From dcbcfd672cc055001ef4b8321b0f680b538af895 Mon Sep 17 00:00:00 2001
From: Helge Wehder <helge.wehder@ericsson.com>
Date: Fri, 8 Nov 2024 14:36:59 +0000
Subject: [PATCH 1/2] pySCG: adding prominent CVE for CWE-78 to main readme

Signed-off-by: Helge Wehder <helge.wehder@ericsson.com>
---
 docs/Secure-Coding-Guide-for-Python/readme.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/Secure-Coding-Guide-for-Python/readme.md b/docs/Secure-Coding-Guide-for-Python/readme.md
index 30e8af6b..9a65b391 100644
--- a/docs/Secure-Coding-Guide-for-Python/readme.md
+++ b/docs/Secure-Coding-Guide-for-Python/readme.md
@@ -87,7 +87,8 @@ It is **not production code** and requires code-style or python best practices t
 
 |[CWE-707: Improper Neutralization](https://cwe.mitre.org/data/definitions/707.html)|Prominent CVE|
 |:----------------------------------------------------------------|:----|
-|[CWE-78: Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")](CWE-707/CWE-78/README.md)||
+|[CWE-78: Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")](CWE-707/CWE-78/README.md)|[CVE-2024-43804](https://www.cvedetails.com/cve/CVE-2024-43804/),<br/>CVSSv3.1: **8.8**,<br/>EPSS: **00.06** (08.11.2024)|
+|[CWE-117: Improper Output Neutralization for Logs](CWE-707/CWE-117/.)|
 |[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')](CWE-707/CWE-89/.)|[CVE-2019-8600](https://www.cvedetails.com/cve/CVE-2019-8600/),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **01.43** (18.02.2024)|
 |[CWE-117: Improper Output Neutralization for Logs](CWE-707/CWE-117/.)||
 |[CWE-180: Incorrect behavior order: Validate before Canonicalize](CWE-707/CWE-180/.)|[CVE-2022-26136](https://www.cvedetails.com/cve/CVE-2022-26136/),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **00.77** (05.11.2024)|

From 5dc986c0d40fd5552a5dd6a64f254db561ed770a Mon Sep 17 00:00:00 2001
From: Helge Wehder <helge.wehder@ericsson.com>
Date: Mon, 11 Nov 2024 14:43:28 +0000
Subject: [PATCH 2/2] fixed copy and paste mistakes for code examples in readme

Signed-off-by: Helge Wehder <helge.wehder@ericsson.com>
---
 docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md | 3 ---
 docs/Secure-Coding-Guide-for-Python/readme.md                | 1 -
 2 files changed, 4 deletions(-)

diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md
index c034935e..bb131aa7 100644
--- a/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md
+++ b/docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-78/README.md
@@ -40,7 +40,6 @@ This scenario demonstrates a potential remote command execution. The `FileOperat
 *[noncompliant01.py](noncompliant01.py):*
 
 ```python
-""" Non-compliant Code Example """
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
 """ Non-compliant Code Example """
@@ -135,8 +134,6 @@ The `compliant01.py` code using the cross-platform compatible pathlib module and
 *[compliant01.py](compliant01.py):*
 
 ```python
-""" Compliant Code Example """
-
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
 """ Compliant Code Example """
diff --git a/docs/Secure-Coding-Guide-for-Python/readme.md b/docs/Secure-Coding-Guide-for-Python/readme.md
index 9a65b391..2b09e439 100644
--- a/docs/Secure-Coding-Guide-for-Python/readme.md
+++ b/docs/Secure-Coding-Guide-for-Python/readme.md
@@ -88,7 +88,6 @@ It is **not production code** and requires code-style or python best practices t
 |[CWE-707: Improper Neutralization](https://cwe.mitre.org/data/definitions/707.html)|Prominent CVE|
 |:----------------------------------------------------------------|:----|
 |[CWE-78: Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")](CWE-707/CWE-78/README.md)|[CVE-2024-43804](https://www.cvedetails.com/cve/CVE-2024-43804/),<br/>CVSSv3.1: **8.8**,<br/>EPSS: **00.06** (08.11.2024)|
-|[CWE-117: Improper Output Neutralization for Logs](CWE-707/CWE-117/.)|
 |[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')](CWE-707/CWE-89/.)|[CVE-2019-8600](https://www.cvedetails.com/cve/CVE-2019-8600/),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **01.43** (18.02.2024)|
 |[CWE-117: Improper Output Neutralization for Logs](CWE-707/CWE-117/.)||
 |[CWE-180: Incorrect behavior order: Validate before Canonicalize](CWE-707/CWE-180/.)|[CVE-2022-26136](https://www.cvedetails.com/cve/CVE-2022-26136/),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **00.77** (05.11.2024)|