From 223c50f56508f0067bf3fb34dc81312651741718 Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <hugovk@users.noreply.github.com>
Date: Thu, 30 Nov 2023 23:15:44 +0200
Subject: [PATCH 1/7] Add CVE role

---
 doc/usage/restructuredtext/roles.rst | 12 +++++++
 sphinx/environment/__init__.py       |  4 +++
 sphinx/roles.py                      | 37 +++++++++++++++++++++
 tests/test_markup.py                 | 48 ++++++++++++++++++++++++++++
 4 files changed, 101 insertions(+)

diff --git a/doc/usage/restructuredtext/roles.rst b/doc/usage/restructuredtext/roles.rst
index eb1a94b3916..c3a41a6774c 100644
--- a/doc/usage/restructuredtext/roles.rst
+++ b/doc/usage/restructuredtext/roles.rst
@@ -242,6 +242,18 @@ There is also an :rst:role:`index` role to generate index entries.
 
 The following roles generate external links:
 
+.. rst:role:: cve
+
+   A reference to a Common Vulnerabilities and Exposures record.  This
+   generates appropriate index entries. The text "CVE *number*\ " is
+   generated; in the HTML output, this text is a hyperlink to an online copy
+   of the specified CVE.  You can link to a specific section by saying
+   ``:cve:`number#anchor```.
+
+   For example: :cve:`2020-10735`
+
+   .. versionadded:: 7.3
+
 .. rst:role:: pep
 
    A reference to a Python Enhancement Proposal.  This generates appropriate
diff --git a/sphinx/environment/__init__.py b/sphinx/environment/__init__.py
index 24fbe33d4e3..498f4b6bcf0 100644
--- a/sphinx/environment/__init__.py
+++ b/sphinx/environment/__init__.py
@@ -43,6 +43,10 @@
     'image_loading': 'link',
     'embed_stylesheet': False,
     'cloak_email_addresses': True,
+    'cve_base_url': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-',
+    'cve_references': None,
+    'cwe_base_url': 'https://cwe.mitre.org/data/definitions/',
+    'cwe_references': None,
     'pep_base_url': 'https://peps.python.org/',
     'pep_references': None,
     'rfc_base_url': 'https://datatracker.ietf.org/doc/html/',
diff --git a/sphinx/roles.py b/sphinx/roles.py
index d734429ebad..567ad85e112 100644
--- a/sphinx/roles.py
+++ b/sphinx/roles.py
@@ -172,6 +172,42 @@ def process_link(self, env: BuildEnvironment, refnode: Element, has_explicit_tit
         return result
 
 
+class CVE(ReferenceRole):
+    def run(self) -> tuple[list[Node], list[system_message]]:
+        target_id = f"index-{self.env.new_serialno('index')}"
+        entries = [("single", _("Common Vulnerabilities and Exposures; CVE %s") % self.target,
+                    target_id, "", None)]
+
+        index = addnodes.index(entries=entries)
+        target = nodes.target("", "", ids=[target_id])
+        self.inliner.document.note_explicit_target(target)
+
+        try:
+            refuri = self.build_uri()
+            reference = nodes.reference("", "", internal=False, refuri=refuri, classes=["cve"])
+            if self.has_explicit_title:
+                reference += nodes.strong(self.title, self.title)
+            else:
+                title = "CVE " + self.title
+                reference += nodes.strong(title, title)
+        except ValueError:
+            msg = self.inliner.reporter.error(
+                __("invalid CVE number %s") % self.target, line=self.lineno,
+            )
+            prb = self.inliner.problematic(self.rawtext, self.rawtext, msg)
+            return [prb], [msg]
+
+        return [index, target, reference], []
+
+    def build_uri(self) -> str:
+        base_url = self.inliner.document.settings.cve_base_url
+        ret = self.target.split("#", 1)
+        if len(ret) == 2:
+            return f"{base_url}{ret[0]}#{ret[1]}"
+        else:
+            return f"{base_url}{ret[0]}"
+
+
 class PEP(ReferenceRole):
     def run(self) -> tuple[list[Node], list[system_message]]:
         target_id = 'index-%s' % self.env.new_serialno('index')
@@ -401,6 +437,7 @@ def code_role(name: str, rawtext: str, text: str, lineno: int,
     # links to anything
     'any': AnyXRefRole(warn_dangling=True),
 
+    'cve': CVE(),
     'pep': PEP(),
     'rfc': RFC(),
     'guilabel': GUILabel(),
diff --git a/tests/test_markup.py b/tests/test_markup.py
index 0d877b3acf5..c68969c5293 100644
--- a/tests/test_markup.py
+++ b/tests/test_markup.py
@@ -150,6 +150,54 @@ def get(name):
 
 
 @pytest.mark.parametrize(('type', 'rst', 'html_expected', 'latex_expected'), [
+    (
+        # cve role
+        'verify',
+        ':cve:`2020-10735`',
+        ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
+         'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">'
+         '<strong>CVE 2020-10735</strong></a></p>'),
+        ('\\sphinxAtStartPar\n'
+         '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+         '!CVE 2020\\sphinxhyphen{}10735@\\spxentry{CVE 2020\\sphinxhyphen{}10735}}'
+         '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735}'
+         '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735}}'),
+    ),
+    (
+        # cve role with anchor
+        'verify',
+        ':cve:`2020-10735#id1`',
+        ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
+         'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735#id1">'
+         '<strong>CVE 2020-10735#id1</strong></a></p>'),
+        ('\\sphinxAtStartPar\n'
+         '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+         '!CVE 2020\\sphinxhyphen{}10735\\#id1@\\spxentry{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
+         '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735\\#id1}'
+         '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735\\#id1}}'),
+    ),
+    (
+        # cwe role
+        'verify',
+        ':cwe:`787`',
+        ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+         'href="https://cwe.mitre.org/data/definitions/787.html"><strong>CWE 787</strong></a></p>'),
+        ('\\sphinxAtStartPar\n'
+         '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+         '!CWE 787@\\spxentry{CWE 787}}\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
+         '{\\sphinxstylestrong{CWE 787}}'),
+    ),
+    (
+        # cwe role with anchor
+        'verify',
+        ':cwe:`787#id1`',
+        ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+         'href="https://cwe.mitre.org/data/definitions/787.html#id1"><strong>CWE 787#id1</strong></a></p>'),
+        ('\\sphinxAtStartPar\n'
+         '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+         '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
+         '{\\sphinxstylestrong{CWE 787\\#id1}}'),
+    ),
     (
         # pep role
         'verify',

From 4c2e2511ab727ec395932b8545a49eb077ae884d Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <hugovk@users.noreply.github.com>
Date: Thu, 30 Nov 2023 23:47:52 +0200
Subject: [PATCH 2/7] Add CWE role

---
 doc/usage/restructuredtext/roles.rst | 11 +++++++++
 sphinx/roles.py                      | 37 ++++++++++++++++++++++++++++
 tests/test_markup.py                 | 12 ++++++---
 3 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/doc/usage/restructuredtext/roles.rst b/doc/usage/restructuredtext/roles.rst
index c3a41a6774c..2270decb03a 100644
--- a/doc/usage/restructuredtext/roles.rst
+++ b/doc/usage/restructuredtext/roles.rst
@@ -254,6 +254,17 @@ The following roles generate external links:
 
    .. versionadded:: 7.3
 
+.. rst:role:: cwe
+
+   A reference to a Common Weakness Enumeration.  This generates appropriate
+   index entries. The text "CWE *number*\ " is generated; in the HTML output,
+   this text is a hyperlink to an online copy of the specified CWE.  You can
+   link to a specific section by saying ``:cwe:`number#anchor```.
+
+   For example: :cwe:`787`
+
+   .. versionadded:: 7.3
+
 .. rst:role:: pep
 
    A reference to a Python Enhancement Proposal.  This generates appropriate
diff --git a/sphinx/roles.py b/sphinx/roles.py
index 567ad85e112..fa4f4e3b043 100644
--- a/sphinx/roles.py
+++ b/sphinx/roles.py
@@ -208,6 +208,42 @@ def build_uri(self) -> str:
             return f"{base_url}{ret[0]}"
 
 
+class CWE(ReferenceRole):
+    def run(self) -> tuple[list[Node], list[system_message]]:
+        target_id = f"index-{self.env.new_serialno('index')}"
+        entries = [("single", _("Common Weakness Enumeration; CWE %s") % self.target,
+                    target_id, "", None)]
+
+        index = addnodes.index(entries=entries)
+        target = nodes.target("", "", ids=[target_id])
+        self.inliner.document.note_explicit_target(target)
+
+        try:
+            refuri = self.build_uri()
+            reference = nodes.reference("", "", internal=False, refuri=refuri, classes=["cwe"])
+            if self.has_explicit_title:
+                reference += nodes.strong(self.title, self.title)
+            else:
+                title = "CWE " + self.title
+                reference += nodes.strong(title, title)
+        except ValueError:
+            msg = self.inliner.reporter.error(
+                __("invalid CWE number %s") % self.target, line=self.lineno,
+            )
+            prb = self.inliner.problematic(self.rawtext, self.rawtext, msg)
+            return [prb], [msg]
+
+        return [index, target, reference], []
+
+    def build_uri(self) -> str:
+        base_url = self.inliner.document.settings.cwe_base_url
+        ret = self.target.split("#", 1)
+        if len(ret) == 2:
+            return f"{base_url}{int(ret[0])}.html#{ret[1]}"
+        else:
+            return f"{base_url}{int(ret[0])}.html"
+
+
 class PEP(ReferenceRole):
     def run(self) -> tuple[list[Node], list[system_message]]:
         target_id = 'index-%s' % self.env.new_serialno('index')
@@ -438,6 +474,7 @@ def code_role(name: str, rawtext: str, text: str, lineno: int,
     'any': AnyXRefRole(warn_dangling=True),
 
     'cve': CVE(),
+    'cwe': CWE(),
     'pep': PEP(),
     'rfc': RFC(),
     'guilabel': GUILabel(),
diff --git a/tests/test_markup.py b/tests/test_markup.py
index c68969c5293..6b6520c94ad 100644
--- a/tests/test_markup.py
+++ b/tests/test_markup.py
@@ -181,10 +181,12 @@ def get(name):
         'verify',
         ':cwe:`787`',
         ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
-         'href="https://cwe.mitre.org/data/definitions/787.html"><strong>CWE 787</strong></a></p>'),
+         'href="https://cwe.mitre.org/data/definitions/787.html">'
+         '<strong>CWE 787</strong></a></p>'),
         ('\\sphinxAtStartPar\n'
          '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
-         '!CWE 787@\\spxentry{CWE 787}}\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
+         '!CWE 787@\\spxentry{CWE 787}}'
+         '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
          '{\\sphinxstylestrong{CWE 787}}'),
     ),
     (
@@ -192,10 +194,12 @@ def get(name):
         'verify',
         ':cwe:`787#id1`',
         ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
-         'href="https://cwe.mitre.org/data/definitions/787.html#id1"><strong>CWE 787#id1</strong></a></p>'),
+         'href="https://cwe.mitre.org/data/definitions/787.html#id1">'
+         '<strong>CWE 787#id1</strong></a></p>'),
         ('\\sphinxAtStartPar\n'
          '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
-         '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
+         '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}'
+         '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
          '{\\sphinxstylestrong{CWE 787\\#id1}}'),
     ),
     (

From c34734b0b5cd598258bf4fa459936af2d9e84895 Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <hugovk@users.noreply.github.com>
Date: Sun, 24 Dec 2023 13:24:56 -0700
Subject: [PATCH 3/7] Use f-strings and remove else after return
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
---
 sphinx/roles.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/sphinx/roles.py b/sphinx/roles.py
index fa4f4e3b043..0e7639dc415 100644
--- a/sphinx/roles.py
+++ b/sphinx/roles.py
@@ -188,7 +188,7 @@ def run(self) -> tuple[list[Node], list[system_message]]:
             if self.has_explicit_title:
                 reference += nodes.strong(self.title, self.title)
             else:
-                title = "CVE " + self.title
+                title = f"CVE {self.title}"
                 reference += nodes.strong(title, title)
         except ValueError:
             msg = self.inliner.reporter.error(
@@ -204,8 +204,7 @@ def build_uri(self) -> str:
         ret = self.target.split("#", 1)
         if len(ret) == 2:
             return f"{base_url}{ret[0]}#{ret[1]}"
-        else:
-            return f"{base_url}{ret[0]}"
+        return f"{base_url}{ret[0]}"
 
 
 class CWE(ReferenceRole):
@@ -224,7 +223,7 @@ def run(self) -> tuple[list[Node], list[system_message]]:
             if self.has_explicit_title:
                 reference += nodes.strong(self.title, self.title)
             else:
-                title = "CWE " + self.title
+                title = f"CWE {self.title}"
                 reference += nodes.strong(title, title)
         except ValueError:
             msg = self.inliner.reporter.error(
@@ -240,8 +239,7 @@ def build_uri(self) -> str:
         ret = self.target.split("#", 1)
         if len(ret) == 2:
             return f"{base_url}{int(ret[0])}.html#{ret[1]}"
-        else:
-            return f"{base_url}{int(ret[0])}.html"
+        return f"{base_url}{int(ret[0])}.html"
 
 
 class PEP(ReferenceRole):

From eb1069ad92af55658d769b44f10fd99790ef8455 Mon Sep 17 00:00:00 2001
From: Adam Turner <9087854+aa-turner@users.noreply.github.com>
Date: Sat, 5 Oct 2024 18:08:24 +0100
Subject: [PATCH 4/7] post-merge

---
 doc/usage/restructuredtext/roles.rst |  27 ++++---
 sphinx/roles.py                      |  60 ++++++++++------
 tests/test_markup/test_markup.py     | 104 +++++++++++++--------------
 3 files changed, 107 insertions(+), 84 deletions(-)

diff --git a/doc/usage/restructuredtext/roles.rst b/doc/usage/restructuredtext/roles.rst
index 1613773ee1a..4774b06195b 100644
--- a/doc/usage/restructuredtext/roles.rst
+++ b/doc/usage/restructuredtext/roles.rst
@@ -251,26 +251,31 @@ The following roles generate external links:
 
 .. rst:role:: cve
 
-   A reference to a Common Vulnerabilities and Exposures record.  This
-   generates appropriate index entries. The text "CVE *number*\ " is
-   generated; in the HTML output, this text is a hyperlink to an online copy
-   of the specified CVE.  You can link to a specific section by saying
-   ``:cve:`number#anchor```.
+   A reference to a `Common Vulnerabilities and Exposures`_ record.
+   This generates appropriate index entries.
+   The text "CVE *number*\ " is generated;
+   with a link to an online copy of the specified CVE.
+   You can link to a specific section by using ``:cve:`number#anchor```.
+
+   .. _Common Vulnerabilities and Exposures: https://www.cve.org/
 
    For example: :cve:`2020-10735`
 
-   .. versionadded:: 7.3
+   .. versionadded:: 8.1
 
 .. rst:role:: cwe
 
-   A reference to a Common Weakness Enumeration.  This generates appropriate
-   index entries. The text "CWE *number*\ " is generated; in the HTML output,
-   this text is a hyperlink to an online copy of the specified CWE.  You can
-   link to a specific section by saying ``:cwe:`number#anchor```.
+   A reference to a `Common Weakness Enumeration`_.
+   This generates appropriate index entries.
+   The text "CWE *number*\ " is generated; in the HTML output,
+   with a link to an online copy of the specified CWE.
+   You can link to a specific section by using ``:cwe:`number#anchor```.
+
+   .. _Common Weakness Enumeration: https://cwe.mitre.org/
 
    For example: :cwe:`787`
 
-   .. versionadded:: 7.3
+   .. versionadded:: 8.1
 
 .. rst:role:: pep
 
diff --git a/sphinx/roles.py b/sphinx/roles.py
index d09290ac749..48f3c7ce993 100644
--- a/sphinx/roles.py
+++ b/sphinx/roles.py
@@ -198,25 +198,34 @@ def process_link(
 
 class CVE(ReferenceRole):
     def run(self) -> tuple[list[Node], list[system_message]]:
-        target_id = f"index-{self.env.new_serialno('index')}"
-        entries = [("single", _("Common Vulnerabilities and Exposures; CVE %s") % self.target,
-                    target_id, "", None)]
+        target_id = f'index-{self.env.new_serialno("index")}'
+        entries = [
+            (
+                'single',
+                _('Common Vulnerabilities and Exposures; CVE %s') % self.target,
+                target_id,
+                '',
+                None,
+            )
+        ]
 
         index = addnodes.index(entries=entries)
-        target = nodes.target("", "", ids=[target_id])
+        target = nodes.target('', '', ids=[target_id])
         self.inliner.document.note_explicit_target(target)
 
         try:
             refuri = self.build_uri()
-            reference = nodes.reference("", "", internal=False, refuri=refuri, classes=["cve"])
+            reference = nodes.reference(
+                '', '', internal=False, refuri=refuri, classes=['cve']
+            )
             if self.has_explicit_title:
                 reference += nodes.strong(self.title, self.title)
             else:
-                title = f"CVE {self.title}"
+                title = f'CVE {self.title}'
                 reference += nodes.strong(title, title)
         except ValueError:
             msg = self.inliner.reporter.error(
-                __("invalid CVE number %s") % self.target, line=self.lineno,
+                __('invalid CVE number %s') % self.target, line=self.lineno
             )
             prb = self.inliner.problematic(self.rawtext, self.rawtext, msg)
             return [prb], [msg]
@@ -225,33 +234,42 @@ def run(self) -> tuple[list[Node], list[system_message]]:
 
     def build_uri(self) -> str:
         base_url = self.inliner.document.settings.cve_base_url
-        ret = self.target.split("#", 1)
+        ret = self.target.split('#', 1)
         if len(ret) == 2:
-            return f"{base_url}{ret[0]}#{ret[1]}"
-        return f"{base_url}{ret[0]}"
+            return f'{base_url}{ret[0]}#{ret[1]}'
+        return f'{base_url}{ret[0]}'
 
 
 class CWE(ReferenceRole):
     def run(self) -> tuple[list[Node], list[system_message]]:
-        target_id = f"index-{self.env.new_serialno('index')}"
-        entries = [("single", _("Common Weakness Enumeration; CWE %s") % self.target,
-                    target_id, "", None)]
+        target_id = f'index-{self.env.new_serialno("index")}'
+        entries = [
+            (
+                'single',
+                _('Common Weakness Enumeration; CWE %s') % self.target,
+                target_id,
+                '',
+                None,
+            )
+        ]
 
         index = addnodes.index(entries=entries)
-        target = nodes.target("", "", ids=[target_id])
+        target = nodes.target('', '', ids=[target_id])
         self.inliner.document.note_explicit_target(target)
 
         try:
             refuri = self.build_uri()
-            reference = nodes.reference("", "", internal=False, refuri=refuri, classes=["cwe"])
+            reference = nodes.reference(
+                '', '', internal=False, refuri=refuri, classes=['cwe']
+            )
             if self.has_explicit_title:
                 reference += nodes.strong(self.title, self.title)
             else:
-                title = f"CWE {self.title}"
+                title = f'CWE {self.title}'
                 reference += nodes.strong(title, title)
         except ValueError:
             msg = self.inliner.reporter.error(
-                __("invalid CWE number %s") % self.target, line=self.lineno,
+                __('invalid CWE number %s') % self.target, line=self.lineno
             )
             prb = self.inliner.problematic(self.rawtext, self.rawtext, msg)
             return [prb], [msg]
@@ -259,11 +277,11 @@ def run(self) -> tuple[list[Node], list[system_message]]:
         return [index, target, reference], []
 
     def build_uri(self) -> str:
-        base_url = self.inliner.document.settings.cwe_base_url
-        ret = self.target.split("#", 1)
+        base_url = self.inliner.document.settings.cve_base_url
+        ret = self.target.split('#', 1)
         if len(ret) == 2:
-            return f"{base_url}{int(ret[0])}.html#{ret[1]}"
-        return f"{base_url}{int(ret[0])}.html"
+            return f'{base_url}{int(ret[0])}.html#{ret[1]}'
+        return f'{base_url}{int(ret[0])}.html'
 
 
 class PEP(ReferenceRole):
diff --git a/tests/test_markup/test_markup.py b/tests/test_markup/test_markup.py
index 42246db5d8e..8d99cd6e414 100644
--- a/tests/test_markup/test_markup.py
+++ b/tests/test_markup/test_markup.py
@@ -162,58 +162,58 @@ def get(name):
     [
         (
             # cve role
-        'verify',
-        ':cve:`2020-10735`',
-        ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
-         'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">'
-         '<strong>CVE 2020-10735</strong></a></p>'),
-        ('\\sphinxAtStartPar\n'
-         '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
-         '!CVE 2020\\sphinxhyphen{}10735@\\spxentry{CVE 2020\\sphinxhyphen{}10735}}'
-         '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735}'
-         '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735}}'),
-    ),
-    (
-        # cve role with anchor
-        'verify',
-        ':cve:`2020-10735#id1`',
-        ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
-         'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735#id1">'
-         '<strong>CVE 2020-10735#id1</strong></a></p>'),
-        ('\\sphinxAtStartPar\n'
-         '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
-         '!CVE 2020\\sphinxhyphen{}10735\\#id1@\\spxentry{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
-         '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735\\#id1}'
-         '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735\\#id1}}'),
-    ),
-    (
-        # cwe role
-        'verify',
-        ':cwe:`787`',
-        ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
-         'href="https://cwe.mitre.org/data/definitions/787.html">'
-         '<strong>CWE 787</strong></a></p>'),
-        ('\\sphinxAtStartPar\n'
-         '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
-         '!CWE 787@\\spxentry{CWE 787}}'
-         '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
-         '{\\sphinxstylestrong{CWE 787}}'),
-    ),
-    (
-        # cwe role with anchor
-        'verify',
-        ':cwe:`787#id1`',
-        ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
-         'href="https://cwe.mitre.org/data/definitions/787.html#id1">'
-         '<strong>CWE 787#id1</strong></a></p>'),
-        ('\\sphinxAtStartPar\n'
-         '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
-         '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}'
-         '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
-         '{\\sphinxstylestrong{CWE 787\\#id1}}'),
-    ),
-    (
-        # pep role
+            'verify',
+            ':cve:`2020-10735`',
+            ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
+             'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">'
+             '<strong>CVE 2020-10735</strong></a></p>'),
+            ('\\sphinxAtStartPar\n'
+             '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+             '!CVE 2020\\sphinxhyphen{}10735@\\spxentry{CVE 2020\\sphinxhyphen{}10735}}'
+             '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735}'
+             '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735}}'),
+        ),
+        (
+            # cve role with anchor
+            'verify',
+            ':cve:`2020-10735#id1`',
+            ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
+             'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735#id1">'
+             '<strong>CVE 2020-10735#id1</strong></a></p>'),
+            ('\\sphinxAtStartPar\n'
+             '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+             '!CVE 2020\\sphinxhyphen{}10735\\#id1@\\spxentry{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
+             '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735\\#id1}'
+             '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735\\#id1}}'),
+        ),
+        (
+            # cwe role
+            'verify',
+            ':cwe:`787`',
+            ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+             'href="https://cwe.mitre.org/data/definitions/787.html">'
+             '<strong>CWE 787</strong></a></p>'),
+            ('\\sphinxAtStartPar\n'
+             '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+             '!CWE 787@\\spxentry{CWE 787}}'
+             '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
+             '{\\sphinxstylestrong{CWE 787}}'),
+        ),
+        (
+            # cwe role with anchor
+            'verify',
+            ':cwe:`787#id1`',
+            ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+             'href="https://cwe.mitre.org/data/definitions/787.html#id1">'
+             '<strong>CWE 787#id1</strong></a></p>'),
+            ('\\sphinxAtStartPar\n'
+             '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+             '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}'
+             '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
+             '{\\sphinxstylestrong{CWE 787\\#id1}}'),
+        ),
+        (
+            # pep role
             'verify',
             ':pep:`8`',
             (

From ca149a88669e9abf5e4bd7b1f970eca967aeada1 Mon Sep 17 00:00:00 2001
From: Adam Turner <9087854+aa-turner@users.noreply.github.com>
Date: Sat, 5 Oct 2024 18:10:26 +0100
Subject: [PATCH 5/7] post-merge

---
 sphinx/roles.py                  |  4 +-
 tests/test_markup/test_markup.py | 80 +++++++++++++++++++-------------
 2 files changed, 51 insertions(+), 33 deletions(-)

diff --git a/sphinx/roles.py b/sphinx/roles.py
index 48f3c7ce993..3f40307ef57 100644
--- a/sphinx/roles.py
+++ b/sphinx/roles.py
@@ -542,15 +542,17 @@ def code_role(
     'download': XRefRole(nodeclass=addnodes.download_reference),
     # links to anything
     'any': AnyXRefRole(warn_dangling=True),
-
+    # external links
     'cve': CVE(),
     'cwe': CWE(),
     'pep': PEP(),
     'rfc': RFC(),
+    # emphasised things
     'guilabel': GUILabel(),
     'menuselection': MenuSelection(),
     'file': EmphasizedLiteral(),
     'samp': EmphasizedLiteral(),
+    # other
     'abbr': Abbreviation(),
     'manpage': Manpage(),
 }
diff --git a/tests/test_markup/test_markup.py b/tests/test_markup/test_markup.py
index 8d99cd6e414..3be45a9736d 100644
--- a/tests/test_markup/test_markup.py
+++ b/tests/test_markup/test_markup.py
@@ -164,53 +164,69 @@ def get(name):
             # cve role
             'verify',
             ':cve:`2020-10735`',
-            ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
-             'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">'
-             '<strong>CVE 2020-10735</strong></a></p>'),
-            ('\\sphinxAtStartPar\n'
-             '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
-             '!CVE 2020\\sphinxhyphen{}10735@\\spxentry{CVE 2020\\sphinxhyphen{}10735}}'
-             '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735}'
-             '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735}}'),
+            (
+                '<p><span class="target" id="index-0"></span><a class="cve reference external" '
+                'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">'
+                '<strong>CVE 2020-10735</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+                '!CVE 2020\\sphinxhyphen{}10735@\\spxentry{CVE 2020\\sphinxhyphen{}10735}}'
+                '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735}'
+                '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735}}'
+            ),
         ),
         (
             # cve role with anchor
             'verify',
             ':cve:`2020-10735#id1`',
-            ('<p><span class="target" id="index-0"></span><a class="cve reference external" '
-             'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735#id1">'
-             '<strong>CVE 2020-10735#id1</strong></a></p>'),
-            ('\\sphinxAtStartPar\n'
-             '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
-             '!CVE 2020\\sphinxhyphen{}10735\\#id1@\\spxentry{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
-             '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735\\#id1}'
-             '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735\\#id1}}'),
+            (
+                '<p><span class="target" id="index-0"></span><a class="cve reference external" '
+                'href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735#id1">'
+                '<strong>CVE 2020-10735#id1</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Vulnerabilities and Exposures@\\spxentry{Common Vulnerabilities and Exposures}'
+                '!CVE 2020\\sphinxhyphen{}10735\\#id1@\\spxentry{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
+                '\\sphinxhref{https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735\\#id1}'
+                '{\\sphinxstylestrong{CVE 2020\\sphinxhyphen{}10735\\#id1}}'
+            ),
         ),
         (
             # cwe role
             'verify',
             ':cwe:`787`',
-            ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
-             'href="https://cwe.mitre.org/data/definitions/787.html">'
-             '<strong>CWE 787</strong></a></p>'),
-            ('\\sphinxAtStartPar\n'
-             '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
-             '!CWE 787@\\spxentry{CWE 787}}'
-             '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
-             '{\\sphinxstylestrong{CWE 787}}'),
+            (
+                '<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+                'href="https://cwe.mitre.org/data/definitions/787.html">'
+                '<strong>CWE 787</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+                '!CWE 787@\\spxentry{CWE 787}}'
+                '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html}'
+                '{\\sphinxstylestrong{CWE 787}}'
+            ),
         ),
         (
             # cwe role with anchor
             'verify',
             ':cwe:`787#id1`',
-            ('<p><span class="target" id="index-0"></span><a class="cwe reference external" '
-             'href="https://cwe.mitre.org/data/definitions/787.html#id1">'
-             '<strong>CWE 787#id1</strong></a></p>'),
-            ('\\sphinxAtStartPar\n'
-             '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
-             '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}'
-             '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
-             '{\\sphinxstylestrong{CWE 787\\#id1}}'),
+            (
+                '<p><span class="target" id="index-0"></span><a class="cwe reference external" '
+                'href="https://cwe.mitre.org/data/definitions/787.html#id1">'
+                '<strong>CWE 787#id1</strong></a></p>'
+            ),
+            (
+                '\\sphinxAtStartPar\n'
+                '\\index{Common Weakness Enumeration@\\spxentry{Common Weakness Enumeration}'
+                '!CWE 787\\#id1@\\spxentry{CWE 787\\#id1}}'
+                '\\sphinxhref{https://cwe.mitre.org/data/definitions/787.html\\#id1}'
+                '{\\sphinxstylestrong{CWE 787\\#id1}}'
+            ),
         ),
         (
             # pep role

From 705cdf4c76da15a64893ee82540b6d80cab3d78b Mon Sep 17 00:00:00 2001
From: Adam Turner <9087854+aa-turner@users.noreply.github.com>
Date: Sat, 5 Oct 2024 18:27:46 +0100
Subject: [PATCH 6/7] fixup! post-merge

---
 sphinx/roles.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sphinx/roles.py b/sphinx/roles.py
index 3f40307ef57..9d4b407665d 100644
--- a/sphinx/roles.py
+++ b/sphinx/roles.py
@@ -277,7 +277,7 @@ def run(self) -> tuple[list[Node], list[system_message]]:
         return [index, target, reference], []
 
     def build_uri(self) -> str:
-        base_url = self.inliner.document.settings.cve_base_url
+        base_url = self.inliner.document.settings.cwe_base_url
         ret = self.target.split('#', 1)
         if len(ret) == 2:
             return f'{base_url}{int(ret[0])}.html#{ret[1]}'

From ebbcbcd0dadf1c16cb62880b5ab370b7fe950880 Mon Sep 17 00:00:00 2001
From: Adam Turner <9087854+aa-turner@users.noreply.github.com>
Date: Sat, 5 Oct 2024 18:41:49 +0100
Subject: [PATCH 7/7] CHANGES

---
 CHANGES.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index 232f4f83e22..6001fd22035 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -59,6 +59,9 @@ Features added
   such as :py:mod:`time` or :py:mod:`datetime` in :file:`conf.py`.
   See :ref:`the docs <config-copyright>` for further detail.
   Patch by Adam Turner.
+* #11781: Add roles for referencing CVEs (:rst:role:`:cve: <cve>`)
+  and CWEs (:rst:role:`:cwe: <cwe>`).
+  Patch by Hugo van Kemenade.
 
 Bugs fixed
 ----------