From 2df98f5b6b48afc3193a66b11b328ea46c609a1c Mon Sep 17 00:00:00 2001
From: Tushar Goel <tushar.goel.dav@gmail.com>
Date: Thu, 3 Aug 2023 00:22:10 +0530
Subject: [PATCH 01/11] Remove weaknesses from view which are not in DB

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
---
 vulnerabilities/models.py            | 18 ++++++++++++++----
 vulnerabilities/tests/test_models.py |  6 ++++++
 vulnerabilities/views.py             |  4 +++-
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index 16c93002f..1de3aa00e 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -275,17 +275,27 @@ class Weakness(models.Model):
     vulnerabilities = models.ManyToManyField(Vulnerability, related_name="weaknesses")
     db = Database()
 
+    @property
+    def weakness(self):
+        """
+        Return a queryset of Weakness for this vulnerability.
+        """
+        try:
+            weakness = self.db.get(self.cwe_id)
+            return weakness
+        except Exception as e:
+            logger.warning(f"Could not find CWE {self.cwe_id}: {e}")
+            return None
+
     @property
     def name(self):
         """Return the weakness's name."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.name
+        return self.weakness.name if self.weakness else ""
 
     @property
     def description(self):
         """Return the weakness's description."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.description
+        return self.weakness.description if self.weakness else ""
 
 
 class VulnerabilityReferenceQuerySet(BaseQuerySet):
diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py
index 58b95af80..3daeca99a 100644
--- a/vulnerabilities/tests/test_models.py
+++ b/vulnerabilities/tests/test_models.py
@@ -88,3 +88,9 @@ def test_vulnerability_package(self):
 
         assert v1.vulnerable_packages.all()[0] == p1
         assert v1.patched_packages.all()[0] == p2
+
+    def test_cwe_not_present_in_weaknesses_db(self):
+        w1 = models.Weakness.objects.create(name="189")
+        assert w1.weakness is None
+        assert w1.name is ""
+        assert w1.description is ""
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
index e96f43a6d..c1362b234 100644
--- a/vulnerabilities/views.py
+++ b/vulnerabilities/views.py
@@ -116,6 +116,8 @@ def get_queryset(self):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+        weaknesses = self.object.weaknesses.all()
+        weaknesses_present_in_db = [weakness for weakness in weaknesses if weakness.weakness]
         context.update(
             {
                 "vulnerability": self.object,
@@ -125,7 +127,7 @@ def get_context_data(self, **kwargs):
                 "aliases": self.object.aliases.all(),
                 "affected_packages": self.object.affected_packages.all(),
                 "fixed_by_packages": self.object.fixed_by_packages.all(),
-                "weaknesses": self.object.weaknesses.all(),
+                "weaknesses": weaknesses_present_in_db,
             }
         )
         return context

From 3dab8592b10a30b5e4b72a14457f60d2782079a9 Mon Sep 17 00:00:00 2001
From: Tushar Goel <tushar.goel.dav@gmail.com>
Date: Thu, 3 Aug 2023 00:31:33 +0530
Subject: [PATCH 02/11] Add CHANGELOG

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
---
 CHANGELOG.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index bd93a9ee7..ab62b1b1f 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -2,6 +2,13 @@ Release notes
 =============
 
 
+Next Release
+------------
+
+- We filtered out the weakness that are not presented in the 
+  cwe2.database before passing them into the vulnerability details view. 
+
+
 Version v33.2.0
 -----------------
 

From ef7bbb4f151f86230c4ae281ea9039d5c9f92d37 Mon Sep 17 00:00:00 2001
From: Tushar Goel <tushar.goel.dav@gmail.com>
Date: Thu, 3 Aug 2023 12:25:10 +0530
Subject: [PATCH 03/11] Address review comments

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
---
 vulnerabilities/models.py | 1 -
 vulnerabilities/views.py  | 4 +++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index 1de3aa00e..809b3c4f6 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -285,7 +285,6 @@ def weakness(self):
             return weakness
         except Exception as e:
             logger.warning(f"Could not find CWE {self.cwe_id}: {e}")
-            return None
 
     @property
     def name(self):
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
index c1362b234..ae0d95d0d 100644
--- a/vulnerabilities/views.py
+++ b/vulnerabilities/views.py
@@ -117,7 +117,9 @@ def get_queryset(self):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         weaknesses = self.object.weaknesses.all()
-        weaknesses_present_in_db = [weakness for weakness in weaknesses if weakness.weakness]
+        weaknesses_present_in_db = [
+            weakness_object for weakness_object in weaknesses if weakness_object.weakness
+        ]
         context.update(
             {
                 "vulnerability": self.object,

From bd6415694c5068202c279665e62046067a0bab0a Mon Sep 17 00:00:00 2001
From: Tushar Goel <tushar.goel.dav@gmail.com>
Date: Thu, 3 Aug 2023 12:39:05 +0530
Subject: [PATCH 04/11] Prepare for release v33.3.0

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
---
 CHANGELOG.rst              | 4 ++--
 setup.cfg                  | 2 +-
 vulnerablecode/__init__.py | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index ab62b1b1f..75de67dc2 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -2,8 +2,8 @@ Release notes
 =============
 
 
-Next Release
-------------
+Version v33.3.0
+----------------
 
 - We filtered out the weakness that are not presented in the 
   cwe2.database before passing them into the vulnerability details view. 
diff --git a/setup.cfg b/setup.cfg
index 4e987e97c..4231acd33 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = vulnerablecode
-version = 33.2.0
+version = 33.3.0
 license = Apache-2.0 AND CC-BY-SA-4.0
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py
index 735db72a2..f51a1691b 100644
--- a/vulnerablecode/__init__.py
+++ b/vulnerablecode/__init__.py
@@ -12,7 +12,7 @@
 import warnings
 from pathlib import Path
 
-__version__ = "33.2.0"
+__version__ = "33.3.0"
 
 
 def command_line():

From c98b681b0aacdb0ce04e676d8a213e2a8812bde5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 08:29:56 +0000
Subject: [PATCH 05/11] Bump cryptography from 41.0.0 to 41.0.3

Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.0 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.0...41.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 03340fd7e..b4cf39c3a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -16,7 +16,7 @@ cffi==1.15.0
 chardet==4.0.0
 charset-normalizer==2.0.12
 click==8.1.2
-cryptography==41.0.0
+cryptography==41.0.3
 decorator==5.1.1
 defusedxml==0.7.1
 distro==1.7.0

From 98055678b9efcc17a1bb8127f936f28f96de8c4f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 16:43:34 +0000
Subject: [PATCH 06/11] Bump pygments from 2.11.2 to 2.15.0

Bumps [pygments](https://github.com/pygments/pygments) from 2.11.2 to 2.15.0.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](https://github.com/pygments/pygments/compare/2.11.2...2.15.0)

---
updated-dependencies:
- dependency-name: pygments
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b4cf39c3a..b983b0b2d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -71,7 +71,7 @@ pure-eval==0.2.2
 py==1.11.0
 pycodestyle==2.8.0
 pycparser==2.21
-Pygments==2.11.2
+Pygments==2.15.0
 PyNaCl==1.5.0
 pyparsing==3.0.7
 pyrsistent==0.18.1

From eb1f024afbf9adfbc43b235570ac302cecbef458 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 16:48:11 +0000
Subject: [PATCH 07/11] Bump django from 4.1.7 to 4.1.10

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.1.10.
- [Commits](https://github.com/django/django/compare/4.1.7...4.1.10)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index b983b0b2d..9fa8d7c5d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20,7 +20,7 @@ cryptography==41.0.3
 decorator==5.1.1
 defusedxml==0.7.1
 distro==1.7.0
-Django==4.1.7
+Django==4.1.10
 django-crispy-forms==1.10.0
 django-environ==0.8.1
 django-filter==21.1

From 6ce4677569963fd894e088b6f2f76af5d73e92ca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 16:58:22 +0000
Subject: [PATCH 08/11] Bump certifi from 2022.12.7 to 2023.7.22

Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2022.12.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 9fa8d7c5d..77bddea2d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,7 +11,7 @@ beautifulsoup4==4.10.0
 binaryornot==0.4.4
 black==22.3.0
 boolean.py==3.8
-certifi==2022.12.7
+certifi==2023.7.22
 cffi==1.15.0
 chardet==4.0.0
 charset-normalizer==2.0.12

From e17da78c7a338dea44e89a8d629c8da2e5848768 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:06:42 +0000
Subject: [PATCH 09/11] Bump sqlparse from 0.4.2 to 0.4.4

Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.2 to 0.4.4.
- [Release notes](https://github.com/andialbrecht/sqlparse/releases)
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](https://github.com/andialbrecht/sqlparse/compare/0.4.2...0.4.4)

---
updated-dependencies:
- dependency-name: sqlparse
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 77bddea2d..a2b18f48f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -98,7 +98,7 @@ sphinxcontrib-htmlhelp==2.0.0
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==1.0.3
 sphinxcontrib-serializinghtml==1.1.5
-sqlparse==0.4.2
+sqlparse==0.4.4
 stack-data==0.2.0
 stevedore==3.5.0
 texttable==1.6.4

From c7672363633d0a5dff0512671acfb853290956ef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Aug 2023 17:13:00 +0000
Subject: [PATCH 10/11] Bump requests from 2.27.1 to 2.31.0

Bumps [requests](https://github.com/psf/requests) from 2.27.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.27.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index a2b18f48f..9b2459527 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -81,7 +81,7 @@ python-dateutil==2.8.2
 python-dotenv==0.20.0
 pytz==2022.1
 PyYAML==6.0.1
-requests==2.27.1
+requests==2.31.0
 restructuredtext-lint==1.4.0
 saneyaml==0.6.0
 semantic-version==2.9.0

From c0796fa989650295099a99546f230e05a10e870c Mon Sep 17 00:00:00 2001
From: Hritik Vijay <7457065+Hritik14@users.noreply.github.com>
Date: Tue, 8 Aug 2023 09:40:04 +0530
Subject: [PATCH 11/11] Add venv activation

Signed-off-by: Hritik Vijay <ping@hritik.sh>
---
 README.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.rst b/README.rst
index f41e968ee..0752fa0ce 100644
--- a/README.rst
+++ b/README.rst
@@ -105,6 +105,7 @@ On a Debian system, use this::
     git clone https://github.com/nexB/vulnerablecode.git && cd vulnerablecode
     make dev envfile postgres
     make test
+    source venv/bin/activate
     ./manage.py import vulnerabilities.importers.nginx.NginxImporter
     ./manage.py improve --all
     make run