Fix CWE related weakness parsing and add regression tests

[akshat4703]

Summary

Fixes a CWE parser bug where parse_related_weakness() could return None and fail to process multiple related weaknesses depending on XML shape.

Problem

parse_related_weakness() only handled one specific structure (dict) and did not always return a Standard object.
This could lead to:

• None propagating in import flow
• missed CRE link propagation for related CWE entries

Changes

• Updated parse_related_weakness() to normalize Related_Weakness into a list when needed.
• Iterates through all related weakness entries safely.
• Always returns the original/updated CWE node.

Tests

Added regression tests in cwe_parser_test.py:

• handles list-shaped Related_Weakness input
• returns original CWE node on empty related weakness input

Impact

Improves importer correctness and prevents data integrity issues in CWE-to-CRE relationship building.

[Copilot]

Pull request overview

Fixes CWE importer robustness around parsing Related_Weaknesses so multiple related CWEs are handled across different XML shapes, and adds regression tests to prevent None propagation during import.

Changes:

• Normalize Related_Weakness payloads into a list and iterate safely over all entries.
• Ensure parse_related_weakness() always returns a Standard (the updated/original CWE node).
• Add regression tests covering list-shaped related weaknesses and empty input behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
application/utils/external_project_parsers/parsers/cwe.py	Updates related-weakness parsing to handle list/dict shapes and always return the CWE node.
application/tests/cwe_parser_test.py	Adds regression coverage for list-shaped related weakness parsing and empty input behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

typing.Dict should not be used with isinstance() (it raises TypeError on Python 3.11/3.12). Use the runtime type (dict) or collections.abc.Mapping for this check, otherwise this code path can crash during parsing (and the new tests will hit it).

[Copilot]

Same issue here: isinstance(cwe_entry, Dict) uses typing.Dict and can raise TypeError at runtime. Switch to dict (or Mapping) for the instance check so related weaknesses parsing doesn’t crash.

Suggested change

	if isinstance(cwe_entries, Dict):
	cwe_entries = [cwe_entries]
	if isinstance(cwe_entries, list):
	for cwe_entry in cwe_entries:
	if isinstance(cwe_entry, Dict):
	if isinstance(cwe_entries, dict):
	cwe_entries = [cwe_entries]
	if isinstance(cwe_entries, list):
	for cwe_entry in cwe_entries:
	if isinstance(cwe_entry, dict):

[akshat4703]

Implemented and verified.

This PR specifically fixes parse_related_weakness() in application/utils/external_project_parsers/parsers/cwe.py to:

• normalize Related_Weakness dict/list shapes
• iterate all related CWE entries safely
• always return a Standard node (no None propagation)

Added regression tests in application/tests/cwe_parser_test.py:

• test_parse_related_weakness_handles_list
• test_parse_related_weakness_returns_original_on_empty_input

Validation run:
python -m unittest application.tests.cwe_parser_test -v
Result: Ran 3 tests ... OK