Skip to content

feat: add OWASP Attack as first-class resource (Phase 1) #718

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
PRAteek-singHWY wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add OWASP Attack as first-class resource (Phase 1) #718

PRAteek-singHWY wants to merge 2 commits into from
+110 −2

Conversation

@PRAteek-singHWY
Copy link
Contributor

@PRAteek-singHWY PRAteek-singHWY commented Jan 15, 2026
edited
Loading

Feature: Support for OWASP Attack resources (Phase 1)

Partially Fixes #471

Description

This PR implements Phase 1 (Foundation) of mapping OWASP resources into OpenCRE.
It introduces OWASP Attack pages as first-class entities in the graph, distinct from Standards and Tools.

This PR focuses on establishing the data model and backend support only. No automated parsers or external syncing are introduced yet.

Changes

1. Data Model

application/defs/cre_defs.py

  • Added Attack to the Credoctypes enum.
  • Introduced Attack(Node) dataclass.

This keeps OWASP Attacks semantically distinct from other resource types and enables clean graph modeling in later phases.

2. Backend Support

application/database/db.py

  • Added dbNodeFromAttack and updated nodeFromDB to support the new Attack type.
  • Fix: Updated add_node to safely handle nodes without a section attribute (required for non-Standard node types such as Attacks), preventing an AttributeError.

application/cmd/cre_main.py

  • Updated register_node and parsing logic to accept and register defs.Attack.

3. Verification Script

application/manual_seed_attacks.py

  • Added an idempotent script to manually seed sample OWASP Attacks:
    • Path Traversal
    • SQL Injection
  • Confirms correct persistence and retrieval with doctype = "Attack".

Verification

Ran the manual seed script locally:

python3 application/manual_seed_attacks.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Mapping: to more owasp resources

1 participant

@PRAteek-singHWY