get-cwe 1.10.1

Tools for CVE managing, exploring and collect some data about their weaknesses and classifications
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

# Tyr - get-cwe

## Installation

`cargo install get-cwe`

## Purpose

This command line utility explore the list of CWE according to the cwe id.

## Initialisation

You must initialize the CWE database first. This database will be installed into you <home_directory>/.tyr directory.
If this directory doesn't exist it will be created automatically.

From a console run the following command first to test your internet connection:

```[bash, shell]
$ get-cwe check

Test: https://cwe.mitre.org/data/csv/699.csv.zip... valid
Test: https://cwe.mitre.org/data/csv/1194.csv.zip... valid
Test: https://cwe.mitre.org/data/csv/1000.csv... valid
```

This command test the availability of each CSV file that will be used for your internal database.

Afterward, run the following command:

```[bash, shell]
$ get-cwe refresh

Archive downloaded and extracted successfully: 699.csv
CWE data injected into SQLite database successfully.
Operation completed successfully: 699.csv
Archive downloaded and extracted successfully: 1194.csv
CWE data injected into SQLite database successfully.
Operation completed successfully: 1194.csv
Archive downloaded and extracted successfully: 1000.csv
CWE data injected into SQLite database successfully.
Operation completed successfully: 1000.csv
```

Each archive file is downloaded and injected into your local sqlite database.

You're ready to go !

### Additional checking

You can check your local database with the following command:

```[bash, shell]
$ get-cwe check --db

Database successfully found!
```

If you have no database, you'll get this status:

```[bash,shell]
$ get-cwe check --db

Database does not exist!
```

## Explore

To explore a CWE according to its id.:

```[bash,shell]
$ get-cwe CWE-91
```

You can search some CWE elements with the `search` feature:

```[bash,shell]
$ get-cwe search 'description = Path and system'
...
 [ CWE-73 ]
  -> Name: External Control of File Name or Path
    > Description: The product allows user input to control or influence paths or file names that are used in filesystem operations.
 [ CWE-514 ]
  -> Name: Covert Channel
    > Description: A covert channel is a path that can be used to transfer information in a way not intended by the system's designers.

```

To explore the schema for a CWE:

```[bash, shell]
$ get-cwe cwe-91 --schema                       
 CWE-91
 ├─ CAPEC
 │  ├─ CAPEC-83 - XPath Injection
 │  └─ CAPEC-250 - XML Injection
 └─ CVE
    ├─ CVE-2008-5024
    ├─ CVE-2013-4221
    ├─ CVE-2013-4857
    ├─ CVE-2013-7429
....
    ├─ CVE-2024-2645
    ├─ CVE-2024-2648
    └─ CVE-2025-12921
```

To explore all options run `get-cwe help`

## Authors and acknowledgment

Help will be appreciated. All tools will be developed with rust technology.

## License

This project is under MIT license.

## Project status

This project is under development and all contributions are welcome.

These tools are provided without any guaranties.