feature: add CAPEC field (haskell#158)

README.md

@@ -36,6 +36,9 @@ date = 2021-01-31
 # Optional: Classification of the advisory with respect to the Common Weakness Enumeration.
 cwe = [820]
 
+# Optional: Classification of the advisory with respect to the Common Attack Pattern Enumerations and Classifications.
+capec = [123]
+
 # Arbitrary keywords.  We recommend to include keywords relating
 # to the protocols, data formats or services pertaining to the
 # affected package (e.g. "json", "tls", "aws").  You can also

code/hsec-core/src/Security/Advisories/Core/Advisory.hs

@@ -4,6 +4,7 @@ module Security.Advisories.Core.Advisory
   ( Advisory(..)
     -- * Supporting types
   , Affected(..)
+  , CAPEC(..)
   , CWE(..)
   , Architecture(..)
   , AffectedVersionRange(..)
@@ -27,6 +28,7 @@ data Advisory = Advisory
   { advisoryId :: HsecId
   , advisoryModified :: ZonedTime
   , advisoryPublished :: ZonedTime
+  , advisoryCAPECs :: [CAPEC]
   , advisoryCWEs :: [CWE]
   , advisoryKeywords :: [Keyword]
   , advisoryAliases :: [Text]
@@ -54,6 +56,9 @@ data Affected = Affected
   }
   deriving stock (Show)
 
+newtype CAPEC = CAPEC {unCAPEC :: Integer}
+  deriving stock (Show)
+
 newtype CWE = CWE {unCWE :: Integer}
   deriving stock (Show)
 

code/hsec-tools/src/Security/Advisories/Parse.hs

@@ -171,6 +171,7 @@ parseAdvisoryTable oob policy doc summary details html tab =
         { advisoryId = amdId (frontMatterAdvisory fm)
         , advisoryPublished = published
         , advisoryModified = modified
+        , advisoryCAPECs = amdCAPECs (frontMatterAdvisory fm)
         , advisoryCWEs = amdCWEs (frontMatterAdvisory fm)
         , advisoryKeywords = amdKeywords (frontMatterAdvisory fm)
         , advisoryAliases = amdAliases (frontMatterAdvisory fm)
@@ -218,6 +219,7 @@ data AdvisoryMetadata = AdvisoryMetadata
   { amdId         :: HsecId
   , amdModified   :: Maybe ZonedTime
   , amdPublished  :: Maybe ZonedTime
+  , amdCAPECs     :: [CAPEC]
   , amdCWEs       :: [CWE]
   , amdKeywords   :: [Keyword]
   , amdAliases    :: [T.Text]
@@ -230,15 +232,17 @@ instance Toml.FromValue AdvisoryMetadata where
       published   <- Toml.optKeyOf "date" getDefaultedZonedTime
       modified    <- Toml.optKeyOf "modified"  getDefaultedZonedTime
       let optList key = fromMaybe [] <$> Toml.optKey key
-      cats        <- optList "cwe"
+      capecs      <- optList "capec"
+      cwes        <- optList "cwe"
       kwds        <- optList "keywords"
       aliases     <- optList "aliases"
       related     <- optList "related"
       pure AdvisoryMetadata
         { amdId = identifier
         , amdModified = modified
         , amdPublished = published
-        , amdCWEs = cats
+        , amdCAPECs = capecs
+        , amdCWEs = cwes
         , amdKeywords = kwds
         , amdAliases = aliases
         , amdRelated = related
@@ -252,6 +256,7 @@ instance Toml.ToTable AdvisoryMetadata where
     ["id"        Toml..= amdId x] ++
     ["modified"  Toml..= y | Just y <- [amdModified x]] ++
     ["date"      Toml..= y | Just y <- [amdPublished x]] ++
+    ["capec"     Toml..= amdCAPECs x | not (null (amdCAPECs x))] ++
     ["cwe"       Toml..= amdCWEs x | not (null (amdCWEs x))] ++
     ["keywords"  Toml..= amdKeywords x | not (null (amdKeywords x))] ++
     ["aliases"   Toml..= amdAliases x | not (null (amdAliases x))] ++
@@ -317,6 +322,12 @@ instance Toml.FromValue HsecId where
 instance Toml.ToValue HsecId where
   toValue = Toml.toValue . printHsecId
 
+instance Toml.FromValue CAPEC where
+  fromValue v = CAPEC <$> Toml.fromValue v
+
+instance Toml.ToValue CAPEC where
+  toValue (CAPEC x) = Toml.toValue x
+
 instance Toml.FromValue CWE where
   fromValue v = CWE <$> Toml.fromValue v
 

code/hsec-tools/test/Spec/QueriesSpec.hs

@@ -108,6 +108,7 @@ mkAdvisory versionRange =
      { advisoryId = fromMaybe (error "Cannot mkHsecId") $ mkHsecId 2023 42
      , advisoryModified = read "2023-01-01T00:00:00"
      , advisoryPublished = read "2023-01-01T00:00:00"
+     , advisoryCAPECs = []
      , advisoryCWEs = []
      , advisoryKeywords = []
      , advisoryAliases = [ "CVE-2022-XXXX" ]

code/hsec-tools/test/golden/EXAMPLE_ADVISORY.md.golden

@@ -3,6 +3,7 @@ Right
         { advisoryId = HSEC-0000-0000
         , advisoryModified = 1970-01-01 00:00:00 UTC
         , advisoryPublished = 1970-01-01 00:00:00 UTC
+        , advisoryCAPECs = []
         , advisoryCWEs = []
         , advisoryKeywords =
             [ "example"