Bump CWE dictionary to v4.13

Signed-off-by: nscuro <nscuro@protonmail.com>

dev/scripts/cwe-dictionary-generate.py

@@ -1,7 +1,8 @@
 #!/usr/bin/env python3
 
 # pip3 install --user defusedxml jinja2 requests
-# python3 ./dev/scripts/cwe-dictionary-generate.py -o src/main/java/org/dependencytrack/parser/common/resolver/CweDictionary.java
+# python3 ./dev/scripts/cwe-dictionary-generate.py -v 4.13 \
+#   -o src/main/java/org/dependencytrack/parser/common/resolver/CweDictionary.java
 
 import os.path
 import zipfile
@@ -61,14 +62,15 @@
     arg_parser = ArgumentParser()
     arg_parser.add_argument("-p", "--package", default="org.dependencytrack.parser.common.resolver", help="Package name")
     arg_parser.add_argument("-o", "--output", type=Path, required=True, help="Output file path")
+    arg_parser.add_argument("-v", "--version", type=str, required=True, help="CWE dictionary version")
     args = arg_parser.parse_args()
 
     with TemporaryFile(suffix=".zip") as tmp:
-        with requests.get("https://cwe.mitre.org/data/xml/cwec_v4.12.xml.zip") as res:
+        with requests.get(f"https://cwe.mitre.org/data/xml/cwec_v{args.version}.xml.zip") as res:
             tmp.write(res.content)
         tmp.seek(0)
         with zipfile.ZipFile(tmp) as zip:
-            with zip.open("cwec_v4.12.xml") as dict_file:
+            with zip.open(f"cwec_v{args.version}.xml") as dict_file:
                 tree: ElementTree = parse_etree(dict_file)
 
     tree_root = tree.getroot()

src/main/java/org/dependencytrack/parser/common/resolver/CweDictionary.java

@@ -22,7 +22,7 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-@Generated(value = "cwe-dictionary-generate.py", date = "2023-12-08T22:31:25.627365+00:00")
+@Generated(value = "cwe-dictionary-generate.py", date = "2024-02-24T10:51:02.559228+00:00")
 public final class CweDictionary {
 
     public static final Map<Integer, String> DICTIONARY = new LinkedHashMap<>();
@@ -1215,7 +1215,7 @@ public final class CweDictionary {
         DICTIONARY.put(1185, "SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)");
         DICTIONARY.put(1186, "SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)");
         DICTIONARY.put(1187, "DEPRECATED: Use of Uninitialized Resource");
-        DICTIONARY.put(1188, "Insecure Default Initialization of Resource");
+        DICTIONARY.put(1188, "Initialization of a Resource with an Insecure Default");
         DICTIONARY.put(1189, "Improper Isolation of Shared Resources on System-on-a-Chip (SoC)");
         DICTIONARY.put(1190, "DMA Device Enabled Too Early in Boot Phase");
         DICTIONARY.put(1191, "On-Chip Debug and Test Interface With Improper Access Control");
@@ -1446,6 +1446,7 @@ public final class CweDictionary {
         DICTIONARY.put(1416, "Comprehensive Categorization: Resource Lifecycle Management");
         DICTIONARY.put(1417, "Comprehensive Categorization: Sensitive Information Exposure");
         DICTIONARY.put(1418, "Comprehensive Categorization: Violation of Secure Design Principles");
+        DICTIONARY.put(1419, "Incorrect Initialization of Resource");
         DICTIONARY.put(1425, "Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses");
         DICTIONARY.put(2000, "Comprehensive CWE Dictionary");
 

src/test/java/org/dependencytrack/resources/v1/CweResourceTest.java

@@ -49,7 +49,7 @@ public void getCwesTest() {
                 .header(X_API_KEY, apiKey)
                 .get(Response.class);
         Assert.assertEquals(200, response.getStatus(), 0);
-        Assert.assertEquals(String.valueOf(1420), response.getHeaderString(TOTAL_COUNT_HEADER));
+        Assert.assertEquals(String.valueOf(1421), response.getHeaderString(TOTAL_COUNT_HEADER));
         JsonArray json = parseJsonArray(response);
         Assert.assertNotNull(json);
         Assert.assertEquals(100, json.size());