Add CVE and CWE roles (#11781)

Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
2025-02-25 18:55:22 -06:00 · 2024-10-05 20:44:14 +03:00 · 2024-10-05 20:44:14 +03:00 · 09ab6edde5
commit 09ab6edde5
parent f7fa020cc2
5 changed files with 196 additions and 0 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -59,6 +59,9 @@ Features added
  such as :py:mod:`time` or :py:mod:`datetime` in :file:`conf.py`.
  See :ref:`the docs <config-copyright>` for further detail.
  Patch by Adam Turner.
+* #11781: Add roles for referencing CVEs (:rst:role:`:cve: <cve>`)
+  and CWEs (:rst:role:`:cwe: <cwe>`).
+  Patch by Hugo van Kemenade.

 Bugs fixed
 ----------
--- a/doc/usage/restructuredtext/roles.rst
+++ b/doc/usage/restructuredtext/roles.rst
@ -249,6 +249,34 @@ There is also an :rst:role:`index` role to generate index entries.

 The following roles generate external links:

+.. rst:role:: cve
+
+   A reference to a `Common Vulnerabilities and Exposures`_ record.
+   This generates appropriate index entries.
+   The text "CVE *number*\ " is generated;
+   with a link to an online copy of the specified CVE.
+   You can link to a specific section by using ``:cve:`number#anchor```.
+
+   .. _Common Vulnerabilities and Exposures: https://www.cve.org/
+
+   For example: :cve:`2020-10735`
+
+   .. versionadded:: 8.1
+
+.. rst:role:: cwe
+
+   A reference to a `Common Weakness Enumeration`_.
+   This generates appropriate index entries.
+   The text "CWE *number*\ " is generated; in the HTML output,
+   with a link to an online copy of the specified CWE.
+   You can link to a specific section by using ``:cwe:`number#anchor```.
+
+   .. _Common Weakness Enumeration: https://cwe.mitre.org/
+
+   For example: :cwe:`787`
+
+   .. versionadded:: 8.1
+
 .. rst:role:: pep

   A reference to a Python Enhancement Proposal.  This generates appropriate
--- a/sphinx/environment/init.py
+++ b/sphinx/environment/init.py
@ -53,6 +53,10 @@ default_settings: dict[str, Any] = {
    'image_loading': 'link',
    'embed_stylesheet': False,
    'cloak_email_addresses': True,
+    'cve_base_url': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-',
+    'cve_references': None,
+    'cwe_base_url': 'https://cwe.mitre.org/data/definitions/',
+    'cwe_references': None,
    'pep_base_url': 'https://peps.python.org/',
    'pep_references': None,
    'rfc_base_url': 'https://datatracker.ietf.org/doc/html/',
--- a/sphinx/roles.py
+++ b/sphinx/roles.py
@ -196,6 +196,94 @@ class AnyXRefRole(XRefRole):
        return result


+class CVE(ReferenceRole):
+    def run(self) -> tuple[list[Node], list[system_message]]:
+        target_id = f'index-{self.env.new_serialno("index")}'
+        entries = [
+            (
+                'single',
+                _('Common Vulnerabilities and Exposures; CVE %s') % self.target,
+                target_id,
+                '',
+                None,
+            )
+        ]
+
+        index = addnodes.index(entries=entries)
+        target = nodes.target('', '', ids=[target_id])
+        self.inliner.document.note_explicit_target(target)
+
+        try:
+            refuri = self.build_uri()
+            reference = nodes.reference(
+                '', '', internal=False, refuri=refuri, classes=['cve']
+            )
+            if self.has_explicit_title:
+                reference += nodes.strong(self.title, self.title)
+            else:
+                title = f'CVE {self.title}'
+                reference += nodes.strong(title, title)
+        except ValueError:
+            msg = self.inliner.reporter.error(
+                __('invalid CVE number %s') % self.target, line=self.lineno
+            )
+            prb = self.inliner.problematic(self.rawtext, self.rawtext, msg)
+            return [prb], [msg]
+
+        return [index, target, reference], []
+
+    def build_uri(self) -> str:
+        base_url = self.inliner.document.settings.cve_base_url
+        ret = self.target.split('#', 1)
+        if len(ret) == 2:
+            return f'{base_url}{ret[0]}#{ret[1]}'
+        return f'{base_url}{ret[0]}'
+
+
+class CWE(ReferenceRole):
+    def run(self) -> tuple[list[Node], list[system_message]]:
+        target_id = f'index-{self.env.new_serialno("index")}'
+        entries = [
+            (
+                'single',
+                _('Common Weakness Enumeration; CWE %s') % self.target,
+                target_id,
+                '',
+                None,
+            )
+        ]
+
+        index = addnodes.index(entries=entries)
+        target = nodes.target('', '', ids=[target_id])
+        self.inliner.document.note_explicit_target(target)
+
+        try:
+            refuri = self.build_uri()
+            reference = nodes.reference(
+                '', '', internal=False, refuri=refuri, classes=['cwe']
+            )
+            if self.has_explicit_title:
+                reference += nodes.strong(self.title, self.title)
+            else:
+                title = f'CWE {self.title}'
+                reference += nodes.strong(title, title)
+        except ValueError:
+            msg = self.inliner.reporter.error(
+                __('invalid CWE number %s') % self.target, line=self.lineno
+            )
+            prb = self.inliner.problematic(self.rawtext, self.rawtext, msg)
+            return [prb], [msg]
+
+        return [index, target, reference], []
+
+    def build_uri(self) -> str:
+        base_url = self.inliner.document.settings.cwe_base_url
+        ret = self.target.split('#', 1)
+        if len(ret) == 2:
+            return f'{base_url}{int(ret[0])}.html#{ret[1]}'
+        return f'{base_url}{int(ret[0])}.html'
+
+
 class PEP(ReferenceRole):
    def run(self) -> tuple[list[Node], list[system_message]]:
        target_id = 'index-%s' % self.env.new_serialno('index')
@ -454,12 +542,17 @@ specific_docroles: dict[str, RoleFunction] = {
    'download': XRefRole(nodeclass=addnodes.download_reference),
    # links to anything
    'any': AnyXRefRole(warn_dangling=True),
+    # external links
+    'cve': CVE(),
+    'cwe': CWE(),
    'pep': PEP(),
    'rfc': RFC(),
+    # emphasised things
    'guilabel': GUILabel(),
    'menuselection': MenuSelection(),
    'file': EmphasizedLiteral(),
    'samp': EmphasizedLiteral(),
+    # other
    'abbr': Abbreviation(),
    'manpage': Manpage(),
 }
--- a/tests/test_markup/test_markup.py
+++ b/tests/test_markup/test_markup.py
@ -160,6 +160,74 @@ def get_verifier(verify, verify_re):
@pytest.mark.parametrize(
    ('type', 'rst', 'html_expected', 'latex_expected'),
    [
+        (
+            # cve role
+            'verify',
+            ':cve:`2020-10735`',
+            (
+                '<p><span class="target" id="index-0"></span><a class="cve reference external" '
+                'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">'
+                '<strong>CVE 2020-10735</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+                '!CVE 2020\\sphinxhyphen{}10735@\\spxentry{CVE 2020\\sphinxhyphen{}10735}}'
+                '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735}'
+                '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735}}'
+            ),
+        ),
+        (
+            # cve role with anchor
+            'verify',
+            ':cve:`2020-10735#id1`',
+            (
+                '<p><span class="target" id="index-0"></span><a class="cve reference external" '
+                'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735#id1">'
+                '<strong>CVE 2020-10735#id1</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+                '!CVE 2020\\sphinxhyphen{}10735\\#id1@\\spxentry{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
+                '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735\\#id1}'
+                '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
+            ),
+        ),
+        (
+            # cwe role
+            'verify',
+            ':cwe:`787`',
+            (
+                '<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+                'href="https://cwe.mitre.org/data/definitions/787.html">'
+                '<strong>CWE 787</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+                '!CWE 787@\\spxentry{CWE 787}}'
+                '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
+                '{\\sphinxstylestrong{CWE 787}}'
+            ),
+        ),
+        (
+            # cwe role with anchor
+            'verify',
+            ':cwe:`787#id1`',
+            (
+                '<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+                'href="https://cwe.mitre.org/data/definitions/787.html#id1">'
+                '<strong>CWE 787#id1</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+                '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}'
+                '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
+                '{\\sphinxstylestrong{CWE 787\\#id1}}'
+            ),
+        ),
        (
            # pep role
            'verify',