CWE and CAPEC (as a source?)

[adulau]

Overall idea (open to discussion):

• Importing CWE and CAPEC as kind of source (like KEV) to allow expanding CWE and CAPEC from the vulnerability when these have a referecent to CWE and CAPEC. (At least the CVE have it maybe some other)
• Expanding CWE and CAPEC from the web ui (maybe also the API)

Now the dirty part, the sources for CWE and CAPEC are in XML format:

• https://cwe.mitre.org/data/xml/cwec_latest.xml.zip
• https://capec.mitre.org/data/archive/capec_latest.zip

If we import it in vulnerability-lookup, we will have a JSON dumps ;-) Not a big fan of storing the XML element in vulnerability-lookup. Not sure what's best. @Rafiot @cedricbonhomme what's your feelings there?

[Rafiot]

The XMLs seem to be relatively simple, so it should be somewhat doable to just turn them to json without loosing much/anything.

And they seem to have proper IDs so storing them that way should be doable.