# cwe-data
CLI tool to query CWE (Common Weakness Enumeration) data.
## Features
- Query Weaknesses, Categories, and Views by ID
- Search across all CWE entries by keyword
- All data embedded in binary (no external files needed at runtime)
- Auto-downloads CWE database on first build
## Build
```bash
cargo build --release
```
On first build, `cwe.json` is automatically downloaded from the [CWE-CAPEC REST-API-wg repository](https://github.com/CWE-CAPEC/REST-API-wg).
Following file is downloaded: https://github.com/CWE-CAPEC/REST-API-wg/blob/main/json_repo/cwe.json
That file is split and imbedded inside the executable. So no internet access is used while using the app, only during build.
## Usage
```bash
# Get by ID (numeric or with CWE prefix)
cwe-data get 79
cwe-data get CWE-79
# Search by keyword (case-insensitive)
cwe-data search injection
cwe-data search "buffer overflow"
cwe-data search xss --limit 5 # Limit results
cwe-data search memory --line-limit 3 # Limit matching lines per entry
```
Output is JSON:
```json
{
"ID": "79",
"Name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"Abstraction": "Base",
...
}
```
---
## Data Source
CWE data from [MITRE CWE](https://cwe.mitre.org/) via the [CWE-CAPEC REST-API-wg](https://github.com/CWE-CAPEC/REST-API-wg) repository.
## License
The code in this project is licensed under the MIT or Apache 2.0 license.
All contributions, code and documentation, to this project will be similarly licensed.
CWE data is provided by MITRE. See [CWE Terms of Use](https://cwe.mitre.org/about/termsofuse.html).