get-cwe 1.9.0

Tools for CVE managing, exploring and collect some data about their weaknesses and classifications
get-cwe-1.9.0 is not a library.

Tyr - get-cwe

Installation

cargo install get-cwe

Purpose

This command line utility explore the list of CWE according to the cwe id.

Initialisation

You must initialize the CWE database first. This database will be installed into you <home_directory>/.tyr directory. If this directory doesn't exist it will be created automatically.

From a console run the following command first to test your internet connection:

$ get-cwe check

Test: https://cwe.mitre.org/data/csv/699.csv.zip... valid
Test: https://cwe.mitre.org/data/csv/1194.csv.zip... valid
Test: https://cwe.mitre.org/data/csv/1000.csv... valid

This command test the availibility of each CSV file that will be used for your internal database.

Afterward, run the following command:

$ get-cwe refresh

Archive downloaded and extracted successfully: 699.csv
CWE data injected into SQLite database successfully.
Operation completed successfully: 699.csv
Archive downloaded and extracted successfully: 1194.csv
CWE data injected into SQLite database successfully.
Operation completed successfully: 1194.csv
Archive downloaded and extracted successfully: 1000.csv
CWE data injected into SQLite database successfully.
Operation completed successfully: 1000.csv

Each archive file is downloaded and injected into your local sqlite database.

You're ready to go !

Additional checking

You can check your local database with the following command:

$ get-cwe check --db

Database successfully found!

If you have no database, you'll get this status:

$ get-cwe check --db

Database does not exist!

Explore

To explore a CWE according to its id.:

$ get-cwe CWE-91

You can search some CWE elements with the search feature:

$ get-cwe search 'description = Path and system'

[ Id: CWE-41 ]
▶︎ Name: Improper Resolution of Path Equivalence
  ▷ Description: The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object.
[ Id: CWE-73 ]
▶︎ Name: External Control of File Name or Path
  ▷ Description: The product allows user input to control or influence paths or file names that are used in filesystem operations.

To explore all options run get-cwe help

Authors and acknowledgment

Help will be appreciated. All tools will be developed with rust technology.

License

This project is under MIT license.

Project status

This project is under development and all contributions are welcome.

These tools are provided without any guaranties.