Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates CWE archive to 4.16 #3943

Merged
merged 3 commits into from
Dec 10, 2024
Merged

Updates CWE archive to 4.16 #3943

merged 3 commits into from
Dec 10, 2024

Conversation

ammar92
Copy link
Contributor

@ammar92 ammar92 commented Dec 10, 2024

Changes

This PR updates the CWE archive from 4.11 to 4.16

QA notes

kat_cwe_finding_types plugin should still work.

Code Checklist

  • All the commits in this PR are properly PGP-signed and verified.
  • This PR only contains functionality relevant to the issue.
  • I have written unit tests for the changes or fixes I made.
  • I have checked the documentation and made changes where necessary.
  • I have performed a self-review of my code and refactored it to the best of my abilities.
  • Tickets have been created for newly discovered issues.
  • For any non-trivial functionality, I have added integration and/or end-to-end tests.
  • I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
  • I have included comments in the code to elaborate on what is not self-evident from the code itself, including references to issues and discussions online, or implicit behavior of an interface.

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

@ammar92 ammar92 requested a review from a team as a code owner December 10, 2024 10:13
@ammar92 ammar92 mentioned this pull request Dec 10, 2024
Merged
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Dec 10, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
50.0% Coverage on New Code (required ≥ 80%)
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

@stephanie0x00
Copy link
Contributor

Checklist for QA:

  • I have checked out this branch, and successfully ran a fresh make reset.
  • I confirmed that there are no unintended functional regressions in this branch:
    • I have managed to pass the onboarding flow
    • Objects and Findings are created properly
    • Tasks are created and completed properly
  • I confirmed that the PR's advertised feature or hotfix works as intended.
  • I checked the logs for errors and/or warnings and made issues where necessary

What works:

CWE Finding types resolve. I manually added a CWE finding to trigger this.

image

What doesn't work:

n/a

Bug or feature?:

n/a

@underdarknl underdarknl merged commit 39d0dbc into main Dec 10, 2024
19 of 21 checks passed
@underdarknl underdarknl deleted the fix/update-cwe-db branch December 10, 2024 14:20
@underdarknl
Copy link
Contributor

In light of this, if this file is relatively static, we could also change the boefje to only run on create/update instead of interval?

jpbruinsslot added a commit that referenced this pull request Dec 11, 2024
@jpbruinsslot
Merge branch 'main' into poc/mula/combined-schedulers
c40193f 
* main: (21 commits)
  Bump django from 5.0.9 to 5.0.10 in /rocky (#3940)
  Do not let enabling plugins affect the global plugin cache (#3944)
  Fix typing in more places and configure mypy to follow imports (#3932)
  Updates CWE archive to 4.16 (#3943)
  Report flaws (#3880)
  Translations update from Hosted Weblate (#3939)
  Fix report recipe API (#3942)
  Boefje runonce functionality in scheduler (#3906)
  fix: 🔨 do not store CDN findings (#3931)
  Dont check for Locations on local Ip's. (#3894)
  add unpkg.com to disallowed hostnames in CSP (#3927)
  Update website_discovery.py (#3921)
  Add export http boefje (#3901)
  Bump python-multipart from 0.0.9 to 0.0.18 in /bytes (#3925)
  Fix layout issues on scheduled reports page (#3930)
  Create scheduled report with zero objects selectable (#3907)
  Improve the KATalogus `/plugins` endpoint performance (#3892)
  Add bgp.jsonl and bgp-meta.json to .gitignore (#3928)
  Update pre-commit and all hooks (#3923)
  add support for detecting Lame dns delegations on ip ranges (#3899)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@underdarknl underdarknl underdarknl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
KAT
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ammar92 @stephanie0x00 @underdarknl