From 678e72a8b6394fec9f3722b12c5b41e65e57260e Mon Sep 17 00:00:00 2001
From: Kota Kanbe <kotakanbe@gmail.com>
Date: Mon, 29 Oct 2018 21:21:20 +0900
Subject: [PATCH] fix(gost): a bug of parseCwe (#726)

---
 gost/redhat.go      | 25 +++++++++++++++----------
 gost/redhat_test.go | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+), 10 deletions(-)
 create mode 100644 gost/redhat_test.go

diff --git a/gost/redhat.go b/gost/redhat.go
index 17bd1d84..0d7779cc 100644
--- a/gost/redhat.go
+++ b/gost/redhat.go
@@ -208,18 +208,23 @@ func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPa
 	return
 }
 
-// ConvertToModel converts gost model to vuls model
-func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
-	cwes := []string{}
-	if cve.Cwe != "" {
-		s := strings.TrimPrefix(cve.Cwe, "(")
-		s = strings.TrimSuffix(s, ")")
-		if strings.Contains(cve.Cwe, "|") {
-			cwes = strings.Split(cve.Cwe, "|")
-		} else {
-			cwes = strings.Split(s, "->")
+func (red RedHat) parseCwe(str string) (cwes []string) {
+	if str != "" {
+		s := strings.Replace(str, "(", "|", -1)
+		s = strings.Replace(s, ")", "|", -1)
+		s = strings.Replace(s, "->", "|", -1)
+		for _, s := range strings.Split(s, "|") {
+			if s != "" {
+				cwes = append(cwes, s)
+			}
 		}
 	}
+	return
+}
+
+// ConvertToModel converts gost model to vuls model
+func (red RedHat) ConvertToModel(cve *gostmodels.RedhatCVE) *models.CveContent {
+	cwes := red.parseCwe(cve.Cwe)
 
 	details := []string{}
 	for _, detail := range cve.Details {
diff --git a/gost/redhat_test.go b/gost/redhat_test.go
new file mode 100644
index 00000000..72eb5f66
--- /dev/null
+++ b/gost/redhat_test.go
@@ -0,0 +1,37 @@
+package gost
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+)
+
+func TestParseCwe(t *testing.T) {
+	var tests = []struct {
+		in  string
+		out []string
+	}{
+		{
+			in:  "CWE-665->(CWE-200|CWE-89)",
+			out: []string{"CWE-665", "CWE-200", "CWE-89"},
+		},
+		{
+			in:  "CWE-841->CWE-770->CWE-454",
+			out: []string{"CWE-841", "CWE-770", "CWE-454"},
+		},
+		{
+			in:  "(CWE-122|CWE-125)",
+			out: []string{"CWE-122", "CWE-125"},
+		},
+	}
+
+	r := RedHat{}
+	for i, tt := range tests {
+		out := r.parseCwe(tt.in)
+		sort.Strings(out)
+		sort.Strings(tt.out)
+		if !reflect.DeepEqual(tt.out, out) {
+			t.Errorf("[%d]expected: %s, actual: %s", i, tt.out, out)
+		}
+	}
+}