses/Weakness', namespaces=xml_namespaces)
for weakness in weakness_elements:
if weakness.attrib['Status'] == 'Deprecated':
continue
# Append the CWE data to the list
cwe_entries.append({
'name': f"CWE-{weakness.attrib['ID']}: {weakness.attrib['Name']}",
'description': weakness.find('./Description', namespaces=xml_namespaces).text,
})
# Sort the CWE list by CWE-ID (numerical order)
def extract_cwe_id(cwe):
# Extract numeric CWE-ID from "CWE-ID: Name"
return int(cwe['name'].split('-')[1].split(':')[0])
cwe_entries = sorted(cwe_entries, key=extract_cwe_id)
# Save the data to a JSON file
output_json_path = Path(__file__).parent / 'cwe.json'
with open(output_json_path, 'w') as json_file:
json.dump(cwe_entries, json_file, indent=2)
# Remove downloaded and extracted files for cleanup
os.remove(zip_file_name)
os.remove(extracted_xml_file)
print("CWE data successfully updated and saved to cwe.json")
if __name__ == '__main__':
fetch_and_parse_cwe_data()