Support OWASP (uppercase) identifiers
There is a big difference between lower case vs uppercase for this identifier. So we need separate logic to handle the different cases. We will tackle lower case "owasp" first as the mapping key is more clearly defined > #349606 (closed). In this next iteration, uppercase "OWASP" will be supported.
When the external type is lowercase owasp
, we found that, it holds the mapping key in external_id
like
select external_id from vulnerability_identifiers where external_type = 'owasp'
---------------------------------------------------
A1
A3
A8
A8
A3
A8
A3
A1
A1
A8
A3
A9
A1
A8
A4
A3
A1
A3
A4
This matches with security training provider mapping key
But for upper case OWASP
(as external_type), the data is different:
select external_id from vulnerability_identifiers where external_type = 'OWASP';
external_id
---------------------------------------------------
Log-injection
XSS
Log-injection
SQL-injection
Cross-Site-Request-Forgery-Prevention-Cheat-Sheet
OWASP
OWASP
XML_External_Entity_Prevention_Cheat_Sheet.md
XML-External-Entity-Prevention-Cheat-Sheet
Unsafe-Reflection
XSS
Unvalidated-Redirects-and-Forwards-Cheat-Sheet
HTTP-Response-Splitting
Session-Fixation
Session-Fixation
This will require more mapping or parsing in backend. This issue will take care of this parsing.
Edited by Samantha Ming