#vulnerabilities #security #cwe #weakness #mitre

cwe-xml

A local in-memory, queryable, and navigable CWE database initialized with one or multiple CWE XML files

14 releases (6 breaking)

0.7.2 Aug 17, 2023
0.7.1 Jul 2, 2023
0.7.0 Jun 23, 2023

#2155 in Parser implementations

Apache-2.0

41KB
1K SLoC

CWE XML

A local in-memory, queryable, and navigable CWE database initialized with one or multiple CWE XML files. This crate provides a Rust mapping to CWE XML files from the MITRE project.

CWE stands for Common Weakness Enumeration.

XML files are available here.

Features

  • Import multiple CWE catalogs (XML format) into a single CWE database.
  • Navigate CWE hierarchies and list CWE roots.
  • Query the database for weakness by CWE-ID.
  • Query the database for categories by CWE-ID.
  • Infer categories (i.e. weakness inherit categories of their parents).

Status

  • All CWE files from the Mitre project have been loaded and deserialized with this crate.
  • Still very early, no unit tests, no documentation.

Examples

Dependencies

~11–25MB
~391K SLoC