{
"cells": [
{
"cell_type": "code",
"execution_count": 18,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"from pymongo import MongoClient\n",
"import pandas as pd\n",
"import json\n",
"from bson.json_util import dumps\n",
"from pandas.io.json import json_normalize"
]
},
{
"cell_type": "code",
"execution_count": 102,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"client = MongoClient('mongodb://test:test@ds129796.mlab.com:29796/android-vulnerabilities')\n",
"db = client['android-vulnerabilities']\n",
"# LLAMADO A LA COLECCION JoinedVulnerabilitiesDateFormat\n",
"vulnerabilities = db['JoinedVulnerabilitiesDateFormat']"
]
},
{
"cell_type": "code",
"execution_count": 103,
"metadata": {},
"outputs": [],
"source": [
"def getRootAndSeverity():\n",
" return vulnerabilities.aggregate(\n",
" [\n",
" { \"$match\" : {\"webScrapingInformation.cweId\": {\"$ne\" : -1}}},\n",
" { \"$project\" : \n",
" { \n",
" \"_id\" : 0,\n",
" \"cwe\" : \"$webScrapingInformation.cweId\",\n",
" \"link\" : \"$webScrapingInformation.cweIdLink\",\n",
" \"CWE vulneratbility type\" : 1,\n",
" \"Severity\" : \"$webScrapingInformation.cvssScoreNVD2.severity\"\n",
" }\n",
" }\n",
" ]\n",
" )"
]
},
{
"cell_type": "code",
"execution_count": 104,
"metadata": {},
"outputs": [],
"source": [
"MongoResponse = getRootAndSeverity()\n",
"dataFrame = pd.DataFrame([])\n",
"dataFromMongoResponse = json.loads(dumps(MongoResponse))\n",
"dataFrameTemp = json_normalize(dataFromMongoResponse)\n",
"dataFrame = dataFrame.append(pd.DataFrame(dataFrameTemp))\n",
"dfResult = dataFrame.reset_index()"
]
},
{
"cell_type": "code",
"execution_count": 105,
"metadata": {},
"outputs": [],
"source": [
"dfResult = dfResult.groupby([\"cwe\",\"CWE vulneratbility type\",\"link\", \"Severity\"]).count().unstack('Severity')\n",
"dfResult = dfResult.fillna(0)"
]
},
{
"cell_type": "code",
"execution_count": 106,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"
\n",
"\n",
"
\n",
" \n",
" \n",
" | \n",
" | \n",
" Severity | \n",
" HIGH | \n",
" LOW | \n",
" MEDIUM | \n",
"
\n",
" \n",
" cwe | \n",
" CWE vulneratbility type | \n",
" link | \n",
" | \n",
" | \n",
" | \n",
"
\n",
" \n",
" \n",
" \n",
" 16 | \n",
" CWE-16: Configuration | \n",
" http://cwe.mitre.org/data/definitions/16.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 17 | \n",
" CWE-17: Code | \n",
" http://cwe.mitre.org/data/definitions/17.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 2.0 | \n",
"
\n",
" \n",
" 19 | \n",
" CWE-19: Data Handling | \n",
" http://cwe.mitre.org/data/definitions/19.html | \n",
" 3.0 | \n",
" 0.0 | \n",
" 5.0 | \n",
"
\n",
" \n",
" CWE-19: Data Processing Errors | \n",
" http://cwe.mitre.org/data/definitions/19.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 20 | \n",
" CWE-20: Improper Input Validation | \n",
" http://cwe.mitre.org/data/definitions/20.html | \n",
" 51.0 | \n",
" 0.0 | \n",
" 21.0 | \n",
"
\n",
" \n",
" 77 | \n",
" CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') | \n",
" http://cwe.mitre.org/data/definitions/77.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 89 | \n",
" CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | \n",
" http://cwe.mitre.org/data/definitions/89.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 94 | \n",
" CWE-94: Improper Control of Generation of Code ('Code Injection') | \n",
" http://cwe.mitre.org/data/definitions/94.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 119 | \n",
" CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | \n",
" http://cwe.mitre.org/data/definitions/119.html | \n",
" 154.0 | \n",
" 1.0 | \n",
" 16.0 | \n",
"
\n",
" \n",
" CWE-190: Integer Overflow or Wraparound | \n",
" http://cwe.mitre.org/data/definitions/119.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" CWE-200: Information Exposure | \n",
" http://cwe.mitre.org/data/definitions/119.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 125 | \n",
" CWE-125: Out-of-bounds Read | \n",
" http://cwe.mitre.org/data/definitions/125.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 6.0 | \n",
"
\n",
" \n",
" 129 | \n",
" CWE-129: Improper Validation of Array Index | \n",
" http://cwe.mitre.org/data/definitions/129.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 172 | \n",
" CWE-172: Encoding Error | \n",
" http://cwe.mitre.org/data/definitions/172.html | \n",
" 4.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 189 | \n",
" CWE-189: Numeric Errors | \n",
" http://cwe.mitre.org/data/definitions/189.html | \n",
" 23.0 | \n",
" 0.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 190 | \n",
" CWE-190: Integer Overflow or Wraparound | \n",
" http://cwe.mitre.org/data/definitions/190.html | \n",
" 11.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 191 | \n",
" CWE-191: Integer Underflow (Wrap or Wraparound) | \n",
" http://cwe.mitre.org/data/definitions/191.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 200 | \n",
" CWE-200: Information Exposure | \n",
" http://cwe.mitre.org/data/definitions/200.html | \n",
" 5.0 | \n",
" 56.0 | \n",
" 135.0 | \n",
"
\n",
" \n",
" CWE-200: Information exposure | \n",
" http://cwe.mitre.org/data/definitions/200.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 6.0 | \n",
"
\n",
" \n",
" 254 | \n",
" CWE-254: Security Features | \n",
" http://cwe.mitre.org/data/definitions/254.html | \n",
" 4.0 | \n",
" 0.0 | \n",
" 10.0 | \n",
"
\n",
" \n",
" 255 | \n",
" CWE-255: Credentials Management | \n",
" http://cwe.mitre.org/data/definitions/255.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 264 | \n",
" CWE-16: Configuration | \n",
" http://cwe.mitre.org/data/definitions/264.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" CWE-264: Permissions, Privileges, and Access Controls | \n",
" http://cwe.mitre.org/data/definitions/264.html | \n",
" 416.0 | \n",
" 4.0 | \n",
" 81.0 | \n",
"
\n",
" \n",
" CWE-264: Permissions, Privileges, and Access Controls | \n",
" http://cwe.mitre.org/data/definitions/264.html | \n",
" 17.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 275 | \n",
" CWE-275: Permission Issues | \n",
" http://cwe.mitre.org/data/definitions/275.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 284 | \n",
" CWE-264: Permissions, Privileges, and Access Controls | \n",
" http://cwe.mitre.org/data/definitions/284.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 2.0 | \n",
"
\n",
" \n",
" CWE-284: Improper Access Control | \n",
" http://cwe.mitre.org/data/definitions/284.html | \n",
" 38.0 | \n",
" 1.0 | \n",
" 28.0 | \n",
"
\n",
" \n",
" CWE-284: Improper access control | \n",
" http://cwe.mitre.org/data/definitions/284.html | \n",
" 2.0 | \n",
" 0.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 285 | \n",
" CWE-285: Improper Authorization | \n",
" http://cwe.mitre.org/data/definitions/285.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 287 | \n",
" CWE-287: Improper Authentication | \n",
" http://cwe.mitre.org/data/definitions/287.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 310 | \n",
" CWE-310: Cryptographic Issues | \n",
" http://cwe.mitre.org/data/definitions/310.html | \n",
" 2.0 | \n",
" 1.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 345 | \n",
" CWE-345: Insufficient Verification of Data Authenticity | \n",
" http://cwe.mitre.org/data/definitions/345.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 352 | \n",
" CWE-352: Cross-Site Request Forgery (CSRF) | \n",
" http://cwe.mitre.org/data/definitions/352.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 358 | \n",
" CWE-358: Improperly Implemented Security Check for Standard | \n",
" http://cwe.mitre.org/data/definitions/358.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 362 | \n",
" CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | \n",
" http://cwe.mitre.org/data/definitions/362.html | \n",
" 8.0 | \n",
" 1.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 388 | \n",
" CWE-388: Error Handling | \n",
" http://cwe.mitre.org/data/definitions/388.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 399 | \n",
" CWE-399: Resource Management Errors | \n",
" http://cwe.mitre.org/data/definitions/399.html | \n",
" 10.0 | \n",
" 1.0 | \n",
" 3.0 | \n",
"
\n",
" \n",
" 415 | \n",
" CWE-415: Double Free | \n",
" http://cwe.mitre.org/data/definitions/415.html | \n",
" 3.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 416 | \n",
" CWE-416: Use After Free | \n",
" http://cwe.mitre.org/data/definitions/416.html | \n",
" 12.0 | \n",
" 0.0 | \n",
" 5.0 | \n",
"
\n",
" \n",
" Not defined | \n",
" http://cwe.mitre.org/data/definitions/416.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 476 | \n",
" CWE-476: NULL Pointer Dereference | \n",
" http://cwe.mitre.org/data/definitions/476.html | \n",
" 3.0 | \n",
" 1.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 787 | \n",
" CWE-787: Out-of-bounds Write | \n",
" http://cwe.mitre.org/data/definitions/787.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 3.0 | \n",
"
\n",
" \n",
"
\n",
"
"
],
"text/plain": [
"Severity HIGH \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 1.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 1.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 3.0 \n",
" CWE-19: Data Processing Errors http://cwe.mitre.org/data/definitions/19.html 1.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 51.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 1.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 154.0 \n",
" CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/119.html 1.0 \n",
" CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/119.html 1.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 1.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 1.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 4.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 23.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 11.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 5.0 \n",
" CWE-200: Information exposure http://cwe.mitre.org/data/definitions/200.html 0.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 4.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n",
"264 CWE-16: Configuration http://cwe.mitre.org/data/definitions/264.html 0.0 \n",
" CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 416.0 \n",
" CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 17.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 1.0 \n",
"284 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/284.html 0.0 \n",
" CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 38.0 \n",
" CWE-284: Improper access control http://cwe.mitre.org/data/definitions/284.html 2.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 1.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 2.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 1.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 8.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 1.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 10.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 3.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 12.0 \n",
" Not defined http://cwe.mitre.org/data/definitions/416.html 1.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 3.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 1.0 \n",
"\n",
"Severity LOW \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 0.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 0.0 \n",
" CWE-19: Data Processing Errors http://cwe.mitre.org/data/definitions/19.html 0.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 0.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 0.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 1.0 \n",
" CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/119.html 0.0 \n",
" CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/119.html 0.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 0.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 0.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 0.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 0.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 56.0 \n",
" CWE-200: Information exposure http://cwe.mitre.org/data/definitions/200.html 0.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 0.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n",
"264 CWE-16: Configuration http://cwe.mitre.org/data/definitions/264.html 0.0 \n",
" CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 4.0 \n",
" CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 0.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n",
"284 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/284.html 0.0 \n",
" CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 1.0 \n",
" CWE-284: Improper access control http://cwe.mitre.org/data/definitions/284.html 0.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 1.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 1.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 1.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 0.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 0.0 \n",
" Not defined http://cwe.mitre.org/data/definitions/416.html 0.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 1.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 0.0 \n",
"\n",
"Severity MEDIUM \n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 2.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 5.0 \n",
" CWE-19: Data Processing Errors http://cwe.mitre.org/data/definitions/19.html 0.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 21.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 1.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 16.0 \n",
" CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/119.html 0.0 \n",
" CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/119.html 0.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 6.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 4.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 1.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 135.0 \n",
" CWE-200: Information exposure http://cwe.mitre.org/data/definitions/200.html 6.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 10.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 1.0 \n",
"264 CWE-16: Configuration http://cwe.mitre.org/data/definitions/264.html 1.0 \n",
" CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 81.0 \n",
" CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 0.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n",
"284 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/284.html 2.0 \n",
" CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 28.0 \n",
" CWE-284: Improper access control http://cwe.mitre.org/data/definitions/284.html 4.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 1.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 4.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 1.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 1.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 4.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 3.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 1.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 5.0 \n",
" Not defined http://cwe.mitre.org/data/definitions/416.html 0.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 0.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 3.0 "
]
},
"execution_count": 106,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"\n",
"dfResult.columns = dfResult.columns.droplevel()\n",
"dfResult"
]
},
{
"cell_type": "code",
"execution_count": 109,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"\n",
"\n",
"
\n",
" \n",
" \n",
" | \n",
" | \n",
" Severity | \n",
" HIGH | \n",
" LOW | \n",
" MEDIUM | \n",
"
\n",
" \n",
" cwe | \n",
" CWE vulneratbility type | \n",
" link | \n",
" | \n",
" | \n",
" | \n",
"
\n",
" \n",
" \n",
" \n",
" 16 | \n",
" CWE-16: Configuration | \n",
" http://cwe.mitre.org/data/definitions/16.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 17 | \n",
" CWE-17: Code | \n",
" http://cwe.mitre.org/data/definitions/17.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 2.0 | \n",
"
\n",
" \n",
" 19 | \n",
" CWE-19: Data Handling | \n",
" http://cwe.mitre.org/data/definitions/19.html | \n",
" 3.0 | \n",
" 0.0 | \n",
" 5.0 | \n",
"
\n",
" \n",
" 20 | \n",
" CWE-20: Improper Input Validation | \n",
" http://cwe.mitre.org/data/definitions/20.html | \n",
" 51.0 | \n",
" 0.0 | \n",
" 21.0 | \n",
"
\n",
" \n",
" 77 | \n",
" CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') | \n",
" http://cwe.mitre.org/data/definitions/77.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 89 | \n",
" CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | \n",
" http://cwe.mitre.org/data/definitions/89.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 94 | \n",
" CWE-94: Improper Control of Generation of Code ('Code Injection') | \n",
" http://cwe.mitre.org/data/definitions/94.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 119 | \n",
" CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | \n",
" http://cwe.mitre.org/data/definitions/119.html | \n",
" 154.0 | \n",
" 1.0 | \n",
" 16.0 | \n",
"
\n",
" \n",
" 125 | \n",
" CWE-125: Out-of-bounds Read | \n",
" http://cwe.mitre.org/data/definitions/125.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 6.0 | \n",
"
\n",
" \n",
" 129 | \n",
" CWE-129: Improper Validation of Array Index | \n",
" http://cwe.mitre.org/data/definitions/129.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 172 | \n",
" CWE-172: Encoding Error | \n",
" http://cwe.mitre.org/data/definitions/172.html | \n",
" 4.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 189 | \n",
" CWE-189: Numeric Errors | \n",
" http://cwe.mitre.org/data/definitions/189.html | \n",
" 23.0 | \n",
" 0.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 190 | \n",
" CWE-190: Integer Overflow or Wraparound | \n",
" http://cwe.mitre.org/data/definitions/190.html | \n",
" 11.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 191 | \n",
" CWE-191: Integer Underflow (Wrap or Wraparound) | \n",
" http://cwe.mitre.org/data/definitions/191.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 200 | \n",
" CWE-200: Information Exposure | \n",
" http://cwe.mitre.org/data/definitions/200.html | \n",
" 5.0 | \n",
" 56.0 | \n",
" 135.0 | \n",
"
\n",
" \n",
" 254 | \n",
" CWE-254: Security Features | \n",
" http://cwe.mitre.org/data/definitions/254.html | \n",
" 4.0 | \n",
" 0.0 | \n",
" 10.0 | \n",
"
\n",
" \n",
" 255 | \n",
" CWE-255: Credentials Management | \n",
" http://cwe.mitre.org/data/definitions/255.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 264 | \n",
" CWE-264: Permissions, Privileges, and Access Controls | \n",
" http://cwe.mitre.org/data/definitions/264.html | \n",
" 416.0 | \n",
" 4.0 | \n",
" 81.0 | \n",
"
\n",
" \n",
" 275 | \n",
" CWE-275: Permission Issues | \n",
" http://cwe.mitre.org/data/definitions/275.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 284 | \n",
" CWE-284: Improper Access Control | \n",
" http://cwe.mitre.org/data/definitions/284.html | \n",
" 38.0 | \n",
" 1.0 | \n",
" 28.0 | \n",
"
\n",
" \n",
" 285 | \n",
" CWE-285: Improper Authorization | \n",
" http://cwe.mitre.org/data/definitions/285.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 287 | \n",
" CWE-287: Improper Authentication | \n",
" http://cwe.mitre.org/data/definitions/287.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 310 | \n",
" CWE-310: Cryptographic Issues | \n",
" http://cwe.mitre.org/data/definitions/310.html | \n",
" 2.0 | \n",
" 1.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 345 | \n",
" CWE-345: Insufficient Verification of Data Authenticity | \n",
" http://cwe.mitre.org/data/definitions/345.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 352 | \n",
" CWE-352: Cross-Site Request Forgery (CSRF) | \n",
" http://cwe.mitre.org/data/definitions/352.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 358 | \n",
" CWE-358: Improperly Implemented Security Check for Standard | \n",
" http://cwe.mitre.org/data/definitions/358.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 362 | \n",
" CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | \n",
" http://cwe.mitre.org/data/definitions/362.html | \n",
" 8.0 | \n",
" 1.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 388 | \n",
" CWE-388: Error Handling | \n",
" http://cwe.mitre.org/data/definitions/388.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 399 | \n",
" CWE-399: Resource Management Errors | \n",
" http://cwe.mitre.org/data/definitions/399.html | \n",
" 10.0 | \n",
" 1.0 | \n",
" 3.0 | \n",
"
\n",
" \n",
" 415 | \n",
" CWE-415: Double Free | \n",
" http://cwe.mitre.org/data/definitions/415.html | \n",
" 3.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 416 | \n",
" CWE-416: Use After Free | \n",
" http://cwe.mitre.org/data/definitions/416.html | \n",
" 12.0 | \n",
" 0.0 | \n",
" 5.0 | \n",
"
\n",
" \n",
" 476 | \n",
" CWE-476: NULL Pointer Dereference | \n",
" http://cwe.mitre.org/data/definitions/476.html | \n",
" 3.0 | \n",
" 1.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 787 | \n",
" CWE-787: Out-of-bounds Write | \n",
" http://cwe.mitre.org/data/definitions/787.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 3.0 | \n",
"
\n",
" \n",
"
\n",
"
"
],
"text/plain": [
"Severity HIGH \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 1.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 1.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 3.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 51.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 1.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 154.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 1.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 1.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 4.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 23.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 11.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 5.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 4.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 416.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 1.0 \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 38.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 1.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 2.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 1.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 8.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 1.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 10.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 3.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 12.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 3.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 1.0 \n",
"\n",
"Severity LOW \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 0.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 0.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 0.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 0.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 1.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 0.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 0.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 0.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 0.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 56.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 0.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 4.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 1.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 1.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 1.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 1.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 0.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 0.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 1.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 0.0 \n",
"\n",
"Severity MEDIUM \n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 2.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 5.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 21.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 1.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 16.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 6.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 4.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 1.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 135.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 10.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 1.0 \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 81.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 28.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 1.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 4.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 1.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 1.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 4.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 3.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 1.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 5.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 0.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 3.0 "
]
},
"execution_count": 109,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"dfResult.index.values.tolist()\n",
"dfResult = dfResult.reindex([(16,\n",
" 'CWE-16: Configuration',\n",
" 'http://cwe.mitre.org/data/definitions/16.html'),\n",
" (17, 'CWE-17: Code', 'http://cwe.mitre.org/data/definitions/17.html'),\n",
" (19,\n",
" 'CWE-19: Data Handling',\n",
" 'http://cwe.mitre.org/data/definitions/19.html'),\n",
" (20,\n",
" 'CWE-20: Improper Input Validation',\n",
" 'http://cwe.mitre.org/data/definitions/20.html'),\n",
" (77,\n",
" \"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\",\n",
" 'http://cwe.mitre.org/data/definitions/77.html'),\n",
" (89,\n",
" \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\",\n",
" 'http://cwe.mitre.org/data/definitions/89.html'),\n",
" (94,\n",
" \"CWE-94: Improper Control of Generation of Code ('Code Injection')\",\n",
" 'http://cwe.mitre.org/data/definitions/94.html'),\n",
" (119,\n",
" 'CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer',\n",
" 'http://cwe.mitre.org/data/definitions/119.html'),\n",
" (125,\n",
" 'CWE-125: Out-of-bounds Read',\n",
" 'http://cwe.mitre.org/data/definitions/125.html'),\n",
" (129,\n",
" 'CWE-129: Improper Validation of Array Index',\n",
" 'http://cwe.mitre.org/data/definitions/129.html'),\n",
" (172,\n",
" 'CWE-172: Encoding Error',\n",
" 'http://cwe.mitre.org/data/definitions/172.html'),\n",
" (189,\n",
" 'CWE-189: Numeric Errors',\n",
" 'http://cwe.mitre.org/data/definitions/189.html'),\n",
" (190,\n",
" 'CWE-190: Integer Overflow or Wraparound',\n",
" 'http://cwe.mitre.org/data/definitions/190.html'),\n",
" (191,\n",
" 'CWE-191: Integer Underflow (Wrap or Wraparound)',\n",
" 'http://cwe.mitre.org/data/definitions/191.html'),\n",
" (200,\n",
" 'CWE-200: Information Exposure',\n",
" 'http://cwe.mitre.org/data/definitions/200.html'),\n",
" (254,\n",
" 'CWE-254: Security Features',\n",
" 'http://cwe.mitre.org/data/definitions/254.html'),\n",
" (255,\n",
" 'CWE-255: Credentials Management',\n",
" 'http://cwe.mitre.org/data/definitions/255.html'),\n",
" (264,\n",
" 'CWE-264: Permissions, Privileges, and Access Controls',\n",
" 'http://cwe.mitre.org/data/definitions/264.html'),\n",
" (275,\n",
" 'CWE-275: Permission Issues',\n",
" 'http://cwe.mitre.org/data/definitions/275.html'),\n",
" (284,\n",
" 'CWE-284: Improper Access Control',\n",
" 'http://cwe.mitre.org/data/definitions/284.html'),\n",
" (285,\n",
" 'CWE-285: Improper Authorization',\n",
" 'http://cwe.mitre.org/data/definitions/285.html'),\n",
" (287,\n",
" 'CWE-287: Improper Authentication',\n",
" 'http://cwe.mitre.org/data/definitions/287.html'),\n",
" (310,\n",
" 'CWE-310: Cryptographic Issues',\n",
" 'http://cwe.mitre.org/data/definitions/310.html'),\n",
" (345,\n",
" 'CWE-345: Insufficient Verification of Data Authenticity',\n",
" 'http://cwe.mitre.org/data/definitions/345.html'),\n",
" (352,\n",
" 'CWE-352: Cross-Site Request Forgery (CSRF)',\n",
" 'http://cwe.mitre.org/data/definitions/352.html'),\n",
" (358,\n",
" 'CWE-358: Improperly Implemented Security Check for Standard',\n",
" 'http://cwe.mitre.org/data/definitions/358.html'),\n",
" (362,\n",
" \"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')\",\n",
" 'http://cwe.mitre.org/data/definitions/362.html'),\n",
" (388,\n",
" 'CWE-388: Error Handling',\n",
" 'http://cwe.mitre.org/data/definitions/388.html'),\n",
" (399,\n",
" 'CWE-399: Resource Management Errors',\n",
" 'http://cwe.mitre.org/data/definitions/399.html'),\n",
" (415,\n",
" 'CWE-415: Double Free',\n",
" 'http://cwe.mitre.org/data/definitions/415.html'),\n",
" (416,\n",
" 'CWE-416: Use After Free',\n",
" 'http://cwe.mitre.org/data/definitions/416.html'),\n",
" (476,\n",
" 'CWE-476: NULL Pointer Dereference',\n",
" 'http://cwe.mitre.org/data/definitions/476.html'),\n",
" (787,\n",
" 'CWE-787: Out-of-bounds Write',\n",
" 'http://cwe.mitre.org/data/definitions/787.html')])\n",
"dfResult\n",
" "
]
},
{
"cell_type": "code",
"execution_count": 116,
"metadata": {},
"outputs": [],
"source": [
"index = dfResult.index.values.tolist()\n",
"ids = [ x[0] for x in index]\n",
"names = [x[1] for x in index]\n",
"links = [x[2] for x in index]"
]
},
{
"cell_type": "code",
"execution_count": 117,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"\n",
"\n",
"
\n",
" \n",
" \n",
" | \n",
" | \n",
" Severity | \n",
" name | \n",
" cwe | \n",
" link | \n",
" LOW | \n",
" MEDIUM | \n",
" HIGH | \n",
"
\n",
" \n",
" cwe | \n",
" CWE vulneratbility type | \n",
" link | \n",
" | \n",
" | \n",
" | \n",
" | \n",
" | \n",
" | \n",
"
\n",
" \n",
" \n",
" \n",
" 16 | \n",
" CWE-16: Configuration | \n",
" http://cwe.mitre.org/data/definitions/16.html | \n",
" CWE-16: Configuration | \n",
" 16 | \n",
" http://cwe.mitre.org/data/definitions/16.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 17 | \n",
" CWE-17: Code | \n",
" http://cwe.mitre.org/data/definitions/17.html | \n",
" CWE-17: Code | \n",
" 17 | \n",
" http://cwe.mitre.org/data/definitions/17.html | \n",
" 0.0 | \n",
" 2.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 19 | \n",
" CWE-19: Data Handling | \n",
" http://cwe.mitre.org/data/definitions/19.html | \n",
" CWE-19: Data Handling | \n",
" 19 | \n",
" http://cwe.mitre.org/data/definitions/19.html | \n",
" 0.0 | \n",
" 5.0 | \n",
" 3.0 | \n",
"
\n",
" \n",
" 20 | \n",
" CWE-20: Improper Input Validation | \n",
" http://cwe.mitre.org/data/definitions/20.html | \n",
" CWE-20: Improper Input Validation | \n",
" 20 | \n",
" http://cwe.mitre.org/data/definitions/20.html | \n",
" 0.0 | \n",
" 21.0 | \n",
" 51.0 | \n",
"
\n",
" \n",
" 77 | \n",
" CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') | \n",
" http://cwe.mitre.org/data/definitions/77.html | \n",
" CWE-77: Improper Neutralization of Special Ele... | \n",
" 77 | \n",
" http://cwe.mitre.org/data/definitions/77.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 89 | \n",
" CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | \n",
" http://cwe.mitre.org/data/definitions/89.html | \n",
" CWE-89: Improper Neutralization of Special Ele... | \n",
" 89 | \n",
" http://cwe.mitre.org/data/definitions/89.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 94 | \n",
" CWE-94: Improper Control of Generation of Code ('Code Injection') | \n",
" http://cwe.mitre.org/data/definitions/94.html | \n",
" CWE-94: Improper Control of Generation of Code... | \n",
" 94 | \n",
" http://cwe.mitre.org/data/definitions/94.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 119 | \n",
" CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer | \n",
" http://cwe.mitre.org/data/definitions/119.html | \n",
" CWE-119: Improper Restriction of Operations wi... | \n",
" 119 | \n",
" http://cwe.mitre.org/data/definitions/119.html | \n",
" 1.0 | \n",
" 16.0 | \n",
" 154.0 | \n",
"
\n",
" \n",
" 125 | \n",
" CWE-125: Out-of-bounds Read | \n",
" http://cwe.mitre.org/data/definitions/125.html | \n",
" CWE-125: Out-of-bounds Read | \n",
" 125 | \n",
" http://cwe.mitre.org/data/definitions/125.html | \n",
" 0.0 | \n",
" 6.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 129 | \n",
" CWE-129: Improper Validation of Array Index | \n",
" http://cwe.mitre.org/data/definitions/129.html | \n",
" CWE-129: Improper Validation of Array Index | \n",
" 129 | \n",
" http://cwe.mitre.org/data/definitions/129.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 172 | \n",
" CWE-172: Encoding Error | \n",
" http://cwe.mitre.org/data/definitions/172.html | \n",
" CWE-172: Encoding Error | \n",
" 172 | \n",
" http://cwe.mitre.org/data/definitions/172.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 189 | \n",
" CWE-189: Numeric Errors | \n",
" http://cwe.mitre.org/data/definitions/189.html | \n",
" CWE-189: Numeric Errors | \n",
" 189 | \n",
" http://cwe.mitre.org/data/definitions/189.html | \n",
" 0.0 | \n",
" 4.0 | \n",
" 23.0 | \n",
"
\n",
" \n",
" 190 | \n",
" CWE-190: Integer Overflow or Wraparound | \n",
" http://cwe.mitre.org/data/definitions/190.html | \n",
" CWE-190: Integer Overflow or Wraparound | \n",
" 190 | \n",
" http://cwe.mitre.org/data/definitions/190.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 11.0 | \n",
"
\n",
" \n",
" 191 | \n",
" CWE-191: Integer Underflow (Wrap or Wraparound) | \n",
" http://cwe.mitre.org/data/definitions/191.html | \n",
" CWE-191: Integer Underflow (Wrap or Wraparound) | \n",
" 191 | \n",
" http://cwe.mitre.org/data/definitions/191.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 200 | \n",
" CWE-200: Information Exposure | \n",
" http://cwe.mitre.org/data/definitions/200.html | \n",
" CWE-200: Information Exposure | \n",
" 200 | \n",
" http://cwe.mitre.org/data/definitions/200.html | \n",
" 56.0 | \n",
" 135.0 | \n",
" 5.0 | \n",
"
\n",
" \n",
" 254 | \n",
" CWE-254: Security Features | \n",
" http://cwe.mitre.org/data/definitions/254.html | \n",
" CWE-254: Security Features | \n",
" 254 | \n",
" http://cwe.mitre.org/data/definitions/254.html | \n",
" 0.0 | \n",
" 10.0 | \n",
" 4.0 | \n",
"
\n",
" \n",
" 255 | \n",
" CWE-255: Credentials Management | \n",
" http://cwe.mitre.org/data/definitions/255.html | \n",
" CWE-255: Credentials Management | \n",
" 255 | \n",
" http://cwe.mitre.org/data/definitions/255.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 264 | \n",
" CWE-264: Permissions, Privileges, and Access Controls | \n",
" http://cwe.mitre.org/data/definitions/264.html | \n",
" CWE-264: Permissions, Privileges, and Access C... | \n",
" 264 | \n",
" http://cwe.mitre.org/data/definitions/264.html | \n",
" 4.0 | \n",
" 81.0 | \n",
" 416.0 | \n",
"
\n",
" \n",
" 275 | \n",
" CWE-275: Permission Issues | \n",
" http://cwe.mitre.org/data/definitions/275.html | \n",
" CWE-275: Permission Issues | \n",
" 275 | \n",
" http://cwe.mitre.org/data/definitions/275.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 284 | \n",
" CWE-284: Improper Access Control | \n",
" http://cwe.mitre.org/data/definitions/284.html | \n",
" CWE-284: Improper Access Control | \n",
" 284 | \n",
" http://cwe.mitre.org/data/definitions/284.html | \n",
" 1.0 | \n",
" 28.0 | \n",
" 38.0 | \n",
"
\n",
" \n",
" 285 | \n",
" CWE-285: Improper Authorization | \n",
" http://cwe.mitre.org/data/definitions/285.html | \n",
" CWE-285: Improper Authorization | \n",
" 285 | \n",
" http://cwe.mitre.org/data/definitions/285.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 287 | \n",
" CWE-287: Improper Authentication | \n",
" http://cwe.mitre.org/data/definitions/287.html | \n",
" CWE-287: Improper Authentication | \n",
" 287 | \n",
" http://cwe.mitre.org/data/definitions/287.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 310 | \n",
" CWE-310: Cryptographic Issues | \n",
" http://cwe.mitre.org/data/definitions/310.html | \n",
" CWE-310: Cryptographic Issues | \n",
" 310 | \n",
" http://cwe.mitre.org/data/definitions/310.html | \n",
" 1.0 | \n",
" 4.0 | \n",
" 2.0 | \n",
"
\n",
" \n",
" 345 | \n",
" CWE-345: Insufficient Verification of Data Authenticity | \n",
" http://cwe.mitre.org/data/definitions/345.html | \n",
" CWE-345: Insufficient Verification of Data Aut... | \n",
" 345 | \n",
" http://cwe.mitre.org/data/definitions/345.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 352 | \n",
" CWE-352: Cross-Site Request Forgery (CSRF) | \n",
" http://cwe.mitre.org/data/definitions/352.html | \n",
" CWE-352: Cross-Site Request Forgery (CSRF) | \n",
" 352 | \n",
" http://cwe.mitre.org/data/definitions/352.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 0.0 | \n",
"
\n",
" \n",
" 358 | \n",
" CWE-358: Improperly Implemented Security Check for Standard | \n",
" http://cwe.mitre.org/data/definitions/358.html | \n",
" CWE-358: Improperly Implemented Security Check... | \n",
" 358 | \n",
" http://cwe.mitre.org/data/definitions/358.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 362 | \n",
" CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | \n",
" http://cwe.mitre.org/data/definitions/362.html | \n",
" CWE-362: Concurrent Execution using Shared Res... | \n",
" 362 | \n",
" http://cwe.mitre.org/data/definitions/362.html | \n",
" 1.0 | \n",
" 4.0 | \n",
" 8.0 | \n",
"
\n",
" \n",
" 388 | \n",
" CWE-388: Error Handling | \n",
" http://cwe.mitre.org/data/definitions/388.html | \n",
" CWE-388: Error Handling | \n",
" 388 | \n",
" http://cwe.mitre.org/data/definitions/388.html | \n",
" 0.0 | \n",
" 0.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
" 399 | \n",
" CWE-399: Resource Management Errors | \n",
" http://cwe.mitre.org/data/definitions/399.html | \n",
" CWE-399: Resource Management Errors | \n",
" 399 | \n",
" http://cwe.mitre.org/data/definitions/399.html | \n",
" 1.0 | \n",
" 3.0 | \n",
" 10.0 | \n",
"
\n",
" \n",
" 415 | \n",
" CWE-415: Double Free | \n",
" http://cwe.mitre.org/data/definitions/415.html | \n",
" CWE-415: Double Free | \n",
" 415 | \n",
" http://cwe.mitre.org/data/definitions/415.html | \n",
" 0.0 | \n",
" 1.0 | \n",
" 3.0 | \n",
"
\n",
" \n",
" 416 | \n",
" CWE-416: Use After Free | \n",
" http://cwe.mitre.org/data/definitions/416.html | \n",
" CWE-416: Use After Free | \n",
" 416 | \n",
" http://cwe.mitre.org/data/definitions/416.html | \n",
" 0.0 | \n",
" 5.0 | \n",
" 12.0 | \n",
"
\n",
" \n",
" 476 | \n",
" CWE-476: NULL Pointer Dereference | \n",
" http://cwe.mitre.org/data/definitions/476.html | \n",
" CWE-476: NULL Pointer Dereference | \n",
" 476 | \n",
" http://cwe.mitre.org/data/definitions/476.html | \n",
" 1.0 | \n",
" 0.0 | \n",
" 3.0 | \n",
"
\n",
" \n",
" 787 | \n",
" CWE-787: Out-of-bounds Write | \n",
" http://cwe.mitre.org/data/definitions/787.html | \n",
" CWE-787: Out-of-bounds Write | \n",
" 787 | \n",
" http://cwe.mitre.org/data/definitions/787.html | \n",
" 0.0 | \n",
" 3.0 | \n",
" 1.0 | \n",
"
\n",
" \n",
"
\n",
"
"
],
"text/plain": [
"Severity name \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html CWE-16: Configuration \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html CWE-17: Code \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html CWE-19: Data Handling \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html CWE-20: Improper Input Validation \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html CWE-77: Improper Neutralization of Special Ele... \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html CWE-89: Improper Neutralization of Special Ele... \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html CWE-94: Improper Control of Generation of Code... \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html CWE-119: Improper Restriction of Operations wi... \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html CWE-125: Out-of-bounds Read \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html CWE-129: Improper Validation of Array Index \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html CWE-172: Encoding Error \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html CWE-189: Numeric Errors \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html CWE-190: Integer Overflow or Wraparound \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html CWE-191: Integer Underflow (Wrap or Wraparound) \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html CWE-200: Information Exposure \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html CWE-254: Security Features \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html CWE-255: Credentials Management \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html CWE-264: Permissions, Privileges, and Access C... \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html CWE-275: Permission Issues \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html CWE-284: Improper Access Control \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html CWE-285: Improper Authorization \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html CWE-287: Improper Authentication \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html CWE-310: Cryptographic Issues \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html CWE-345: Insufficient Verification of Data Aut... \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html CWE-352: Cross-Site Request Forgery (CSRF) \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html CWE-358: Improperly Implemented Security Check... \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html CWE-362: Concurrent Execution using Shared Res... \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html CWE-388: Error Handling \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html CWE-399: Resource Management Errors \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html CWE-415: Double Free \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html CWE-416: Use After Free \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html CWE-476: NULL Pointer Dereference \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html CWE-787: Out-of-bounds Write \n",
"\n",
"Severity cwe \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 16 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 17 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 19 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 20 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 77 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 89 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 94 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 119 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 125 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 129 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 172 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 189 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 190 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 191 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 200 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 254 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 255 \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 264 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 275 \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 284 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 285 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 287 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 310 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 345 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 352 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 358 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 362 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 388 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 399 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 415 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 416 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 476 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 787 \n",
"\n",
"Severity link \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html http://cwe.mitre.org/data/definitions/16.html \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html http://cwe.mitre.org/data/definitions/17.html \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html http://cwe.mitre.org/data/definitions/19.html \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html http://cwe.mitre.org/data/definitions/20.html \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html http://cwe.mitre.org/data/definitions/77.html \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html http://cwe.mitre.org/data/definitions/89.html \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html http://cwe.mitre.org/data/definitions/94.html \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html http://cwe.mitre.org/data/definitions/119.html \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html http://cwe.mitre.org/data/definitions/125.html \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html http://cwe.mitre.org/data/definitions/129.html \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html http://cwe.mitre.org/data/definitions/172.html \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html http://cwe.mitre.org/data/definitions/189.html \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html http://cwe.mitre.org/data/definitions/190.html \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html http://cwe.mitre.org/data/definitions/191.html \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html http://cwe.mitre.org/data/definitions/200.html \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html http://cwe.mitre.org/data/definitions/254.html \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html http://cwe.mitre.org/data/definitions/255.html \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html http://cwe.mitre.org/data/definitions/264.html \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html http://cwe.mitre.org/data/definitions/275.html \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html http://cwe.mitre.org/data/definitions/284.html \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html http://cwe.mitre.org/data/definitions/285.html \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html http://cwe.mitre.org/data/definitions/287.html \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html http://cwe.mitre.org/data/definitions/310.html \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html http://cwe.mitre.org/data/definitions/345.html \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html http://cwe.mitre.org/data/definitions/352.html \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html http://cwe.mitre.org/data/definitions/358.html \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html http://cwe.mitre.org/data/definitions/362.html \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html http://cwe.mitre.org/data/definitions/388.html \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html http://cwe.mitre.org/data/definitions/399.html \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html http://cwe.mitre.org/data/definitions/415.html \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html http://cwe.mitre.org/data/definitions/416.html \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html http://cwe.mitre.org/data/definitions/476.html \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html http://cwe.mitre.org/data/definitions/787.html \n",
"\n",
"Severity LOW \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 0.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 0.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 0.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 0.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 1.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 0.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 0.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 0.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 0.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 56.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 0.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 4.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 1.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 1.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 1.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 1.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 0.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 0.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 1.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 0.0 \n",
"\n",
"Severity MEDIUM \\\n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 0.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 2.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 5.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 21.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 1.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 0.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 16.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 6.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 0.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 0.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 4.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 1.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 135.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 10.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 1.0 \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 81.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 0.0 \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 28.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 0.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 1.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 4.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 1.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 1.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 0.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 4.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 0.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 3.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 1.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 5.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 0.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 3.0 \n",
"\n",
"Severity HIGH \n",
"cwe CWE vulneratbility type link \n",
"16 CWE-16: Configuration http://cwe.mitre.org/data/definitions/16.html 1.0 \n",
"17 CWE-17: Code http://cwe.mitre.org/data/definitions/17.html 1.0 \n",
"19 CWE-19: Data Handling http://cwe.mitre.org/data/definitions/19.html 3.0 \n",
"20 CWE-20: Improper Input Validation http://cwe.mitre.org/data/definitions/20.html 51.0 \n",
"77 CWE-77: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/77.html 0.0 \n",
"89 CWE-89: Improper Neutralization of Special Elem... http://cwe.mitre.org/data/definitions/89.html 1.0 \n",
"94 CWE-94: Improper Control of Generation of Code ... http://cwe.mitre.org/data/definitions/94.html 1.0 \n",
"119 CWE-119: Improper Restriction of Operations wit... http://cwe.mitre.org/data/definitions/119.html 154.0 \n",
"125 CWE-125: Out-of-bounds Read http://cwe.mitre.org/data/definitions/125.html 1.0 \n",
"129 CWE-129: Improper Validation of Array Index http://cwe.mitre.org/data/definitions/129.html 1.0 \n",
"172 CWE-172: Encoding Error http://cwe.mitre.org/data/definitions/172.html 4.0 \n",
"189 CWE-189: Numeric Errors http://cwe.mitre.org/data/definitions/189.html 23.0 \n",
"190 CWE-190: Integer Overflow or Wraparound http://cwe.mitre.org/data/definitions/190.html 11.0 \n",
"191 CWE-191: Integer Underflow (Wrap or Wraparound) http://cwe.mitre.org/data/definitions/191.html 1.0 \n",
"200 CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.html 5.0 \n",
"254 CWE-254: Security Features http://cwe.mitre.org/data/definitions/254.html 4.0 \n",
"255 CWE-255: Credentials Management http://cwe.mitre.org/data/definitions/255.html 0.0 \n",
"264 CWE-264: Permissions, Privileges, and Access Co... http://cwe.mitre.org/data/definitions/264.html 416.0 \n",
"275 CWE-275: Permission Issues http://cwe.mitre.org/data/definitions/275.html 1.0 \n",
"284 CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.html 38.0 \n",
"285 CWE-285: Improper Authorization http://cwe.mitre.org/data/definitions/285.html 1.0 \n",
"287 CWE-287: Improper Authentication http://cwe.mitre.org/data/definitions/287.html 0.0 \n",
"310 CWE-310: Cryptographic Issues http://cwe.mitre.org/data/definitions/310.html 2.0 \n",
"345 CWE-345: Insufficient Verification of Data Auth... http://cwe.mitre.org/data/definitions/345.html 0.0 \n",
"352 CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html 0.0 \n",
"358 CWE-358: Improperly Implemented Security Check ... http://cwe.mitre.org/data/definitions/358.html 1.0 \n",
"362 CWE-362: Concurrent Execution using Shared Reso... http://cwe.mitre.org/data/definitions/362.html 8.0 \n",
"388 CWE-388: Error Handling http://cwe.mitre.org/data/definitions/388.html 1.0 \n",
"399 CWE-399: Resource Management Errors http://cwe.mitre.org/data/definitions/399.html 10.0 \n",
"415 CWE-415: Double Free http://cwe.mitre.org/data/definitions/415.html 3.0 \n",
"416 CWE-416: Use After Free http://cwe.mitre.org/data/definitions/416.html 12.0 \n",
"476 CWE-476: NULL Pointer Dereference http://cwe.mitre.org/data/definitions/476.html 3.0 \n",
"787 CWE-787: Out-of-bounds Write http://cwe.mitre.org/data/definitions/787.html 1.0 "
]
},
"execution_count": 117,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"#dfResult = dfResult.xs('one', level='second', axis=1)\n",
"dfResult[\"cwe\"] = ids\n",
"dfResult[\"name\"] = names\n",
"dfResult[\"link\"] = links\n",
"reindexiado = dfResult.reindex(columns=[\"name\", \"cwe\", \"link\", \"LOW\", \"MEDIUM\", \"HIGH\"])\n",
"reindexiado"
]
},
{
"cell_type": "code",
"execution_count": 118,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"reindexiado.to_csv(path_or_buf=\"vtbacEMSE.csv\", index=False)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.6.3"
}
},
"nbformat": 4,
"nbformat_minor": 2
}