Support CWE (uppercase)
Should we make cwe
vulnerabilities case insensitive?
cwe (has results) |
CWE (no results) |
---|---|
⚠
Important Note Before we go ahead and make this case insensitive, please review this issue where owasp
and OWASP
are two different identifiers. So that situation may apply here, a further investigation or spike may be ideal before proceeding with the change.
Examples
Uppercase (doesn't work): https://gitlab.com/gitlab-org/gitlab/-/security/vulnerabilities/87403038
Lowercase (works): https://gitlab.com/gitlab-org/govern/threat-insights-demos/personal-test-projects/webgoat.net/-/security/vulnerabilities/82203646
Implementation plan
- Update the
ALLOWED_IDENTIFIER_LIST
constants in URL finders to allow theCWE
(uppercase) type. - Add rspec test to confirm the conversion takes place
Edited by Mehmet Emin INAC