Support linking to CWEs (#122)

* Support linking to CWEs * Update changelog Co-authored-by: Steven Loria <sloria1@gmail.com>
sloria · Jan 1, 2022 · 118fa78 · 118fa78
1 parent acac0d3
commit 118fa78
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 5 deletions.
diff --git a/README.rst b/README.rst
@@ -91,6 +91,12 @@ Use the ``:cve:`` role to link to CVEs on https://cve.mitre.org.
 
     :cve:`CVE-2018-17175` - Addresses possible vulnerability when...
 
+Use the ``:cwe:`` role to link to CWEs on https://cwe.mitre.org.
+
+.. code-block:: rst
+
+    :cwe:`CWE-787` - The software writes data past the end, or...
+
 Credits
 *******
 
@@ -110,6 +116,8 @@ Changelog
 
 - Drop support for Python 2.7 and 3.5.
 - Test against Python 3.8 to 3.10.
+- Add ``:cwe:`` role for linking to CVEs on https://cwe.mitre.org.
+  Thanks @hugovk for the PR.
 
 1.2.0 (2018-12-26)
 ------------------

diff --git a/sphinx_issues.py b/sphinx_issues.py
@@ -62,6 +62,27 @@ def cve_role(name, rawtext, text, lineno, inliner, options=None, content=None):
     return [link], []
 
 
+def cwe_role(name, rawtext, text, lineno, inliner, options=None, content=None):
+    """Sphinx role for linking to a CWE on https://cwe.mitre.org.
+
+    Examples: ::
+
+        :cwe:`CWE-787`
+
+    """
+    options = options or {}
+    content = content or []
+    has_explicit_title, title, target = split_explicit_title(text)
+
+    target = utils.unescape(target).strip()
+    title = utils.unescape(title).strip()
+    number = target[4:]
+    ref = f"https://cwe.mitre.org/data/definitions/{number}.html"
+    text = title if has_explicit_title else target
+    link = nodes.reference(text=text, refuri=ref, **options)
+    return [link], []
+
+
 class IssueRole:
 
     EXTERNAL_REPO_REGEX = re.compile(r"^(\w+)/(.+)([#@])([\w]+)$")

diff --git a/test_sphinx_issues.py b/test_sphinx_issues.py
@@ -1,17 +1,14 @@
 from tempfile import mkdtemp
 from shutil import rmtree
-
-try:
-    from unittest.mock import Mock
-except ImportError:
-    from unittest.mock import Mock
+from unittest.mock import Mock
 
 from sphinx.application import Sphinx
 from sphinx_issues import (
     issue_role,
     user_role,
     pr_role,
     cve_role,
+    cwe_role,
     commit_role,
     setup as issues_setup,
 )
@@ -84,6 +81,13 @@ def inliner(app):
             "CVE-2018-17175",
             "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17175",
         ),
+        (
+            cwe_role,
+            "cve",
+            "CWE-787",
+            "CWE-787",
+            "https://cwe.mitre.org/data/definitions/787.html",
+        ),
         (
             commit_role,
             "commit",