feat: it is now possible to retrieve memberships

[alemagio]

Description

Now build creates a new json file similar to the hierarchy one but containing the memberships info of the weaknesses.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Related Issue

Fixes #1

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Checklist:

• I have updated the documentation (if required).
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.
• I added a picture of a cute animal cause it's fun

[alemagio]

I added a test with the same example provided by the issue, the results shows 4 memberships instead of the 2 shown on https://cwe.mitre.org/data/definitions/778.html
I checked the xml archive and it looks like the 778 appears in 4 Has_Member rows.
Is there something I am missing?

[lirantal]

Looks like I missed this one @alemagio, apologies on the delay. I've been behind on things (mac broke so sent it off to the labs!). I'll get to this soon!

[alemagio]

@lirantal no worries, as a seasoned Linux user I blame the mac anyway 😂

[lirantal]

@alemagio I think the way to find just the 2 categories that we see at the end of that 778 CWE page is to traverse through all the Category entries, find if a CWE like 778 is listed in the Relationships->Has_Member and if it is then you add the category.

Like this:

For 778, you should indeed find only 2 categories that have 778 as part of it, per the 778 CWE webpage.

Does it make sense?

[alemagio]

@lirantal
It does make sense.

I found it in 4 categories, I mean, I'm still learning so feel free to tell me if I'm doing something wrong 😅
This is from cwe-archive.xml

[lirantal]

Oh, I might have missed them!
Looks ok to me then 👍

[lirantal]

So we're good with this PR as is taking the data from https://github.com/OWASP/cwe-sdk-javascript/pull/7/files#diff-c7ee1fe8e949317fd2d30127d95e1ea1ec30cd65ccb2a2e7c427fd4ca05284a3R16 ?

[alemagio]

So we're good with this PR as is taking the data from https://github.com/OWASP/cwe-sdk-javascript/pull/7/files#diff-c7ee1fe8e949317fd2d30127d95e1ea1ec30cd65ccb2a2e7c427fd4ca05284a3R16 ?

Yes, when we build cwe-memberships.json is created (like we already do for cwe-hierarchy.json.
After that we can simply use the getMemberships method to retrieve the ids of the categories a certain weakness belongs to.
It would be possible to retrieve the entire category object if we want to, I was not sure, instead of just the id.

[lirantal]

Ok to go with the ID for now. I'll go ahead and merge. Thanks @alemagio 🙏

[github-actions]

🎉 This PR is included in version 1.1.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀