From 55c07615c624e3b55bb659ce43d372b938361dad Mon Sep 17 00:00:00 2001
From: Paul Duncan <pabs@pablotron.org>
Date: Fri, 18 Mar 2022 20:29:31 -0400
Subject: nvdmirror: add CweListUrl

---
 nvdmirror/sync.go            |  1 +
 nvdmirror/syncconfig.go      | 13 +++++++++++++
 nvdmirror/syncconfig_test.go | 22 ++++++++++++++++++++++
 3 files changed, 36 insertions(+)

diff --git a/nvdmirror/sync.go b/nvdmirror/sync.go
index 430842f..afdc260 100644
--- a/nvdmirror/sync.go
+++ b/nvdmirror/sync.go
@@ -40,5 +40,6 @@ func Sync(config SyncConfig, cache Cache, dstDir string) []string {
     ctx.checkMetas(ctx.fetchMetas()),
     config.GetCpeDictUrl(),
     config.GetCisaKevcUrl(),
+    config.GetCweListUrl(),
   ))
 }
diff --git a/nvdmirror/syncconfig.go b/nvdmirror/syncconfig.go
index 9cb5397..e80e12e 100644
--- a/nvdmirror/syncconfig.go
+++ b/nvdmirror/syncconfig.go
@@ -21,6 +21,9 @@ type SyncConfig struct {
   // CISA known exploited vulnerabilities catalog (KEVC) URL.
   CisaKevcUrl string
 
+  // Common Weakness Enumeration list URL.
+  CweListUrl string
+
   // User agent string.  Set to "" for default user agent string.
   UserAgent string
 
@@ -37,6 +40,7 @@ var DefaultConfig = SyncConfig {
   CpeMatch10BaseUrl: "https://nvd.nist.gov/feeds/json/cpematch/1.0",
   Cpe23DictUrl: "https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz",
   CisaKevcUrl: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
+  CweListUrl: "https://cwe.mitre.org/data/xml/cwec_latest.xml.zip",
   UserAgent: "cvez/0.1.0",
 }
 
@@ -91,6 +95,15 @@ func (me SyncConfig) GetCisaKevcUrl() string {
   }
 }
 
+// Get CWE list URL.
+func (me SyncConfig) GetCweListUrl() string {
+  if len(me.CweListUrl) > 0 {
+    return me.CweListUrl
+  } else {
+    return DefaultConfig.CweListUrl
+  }
+}
+
 // get meta URL map.
 func (me SyncConfig) getMetaUrls() map[string]string {
   // calculate total number of years
diff --git a/nvdmirror/syncconfig_test.go b/nvdmirror/syncconfig_test.go
index 5f57b2d..91c900d 100644
--- a/nvdmirror/syncconfig_test.go
+++ b/nvdmirror/syncconfig_test.go
@@ -141,6 +141,28 @@ func TestSyncConfigGetCisaKevcUrl(t *testing.T) {
   }
 }
 
+func TestSyncConfigGetCweListUrl(t *testing.T) {
+  tests := []struct {
+    name string
+    val string
+    exp string
+  } {
+    { "custom", "https://example.com/", "https://example.com/" },
+    { "default", "", DefaultConfig.CweListUrl },
+  }
+
+  for _, test := range(tests) {
+    t.Run(test.name, func(t *testing.T) {
+      config := SyncConfig { CweListUrl: test.val }
+
+      got := config.GetCweListUrl()
+      if got != test.exp {
+        t.Errorf("got \"%s\", exp \"%s\"", got, test.exp)
+      }
+    })
+  }
+}
+
 func TestSyncConfigGetMetaUrls(t *testing.T) {
   // declare expected result
   exp := make(map[string]string)
-- 
cgit v1.2.3