User:Jingkaimori/mass edit/CWE

From Wikidata
Jump to navigation Jump to search

Data source[edit]

https://cwe.mitre.org/data/downloads.html

Extract Candidate[edit]

Open xml dump in browser, open console of browser and paste commands below: 

( async ()=>{
	let csv = "sourceid,name,wikidataid,desc,url,P31\n\r";
	let weaklist = document.getElementsByTagName("Weaknesses")[0]
	for(let i of weaklist.childNodes){
	  if(i.nodeName == "Weakness"){
			let searchCandidates = [];
			let name = i.getAttribute("Name")
			searchCandidates.push( name );
			let regex = /\('(.*)'\)/
			let result = name.match(regex);
			if(result && result[0]){
				searchCandidates.push(result[0]);
			}
			let altersL = i.getElementsByTagName("Alternate_Terms");
			if(altersL.length>0){
				let alters = altersL[0]
				for(let i of alters.childNodes){
					if(i.nodeType==Node.ELEMENT_NODE){
					let term = i.getElementsByTagName("Term")[0]
					searchCandidates.push( term.firstChild.nodeValue)
					}
				}
			}
			async function search(name){
				let hash = 2;
				for(let delay=0;delay<1000;delay++){
					hash ^= delay;
				}
				let query = new URL("https://www.wikidata.org/w/api.php?action=wbsearchentities&format=json&uselang=en&language=en&limit=1");
				query.searchParams.append("search",name)
				query.searchParams.append("origin","*")
				let response = await fetch(query.toString(),{
					Headers:{
						"Access-Control-Allow-Origin":"*"
					}
				})
				let res = await response.json();
				res.id = hash
				if(res?.search instanceof Array){
					return res.search;
				}else{
					return []
				}
			}
			let resRaw = [];
      for(let i of searchCandidates){
        let resThis = await search(i);
        resRaw = resRaw.concat(resThis)
      }
			let resMap = new Map()
			for(let i of resRaw){
				resMap.set(i?.id,i)
			}
			let res = Array.from(resMap.values())
			let id = i.getAttribute("ID");
			async function claimP31(entity){
				let hash = 2;
				for(let delay=0;delay<1000;delay++){
					hash ^= delay;
				}
				let query = new URL("https://www.wikidata.org/w/api.php?action=wbgetclaims&format=json&property=P31&props=");
				query.searchParams.append("entity",entity)
				query.searchParams.append("origin","*")
				let response = await fetch(query.toString(),{
					Headers:{
						"Access-Control-Allow-Origin":"*",
						"Accept-Encoding":"gzip"
					}
				})
				let res = await response.json();
				console.log(res,res?.claims?.P31)
				res.id = hash
				if(res?.claims?.P31){
					let resArr = res.claims.P31.map(obj => obj.mainsnak.datavalue.value.id)
					return resArr;
				}else{
					return []
				}
			}
			for(let i of res){
				let wdId = i.id
				let claimArr = await claimP31(wdId)
				if(claimArr.length>0){
					for(let j of claimArr){
						csv += `"""${id}""","""${name}""",${wdId},"${i.description}","""https:${i.url}""",${j}\n\r`

					}
				}else{
					csv += `"""${id}""","""${name}""",${wdId},"${i.description}","""https:${i.url}""",unknown\n\r`
				}
			}
			//console.log(i.getAttribute("ID"),name,res)
	  }
	}
	console.log(csv);
	return csv;
})()

Post operation[edit]

Edit generated spreadsheet in Excel,remove article and some film.

Quickstat command[edit]

"qid","Aen","#","P3624","S854","S5017"
"Q6007765","Improper Input Validation","20","""20""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q442856","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","22","""22""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q646197","Windows Shortcut Following (.LNK)","64","""64""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q371199","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","79","""79""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q515838","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","79","""79""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1060049","Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')","98","""98""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q104792366","Improper Control of Resource Identifiers ('Resource Injection')","99","""99""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1649571","Process Control","114","""114""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q19423","Improper Restriction of Operations within the Bounds of a Memory Buffer","119","""119""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q4080983","Improper Restriction of Operations within the Bounds of a Memory Buffer","119","""119""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1002151","Buffer Underwrite ('Buffer Underflow')","124","""124""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q16848739","Buffer Over-read","126","""126""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1439356","Off-by-one Error","193","""193""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q67123584","Exposure of Sensitive Information to an Unauthorized Actor","200","""200""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2904148","Exposure of Sensitive Information to an Unauthorized Actor","200","""200""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2267081","Observable Discrepancy","203","""203""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q231043","Improper Access Control","284","""284""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q27089314","Improper Authentication","287","""287""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q936009","Using Referer Field for Authentication","293","""293""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q554830","Channel Accessible by Non-Endpoint","300","""300""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q15401472","Cross-Site Request Forgery (CSRF)","352","""352""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q848539","Divide By Zero","369","""369""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2274575","Session Fixation","384","""384""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q22908283","Uncontrolled Resource Consumption","400","""400""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q751740","Missing Release of Memory after Effective Lifetime","401","""401""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q7315829","Transmission of Private Resources into a New Sphere ('Resource Leak')","402","""402""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1642293","Use After Free","416","""416""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1154490","Uncontrolled Search Path Element","427","""427""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q5160310","Unintended Proxy or Intermediary ('Confused Deputy')","441","""441""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q14639","Trojan Horse","507","""507""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1666492","Trapdoor","510","""510""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q14644","Spyware","512","""512""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1476964","Covert Channel","514","""514""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1770035","Dead Code","561","""561""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1770035","Dead Code","561","""561""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2712542","Double-Checked Locking","609","""609""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q8045328","Improper Restriction of XML External Entity Reference","611","""611""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q3570419","Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')","776","""776""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q2910881","Out-of-bounds Write","787","""787""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1642293","Expired Pointer Dereference","825","""825""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q623276","Deadlock","833","""833""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q163231","Improper Restriction of Rendered UI Layers or Frames","1021","""1021""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q1136330","Use of Web Link to Untrusted Target with window.opener Access","1022","""1022""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
"Q7300006","Inefficient Regular Expression Complexity","1333","""1333""","""https://cwe.mitre.org/data/xml/cwec_latest.xml.zip""","+2021-08-03T00:00:00Z/11"
Retrieved from "https://www.wikidata.org/w/index.php?title=User:Jingkaimori/mass_edit/CWE&oldid=1472102946"