Skip to content

Fix CWE related weakness parsing and add regression tests #756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
akshat4703 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix CWE related weakness parsing and add regression tests #756

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cbbdd3e
Fix CWE related weakness parsing and add regression tests
akshat-prosperr Feb 23, 2026
18b78b3
Merge branch 'main' into akshat/fix-cwe-related-weakness-parser
akshat4703 Feb 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions application/tests/cwe_parser_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,51 @@ def iter_content(self, chunk_size=None):
self.assertCountEqual(nodes[0].todict(), expected[0].todict())
self.assertCountEqual(nodes[1].todict(), expected[1].todict())

def test_parse_related_weakness_handles_list(self) -> None:
parser = cwe.CWE()
cwe_node = defs.Standard(name="CWE", sectionID="1004", section="Test CWE")

with patch.object(
parser,
"link_to_related_cwe",
side_effect=lambda cwe, cache, related_id: cwe,
) as mocked_link:
result = parser.parse_related_weakness(
cache=self.collection,
rw={
"Related_Weakness": [
{"@CWE_ID": "732"},
{"@CWE_ID": "733"},
]
},
cwe=cwe_node,
)

self.assertIs(result, cwe_node)
self.assertEqual(mocked_link.call_count, 2)
mocked_link.assert_any_call(
cwe=cwe_node,
cache=self.collection,
related_id="732",
)
mocked_link.assert_any_call(
cwe=cwe_node,
cache=self.collection,
related_id="733",
)

def test_parse_related_weakness_returns_original_on_empty_input(self) -> None:
parser = cwe.CWE()
cwe_node = defs.Standard(name="CWE", sectionID="1004", section="Test CWE")

result = parser.parse_related_weakness(
cache=self.collection,
rw={},
cwe=cwe_node,
)

self.assertIs(result, cwe_node)

CWE_xml = """<?xml version="1.0" encoding="UTF-8"?>
<Weakness_Catalog Name="CWE" Version="4.10" Date="2023-01-31" xmlns="http://cwe.mitre.org/cwe-6"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Expand Down
22 changes: 16 additions & 6 deletions application/utils/external_project_parsers/parsers/cwe.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
import os
import tempfile
import requests
from typing import Dict
from typing import Any, Dict
from application.database import db
from application.defs import cre_defs as defs
import shutil
Expand Down Expand Up @@ -161,9 +161,19 @@ def register_cwe(self, cache: db.Node_collection, xml_file: str):
return entries

def parse_related_weakness(
self, cache: db.Node_collection, rw: Dict[str, Dict], cwe: defs.Standard
self, cache: db.Node_collection, rw: Dict[str, Any], cwe: defs.Standard
) -> defs.Standard:
cwe_entry = rw.get("Related_Weakness")
if isinstance(cwe_entry, Dict):
id = cwe_entry["@CWE_ID"]
return self.link_to_related_cwe(cwe=cwe, cache=cache, related_id=id)
cwe_entries = rw.get("Related_Weakness")
if isinstance(cwe_entries, Dict):
cwe_entries = [cwe_entries]
Comment on lines +167 to +168
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typing.Dict should not be used with isinstance() (it raises TypeError on Python 3.11/3.12). Use the runtime type (dict) or collections.abc.Mapping for this check, otherwise this code path can crash during parsing (and the new tests will hit it).

Copilot uses AI. Check for mistakes.

if isinstance(cwe_entries, list):
for cwe_entry in cwe_entries:
if isinstance(cwe_entry, Dict):
Comment on lines +167 to +172
Copy link

Copilot AI Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue here: isinstance(cwe_entry, Dict) uses typing.Dict and can raise TypeError at runtime. Switch to dict (or Mapping) for the instance check so related weaknesses parsing doesn’t crash.

Suggested change
if isinstance(cwe_entries, Dict):
cwe_entries = [cwe_entries]
if isinstance(cwe_entries, list):
for cwe_entry in cwe_entries:
if isinstance(cwe_entry, Dict):
if isinstance(cwe_entries, dict):
cwe_entries = [cwe_entries]
if isinstance(cwe_entries, list):
for cwe_entry in cwe_entries:
if isinstance(cwe_entry, dict):

Copilot uses AI. Check for mistakes.
Copy link
Author

@akshat4703 akshat4703 Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implemented and verified.

This PR specifically fixes parse_related_weakness() in application/utils/external_project_parsers/parsers/cwe.py to:

  • normalize Related_Weakness dict/list shapes
  • iterate all related CWE entries safely
  • always return a Standard node (no None propagation)

Added regression tests in application/tests/cwe_parser_test.py:

  • test_parse_related_weakness_handles_list
  • test_parse_related_weakness_returns_original_on_empty_input

Validation run:
python -m unittest application.tests.cwe_parser_test -v
Result: Ran 3 tests ... OK

related_id = cwe_entry.get("@CWE_ID")
if related_id:
cwe = self.link_to_related_cwe(
cwe=cwe, cache=cache, related_id=related_id
)

return cwe