User:Jingkaimori/mass edit/CWE
Jump to navigation
Jump to search
Data source[edit]
https://cwe.mitre.org/data/downloads.html
Extract Candidate[edit]
Open xml dump in browser, open console of browser and paste commands below:
( async ()=>{
let csv = "sourceid,name,wikidataid,desc,url,P31\n\r";
let weaklist = document.getElementsByTagName("Weaknesses")[0]
for(let i of weaklist.childNodes){
if(i.nodeName == "Weakness"){
let searchCandidates = [];
let name = i.getAttribute("Name")
searchCandidates.push( name );
let regex = /\('(.*)'\)/
let result = name.match(regex);
if(result && result[0]){
searchCandidates.push(result[0]);
}
let altersL = i.getElementsByTagName("Alternate_Terms");
if(altersL.length>0){
let alters = altersL[0]
for(let i of alters.childNodes){
if(i.nodeType==Node.ELEMENT_NODE){
let term = i.getElementsByTagName("Term")[0]
searchCandidates.push( term.firstChild.nodeValue)
}
}
}
async function search(name){
let hash = 2;
for(let delay=0;delay<1000;delay++){
hash ^= delay;
}
let query = new URL("https://www.wikidata.org/w/api.php?action=wbsearchentities&format=json&uselang=en&language=en&limit=1");
query.searchParams.append("search",name)
query.searchParams.append("origin","*")
let response = await fetch(query.toString(),{
Headers:{
"Access-Control-Allow-Origin":"*"
}
})
let res = await response.json();
res.id = hash
if(res?.search instanceof Array){
return res.search;
}else{
return []
}
}
let resRaw = [];
for(let i of searchCandidates){
let resThis = await search(i);
resRaw = resRaw.concat(resThis)
}
let resMap = new Map()
for(let i of resRaw){
resMap.set(i?.id,i)
}
let res = Array.from(resMap.values())
let id = i.getAttribute("ID");
async function claimP31(entity){
let hash = 2;
for(let delay=0;delay<1000;delay++){
hash ^= delay;
}
let query = new URL("https://www.wikidata.org/w/api.php?action=wbgetclaims&format=json&property=P31&props=");
query.searchParams.append("entity",entity)
query.searchParams.append("origin","*")
let response = await fetch(query.toString(),{
Headers:{
"Access-Control-Allow-Origin":"*",
"Accept-Encoding":"gzip"
}
})
let res = await response.json();
console.log(res,res?.claims?.P31)
res.id = hash
if(res?.claims?.P31){
let resArr = res.claims.P31.map(obj => obj.mainsnak.datavalue.value.id)
return resArr;
}else{
return []
}
}
for(let i of res){
let wdId = i.id
let claimArr = await claimP31(wdId)
if(claimArr.length>0){
for(let j of claimArr){
csv += `"""${id}""","""${name}""",${wdId},"${i.description}","""https:${i.url}""",${j}\n\r`
}
}else{
csv += `"""${id}""","""${name}""",${wdId},"${i.description}","""https:${i.url}""",unknown\n\r`
}
}
//console.log(i.getAttribute("ID"),name,res)
}
}
console.log(csv);
return csv;
})()
Post operation[edit]
Edit generated spreadsheet in Excel,remove article and some film.
Quickstat command[edit]
"qid","Aen","#","P3624","S854","S5017"
"Q6007765","Improper Input Validation","20","""20""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q442856","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","22","""22""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q646197","Windows Shortcut Following (.LNK)","64","""64""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q371199","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","79","""79""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q515838","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","79","""79""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1060049","Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')","98","""98""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q104792366","Improper Control of Resource Identifiers ('Resource Injection')","99","""99""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1649571","Process Control","114","""114""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q19423","Improper Restriction of Operations within the Bounds of a Memory Buffer","119","""119""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q4080983","Improper Restriction of Operations within the Bounds of a Memory Buffer","119","""119""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1002151","Buffer Underwrite ('Buffer Underflow')","124","""124""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q16848739","Buffer Over-read","126","""126""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1439356","Off-by-one Error","193","""193""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q67123584","Exposure of Sensitive Information to an Unauthorized Actor","200","""200""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2904148","Exposure of Sensitive Information to an Unauthorized Actor","200","""200""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2267081","Observable Discrepancy","203","""203""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q231043","Improper Access Control","284","""284""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q27089314","Improper Authentication","287","""287""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q936009","Using Referer Field for Authentication","293","""293""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q554830","Channel Accessible by Non-Endpoint","300","""300""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q15401472","Cross-Site Request Forgery (CSRF)","352","""352""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q848539","Divide By Zero","369","""369""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2274575","Session Fixation","384","""384""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q22908283","Uncontrolled Resource Consumption","400","""400""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q751740","Missing Release of Memory after Effective Lifetime","401","""401""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q7315829","Transmission of Private Resources into a New Sphere ('Resource Leak')","402","""402""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1642293","Use After Free","416","""416""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1154490","Uncontrolled Search Path Element","427","""427""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q5160310","Unintended Proxy or Intermediary ('Confused Deputy')","441","""441""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q14639","Trojan Horse","507","""507""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1666492","Trapdoor","510","""510""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q14644","Spyware","512","""512""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1476964","Covert Channel","514","""514""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1770035","Dead Code","561","""561""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1770035","Dead Code","561","""561""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2712542","Double-Checked Locking","609","""609""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q8045328","Improper Restriction of XML External Entity Reference","611","""611""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q3570419","Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')","776","""776""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2910881","Out-of-bounds Write","787","""787""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1642293","Expired Pointer Dereference","825","""825""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q623276","Deadlock","833","""833""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q163231","Improper Restriction of Rendered UI Layers or Frames","1021","""1021""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1136330","Use of Web Link to Untrusted Target with window.opener Access","1022","""1022""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q7300006","Inefficient Regular Expression Complexity","1333","""1333""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"