chore: renamed files and variables

alerts.json

@@ -0,0 +1,101 @@
+{
+  "webgoat-demo-2": {
+    "1": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "2": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "3": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "4": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "5": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "6": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "7": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "8": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "9": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "10": [
+      "cwe-020",
+      "cwe-080",
+      "cwe-116"
+    ],
+    "11": [
+      "cwe-020",
+      "cwe-080",
+      "cwe-116"
+    ],
+    "12": [
+      "cwe-020"
+    ]
+  },
+  "webgoat-demo-mb": {
+    "1": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "2": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "3": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "4": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "5": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "6": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "7": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "8": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "9": [
+      "cwe-079",
+      "cwe-116"
+    ],
+    "10": [
+      "cwe-020",
+      "cwe-080",
+      "cwe-116"
+    ],
+    "11": [
+      "cwe-020",
+      "cwe-080",
+      "cwe-116"
+    ]
+  }
+}

mapping.csv

@@ -0,0 +1,24 @@
+repo_name,alert_no,risk,cwe_id
+webgoat-demo-2,1,A03:2021 – Injection,cwe-079
+webgoat-demo-2,2,A03:2021 – Injection,cwe-079
+webgoat-demo-2,3,A03:2021 – Injection,cwe-079
+webgoat-demo-2,4,A03:2021 – Injection,cwe-079
+webgoat-demo-2,5,A03:2021 – Injection,cwe-079
+webgoat-demo-2,6,A03:2021 – Injection,cwe-079
+webgoat-demo-2,7,A03:2021 – Injection,cwe-079
+webgoat-demo-2,8,A03:2021 – Injection,cwe-079
+webgoat-demo-2,9,A03:2021 – Injection,cwe-079
+webgoat-demo-2,10,A03:2021 – Injection,cwe-020
+webgoat-demo-2,11,A03:2021 – Injection,cwe-020
+webgoat-demo-2,12,A03:2021 – Injection,cwe-020
+webgoat-demo-mb,1,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,2,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,3,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,4,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,5,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,6,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,7,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,8,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,9,A03:2021 – Injection,cwe-079
+webgoat-demo-mb,10,A03:2021 – Injection,cwe-020
+webgoat-demo-mb,11,A03:2021 – Injection,cwe-020

owasp10.json

@@ -0,0 +1,218 @@
+{
+  "A01:2021 – Broken Access Control": [
+    "CWE-22",
+    "CWE-23",
+    "CWE-35",
+    "CWE-59",
+    "CWE-200",
+    "CWE-201",
+    "CWE-219",
+    "CWE-264",
+    "CWE-275",
+    "CWE-276",
+    "CWE-284",
+    "CWE-285",
+    "CWE-352",
+    "CWE-359",
+    "CWE-377",
+    "CWE-402",
+    "CWE-425",
+    "CWE-441",
+    "CWE-497",
+    "CWE-538",
+    "CWE-540",
+    "CWE-548",
+    "CWE-552",
+    "CWE-566",
+    "CWE-601",
+    "CWE-639",
+    "CWE-651",
+    "CWE-668",
+    "CWE-706",
+    "CWE-862",
+    "CWE-863",
+    "CWE-913",
+    "CWE-922",
+    "CWE-1275"
+  ],
+  "A02:2021 – Cryptographic Failures": [
+    "CWE-261",
+    "CWE-296",
+    "CWE-310",
+    "CWE-319",
+    "CWE-321",
+    "CWE-322",
+    "CWE-323",
+    "CWE-324",
+    "CWE-325",
+    "CWE-326",
+    "CWE-327",
+    "CWE-328",
+    "CWE-329",
+    "CWE-330",
+    "CWE-331",
+    "CWE-335",
+    "CWE-336",
+    "CWE-337",
+    "CWE-338",
+    "CWE-340",
+    "CWE-347",
+    "CWE-523",
+    "CWE-720",
+    "CWE-757",
+    "CWE-759",
+    "CWE-760",
+    "CWE-780",
+    "CWE-818",
+    "CWE-916"
+  ],
+  "A03:2021 – Injection": [
+    "CWE-20",
+    "CWE-74",
+    "CWE-75",
+    "CWE-77",
+    "CWE-78",
+    "CWE-79",
+    "CWE-80",
+    "CWE-83",
+    "CWE-87",
+    "CWE-88",
+    "CWE-89",
+    "CWE-90",
+    "CWE-91",
+    "CWE-93",
+    "CWE-94",
+    "CWE-95",
+    "CWE-96",
+    "CWE-97",
+    "CWE-98",
+    "CWE-99",
+    "CWE-100",
+    "CWE-113",
+    "CWE-116",
+    "CWE-138",
+    "CWE-184",
+    "CWE-470",
+    "CWE-471",
+    "CWE-564",
+    "CWE-610",
+    "CWE-643",
+    "CWE-644",
+    "CWE-652",
+    "CWE-917"
+  ],
+  "A04:2021 – Insecure Design": [
+    "CWE-73",
+    "CWE-183",
+    "CWE-209",
+    "CWE-213",
+    "CWE-235",
+    "CWE-256",
+    "CWE-257",
+    "CWE-266",
+    "CWE-269",
+    "CWE-280",
+    "CWE-311",
+    "CWE-312",
+    "CWE-313",
+    "CWE-316",
+    "CWE-419",
+    "CWE-430",
+    "CWE-434",
+    "CWE-444",
+    "CWE-451",
+    "CWE-472",
+    "CWE-501",
+    "CWE-522",
+    "CWE-525",
+    "CWE-539",
+    "CWE-579",
+    "CWE-598",
+    "CWE-602",
+    "CWE-642",
+    "CWE-646",
+    "CWE-650",
+    "CWE-653",
+    "CWE-656",
+    "CWE-657",
+    "CWE-799",
+    "CWE-807",
+    "CWE-840",
+    "CWE-841",
+    "CWE-927",
+    "CWE-1021",
+    "CWE-1173"
+  ],
+  "A05:2021 – Security Misconfiguration": [
+    "CWE-2",
+    "CWE-11",
+    "CWE-13",
+    "CWE-15",
+    "CWE-16",
+    "CWE-260",
+    "CWE-315",
+    "CWE-520",
+    "CWE-526",
+    "CWE-537",
+    "CWE-541",
+    "CWE-547",
+    "CWE-611",
+    "CWE-614",
+    "CWE-756",
+    "CWE-776",
+    "CWE-942",
+    "CWE-1004",
+    "CWE-1032",
+    "CWE-1174"
+  ],
+  "A06:2021 – Vulnerable and Outdated Components": [
+    "CWE-937",
+    "CWE-1035",
+    "CWE-1104"
+  ],
+  "A07:2021 – Identification and Authentication Failures": [
+    "CWE-255",
+    "CWE-259",
+    "CWE-287",
+    "CWE-288",
+    "CWE-290",
+    "CWE-294",
+    "CWE-295",
+    "CWE-297",
+    "CWE-300",
+    "CWE-302",
+    "CWE-304",
+    "CWE-306",
+    "CWE-307",
+    "CWE-346",
+    "CWE-384",
+    "CWE-521",
+    "CWE-613",
+    "CWE-620",
+    "CWE-640",
+    "CWE-798",
+    "CWE-940",
+    "CWE-1216"
+  ],
+  "A08:2021 – Software and Data Integrity Failures": [
+    "CWE-345",
+    "CWE-353",
+    "CWE-426",
+    "CWE-494",
+    "CWE-502",
+    "CWE-565",
+    "CWE-784",
+    "CWE-829",
+    "CWE-830",
+    "CWE-915"
+  ],
+  "A09:2021 – Security Logging and Monitoring Failures": [
+    "CWE-117",
+    "CWE-223",
+    "CWE-532",
+    "CWE-778"
+  ],
+  "A10:2021 – Server-Side Request Forgery (SSRF)": [
+    "CWE-918"
+  ]
+}

src/main.js

@@ -1,8 +1,8 @@
 // Imports
 const fs = require('fs')
-const alertExtractor = require('./src/alert-extractor')
-const owasp10 = require('./src/owasp-top10')
-const mapControlsToAlerts = require('./src/map')
+const alertExtractor = require('./src/securityalerts')
+const owasp10 = require('./src/owasp10risks')
+const mapRisksToAlerts = require('./src/map')
 const core = require('@actions/core')
 const path = require('path')
 
@@ -11,7 +11,7 @@ const owaspData = 'data/Top10/2021/docs/'
 const indexFile = 'index.md'
 
 // Constants
-const controlsFile = 'controls.json'
+const risksFile = 'risks.json'
 const alertsFile = 'alerts.json'
 const mappingFile = 'mapping.csv'
 
@@ -23,21 +23,21 @@ try {
   const alerts = await alertExtractor(org, token)
   fs.writeFileSync(alertsFile, JSON.stringify(alerts))
 
-  // Extract controls from OWASP Top 10 data
-  const controls = await owasp10(owaspData, indexFile)
-  fs.writeFileSync(controlsFile, JSON.stringify(controls))
+  // Extract risks from OWASP Top 10 data
+  const risks = await owasp10(owaspData, indexFile)
+  fs.writeFileSync(risksFile, JSON.stringify(risks))
 
-  if (!fs.existsSync(controlsFile)) {
-    throw new Error(`File ${controlsFile} does not exist.`)
+  if (!fs.existsSync(risksFile)) {
+    throw new Error(`File ${risksFile} does not exist.`)
   }
 
   if (!fs.existsSync(alertsFile)) {
     throw new Error(`File ${alertsFile} does not exist.`)
   }
 
-  // Map controls to alerts
-  const mapping = await mapControlsToAlerts(
-    controlsFile,
+  // Map risks to alerts
+  const mapping = await mapRisksToAlerts(
+    risksFile,
     alertsFile,
     mappingFile
   )