Return generic helpURI if there are no CWEs

It can happen (by human error) that a rule may be missing CWEs in the warning text. So, to guard against that, if there are no CWEs, FlawFinder will generate and return a generic URI.
This commit is contained in:
Mario Campos 2022-06-30 11:29:41 -05:00 committed by GitHub
parent 179a6100de
commit 25c90615b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions

View File

@ -587,6 +587,8 @@ class Hit(object):
# Help uri for each defined rule. e.g. "https://dwheeler.com/flawfinder#FF1002" # Help uri for each defined rule. e.g. "https://dwheeler.com/flawfinder#FF1002"
# return first CWE link for now # return first CWE link for now
def helpuri(self): def helpuri(self):
if self.cwes() == '':
return 'https://dwheeler.com/flawfinder#{}'.format(self.ruleid)
cwe = re.split(',|!', self.cwes())[0] + ")" cwe = re.split(',|!', self.cwes())[0] + ")"
return link_cwe_pattern.sub( return link_cwe_pattern.sub(
r'https://cwe.mitre.org/data/definitions/\2.html', r'https://cwe.mitre.org/data/definitions/\2.html',