From 3ed49184a5dabeb9619f9c08f936d60a90da2a11 Mon Sep 17 00:00:00 2001
From: Artur Ribeiro <artur.ribeiro@checkmarx.com>
Date: Mon, 22 Jul 2024 15:05:41 +0100
Subject: [PATCH 1/4] fix(query): fix cwe not appearing in KICS CLI and sarif
 reports

---
 pkg/engine/secrets/inspector.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/engine/secrets/inspector.go b/pkg/engine/secrets/inspector.go
index 09398146a97..e01191f3f82 100644
--- a/pkg/engine/secrets/inspector.go
+++ b/pkg/engine/secrets/inspector.go
@@ -527,6 +527,7 @@ func (c *Inspector) addVulnerability(basePaths []string, file *model.FileMetadat
 				VulnLines:        hideSecret(&linesVuln, issueLine, query, &c.SecretTracker),
 				IssueType:        "RedundantAttribute",
 				Platform:         SecretsQueryMetadata["platform"],
+				CWE:              SecretsQueryMetadata["cwe"],
 				Severity:         model.SeverityHigh,
 				QueryURI:         SecretsQueryMetadata["descriptionUrl"],
 				Category:         SecretsQueryMetadata["category"],

From 6fbefb066baa0cb635df17ed2a2f6283dcff02e6 Mon Sep 17 00:00:00 2001
From: Artur Ribeiro <artur.ribeiro@checkmarx.com>
Date: Mon, 22 Jul 2024 16:55:50 +0100
Subject: [PATCH 2/4] add cwe to queries documentation page

---
 .../query-page-generator/query-page-generator.py          | 8 ++++++++
 .../query-page-generator/templates/query-page-template.md | 1 +
 2 files changed, 9 insertions(+)

diff --git a/.github/scripts/docs-generator/query-page-generator/query-page-generator.py b/.github/scripts/docs-generator/query-page-generator/query-page-generator.py
index 8b6ed594ff2..40d3844bcb5 100644
--- a/.github/scripts/docs-generator/query-page-generator/query-page-generator.py
+++ b/.github/scripts/docs-generator/query-page-generator/query-page-generator.py
@@ -181,12 +181,20 @@ def generate_md_docs(queries_database : str, output_path : str, template_file_pa
         doc_template = f.read()
 
     for key, query_data in queries_database.items():
+        cwe = query_data.get('cwe', '')
+        if cwe == '':
+            cwe = 'Ongoing'
+        else:
+            cwe_url = f'https://cwe.mitre.org/data/definitions/{cwe}.html'
+            cwe = f'<a href="{cwe_url}" onclick="newWindowOpenerSafe(event, \'{cwe_url}\')">{cwe}</a>'
+
         query_doc = doc_template
         query_doc = doc_template.replace('<QUERY_ID>', key).replace(
             '<QUERY_NAME>', query_data.get('queryName')).replace(
             '<PLATFORM>', query_data.get('platform')).replace(
             '<SEVERITY>', format_severity(query_data.get('severity'))).replace(
             '<CATEGORY>', query_data.get('category')).replace(
+            '<CWE>', cwe).replace(
             '<GITHUB_URL>', query_data.get('githubUrl')).replace(
             '<DESCRIPTION_TEXT>', query_data.get('descriptionText')).replace(
             '<DESCRIPTION_URL>', query_data.get('descriptionUrl')).replace(
diff --git a/.github/scripts/docs-generator/query-page-generator/templates/query-page-template.md b/.github/scripts/docs-generator/query-page-generator/templates/query-page-template.md
index 9a386936e08..3d6e2bbbdd0 100644
--- a/.github/scripts/docs-generator/query-page-generator/templates/query-page-template.md
+++ b/.github/scripts/docs-generator/query-page-generator/templates/query-page-template.md
@@ -20,6 +20,7 @@ hide:
 -   **Platform:** <PLATFORM>
 -   **Severity:** <SEVERITY>
 -   **Category:** <CATEGORY>
+-   **CWE:** <CWE>
 -   **URL:** [Github](<GITHUB_URL>)
 
 ### Description

From 9766f64f82b1cb0683b9da82bc9eba5b04472542 Mon Sep 17 00:00:00 2001
From: Artur Ribeiro <artur.ribeiro@checkmarx.com>
Date: Mon, 22 Jul 2024 17:03:33 +0100
Subject: [PATCH 3/4] add cwe field to all e2e test results

---
 e2e/fixtures/E2E_CLI_032_RESULT.json | 2 ++
 e2e/fixtures/E2E_CLI_086_RESULT.json | 1 +
 e2e/fixtures/E2E_CLI_087_RESULT.json | 1 +
 e2e/fixtures/E2E_CLI_088_RESULT.json | 1 +
 4 files changed, 5 insertions(+)

diff --git a/e2e/fixtures/E2E_CLI_032_RESULT.json b/e2e/fixtures/E2E_CLI_032_RESULT.json
index cd00b4d1138..1382fdd0033 100644
--- a/e2e/fixtures/E2E_CLI_032_RESULT.json
+++ b/e2e/fixtures/E2E_CLI_032_RESULT.json
@@ -72,6 +72,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,
@@ -97,6 +98,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,
diff --git a/e2e/fixtures/E2E_CLI_086_RESULT.json b/e2e/fixtures/E2E_CLI_086_RESULT.json
index 66b773b90f0..c805358c738 100644
--- a/e2e/fixtures/E2E_CLI_086_RESULT.json
+++ b/e2e/fixtures/E2E_CLI_086_RESULT.json
@@ -32,6 +32,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,
diff --git a/e2e/fixtures/E2E_CLI_087_RESULT.json b/e2e/fixtures/E2E_CLI_087_RESULT.json
index c425222e393..639ba0924c2 100644
--- a/e2e/fixtures/E2E_CLI_087_RESULT.json
+++ b/e2e/fixtures/E2E_CLI_087_RESULT.json
@@ -32,6 +32,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,
diff --git a/e2e/fixtures/E2E_CLI_088_RESULT.json b/e2e/fixtures/E2E_CLI_088_RESULT.json
index 294cd113fb3..c6437660774 100644
--- a/e2e/fixtures/E2E_CLI_088_RESULT.json
+++ b/e2e/fixtures/E2E_CLI_088_RESULT.json
@@ -32,6 +32,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,

From c833aa841fd9342fad446e9ccb8e1259c8f00555 Mon Sep 17 00:00:00 2001
From: Artur Ribeiro <artur.ribeiro@checkmarx.com>
Date: Thu, 25 Jul 2024 09:34:34 +0100
Subject: [PATCH 4/4] add cwe to unit tests

---
 pkg/engine/secrets/inspector_test.go | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/pkg/engine/secrets/inspector_test.go b/pkg/engine/secrets/inspector_test.go
index d887cf9a31f..2b5bbf12b55 100644
--- a/pkg/engine/secrets/inspector_test.go
+++ b/pkg/engine/secrets/inspector_test.go
@@ -478,10 +478,11 @@ var testNewInspectorInputs = []struct {
 			"severity": "HIGH",
 			"category": "Secret Management",
 			"descriptionText": "Query to find passwords and secrets in infrastructure code.",
-			"descriptionUrl": "https://kics.io/",
+			"descriptionUrl": "https://docs.kics.io/latest/secrets/",
 			"platform": "Common",
 			"descriptionID": "d69d8a89",
-			"cloudProvider": "common"
+			"cloudProvider": "common",
+			"cwe": "798"
 		  }`,
 		disableSecrets: false,
 		wantRegLen:     1,
@@ -508,10 +509,11 @@ var testNewInspectorInputs = []struct {
 			"severity": "HIGH",
 			"category": "Secret Management",
 			"descriptionText": "Query to find passwords and secrets in infrastructure code.",
-			"descriptionUrl": "https://kics.io/",
+			"descriptionUrl": "https://docs.kics.io/latest/secrets/",
 			"platform": "Common",
 			"descriptionID": "d69d8a89",
-			"cloudProvider": "common"
+			"cloudProvider": "common",
+			"cwe": "798"
 		  }`,
 		disableSecrets: true,
 		wantRegLen:     0,
@@ -538,10 +540,11 @@ var testNewInspectorInputs = []struct {
 			"severity": "HIGH",
 			"category": "Secret Management",
 			"descriptionText": "Query to find passwords and secrets in infrastructure code.",
-			"descriptionUrl": "https://kics.io/",
+			"descriptionUrl": "https://docs.kics.io/latest/secrets/",
 			"platform": "Common",
 			"descriptionID": "d69d8a89",
-			"cloudProvider": "common"
+			"cloudProvider": "common",
+			"cwe": "798"
 		  }`,
 		disableSecrets: false,
 		wantRegLen:     1,