CweDatabase

cwe_xml::cwe

Struct CweDatabase 

Source 
pub struct CweDatabase { /* private fields */ }
Expand description

A CWE weakness database.

Implementations§

Source§

impl CweDatabase

Source

pub fn new() -> CweDatabase

Create a new empty CWE database.

Examples found in repository?
examples/cwe.rs (line 10)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
Source

pub fn import_weakness_catalog_from_str( &mut self, xml: &str, ) -> Result<(), Error>

Import a CWE catalog from a string containing the XML.

Source

pub fn import_weakness_catalog_from_url( &mut self, url: &str, ) -> Result<(), Error>

Import a CWE catalog from an URL string containing the XML.

Examples found in repository?
examples/cwe.rs (line 13)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
Source

pub fn import_weakness_catalog_from_file( &mut self, xml_file: &str, ) -> Result<(), Error>

Import a CWE catalog from a file containing the XML.

Source

pub fn import_weakness_catalog_from_reader<R>( &mut self, reader: R, ) -> Result<(), Error>
where R: BufRead,

Import a CWE catalog from a reader containing the XML.

Source

pub fn weakness_by_cwe_id(&self, cwe_id: i64) -> Option<Rc<Weakness>>

Returns a reference to a Weakness struct if the CWE-ID exists in the catalog.

Examples found in repository?
examples/cwe.rs (line 22)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
Source

pub fn categories_by_cwe_id(&self, cwe_id: i64) -> HashSet<Rc<Category>>

Returns a list of categories for a given CWE-ID.

Examples found in repository?
examples/cwe.rs (line 26)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
46
47struct Visitor;
48
49impl WeaknessVisitor for Visitor {
50    fn visit(&mut self, db: &CweDatabase, level: usize, weakness: Rc<Weakness>) {
51        let cats = db.categories_by_cwe_id(weakness.id).iter().map(|c| c.name.clone()).collect::<Vec<_>>();
52
53        println!("{} CWE-{} {} (subtree-size: {}, categories: {:?})",
54                 " ".repeat(level * 2),
55                 weakness.id,
56                 weakness.name,
57                 db.weakness_subtree_by_cwe_id(weakness.id).len(),
58                 cats
59        );
60    }
Source

pub fn weakness_children_by_cwe_id(&self, cwe_id: i64) -> HashSet<Rc<Weakness>>

Returns a list of weaknesses that are children of a given CWE-ID.

Examples found in repository?
examples/cwe.rs (line 29)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
Source

pub fn weakness_subtree_by_cwe_id(&self, cwe_id: i64) -> Vec<Rc<Weakness>>

Returns a list of weaknesses that are children of a given CWE-ID. The list does not contain the weakness for the given CWE-ID.

Examples found in repository?
examples/cwe.rs (line 57)
50    fn visit(&mut self, db: &CweDatabase, level: usize, weakness: Rc<Weakness>) {
51        let cats = db.categories_by_cwe_id(weakness.id).iter().map(|c| c.name.clone()).collect::<Vec<_>>();
52
53        println!("{} CWE-{} {} (subtree-size: {}, categories: {:?})",
54                 " ".repeat(level * 2),
55                 weakness.id,
56                 weakness.name,
57                 db.weakness_subtree_by_cwe_id(weakness.id).len(),
58                 cats
59        );
60    }
Source

pub fn weakness_roots(&self) -> HashSet<Rc<Weakness>>

Returns a list of weaknesses that are roots, i.e. they have no parents.

Examples found in repository?
examples/cwe.rs (line 32)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
Source

pub fn visit_weaknesses(&self, visitor: &mut impl WeaknessVisitor)

Visit all root weaknesses in the database and their children.

Examples found in repository?
examples/cwe.rs (line 39)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
Source

pub fn direct_ancestors_by_cwe_id(&self, cwe_id: i64) -> HashSet<Rc<Weakness>>

Returns the direct weakness ancestors of a given CWE-ID.

Source

pub fn merge_categories_by_cwe_id( &mut self, cwe_id: i64, categories: HashSet<Rc<Category>>, )

Merge the given categories into the category index for the given CWE-ID.

Source

pub fn all_categories(&self) -> HashSet<Rc<Category>>

Returns a list of all categories in the database (across all catalogs).

Source

pub fn infer_categories_from_ancestors(&mut self)

Sub-weaknesses inherit the categories of their parent weaknesses.

Examples found in repository?
examples/cwe.rs (line 17)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}
Source

pub fn infer_categories_from_descendants(&mut self)

Propagate categories to ancestors that don’t have any categories yet and have only one child that has no category defined. This is a heuristic to infer categories for weaknesses that have no categories defined. This process is repeated until no more categories can be propagated.

Examples found in repository?
examples/cwe.rs (line 18)
9fn main() -> Result<(), Box<dyn std::error::Error>> {
10    let mut cwe_db = CweDatabase::new();
11
12    // Import the 3 main CWE catalogs from the official website.
13    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/699.xml.zip")?;
14    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1000.xml.zip")?;
15    cwe_db.import_weakness_catalog_from_url("https://cwe.mitre.org/data/xml/views/1194.xml.zip")?;
16
17    cwe_db.infer_categories_from_ancestors();
18    cwe_db.infer_categories_from_descendants();
19
20    // Retrieve a weakness by its ID (CWE-73).
21    let cwe_id: i64 = 306;
22    let weakness = cwe_db.weakness_by_cwe_id(cwe_id);
23    println!("Weakness CWE-ID-{}\n{:#?}", cwe_id, weakness);
24
25    // Display the categories of the weakness (if any).
26    let categories = cwe_db.categories_by_cwe_id(cwe_id);
27    println!("Categories {:#?}", categories);
28
29    let children = cwe_db.weakness_children_by_cwe_id(1076);
30    println!("CWE-{} has {} children", cwe_id, children.len());
31
32    println!("{} CWE roots", cwe_db.weakness_roots().len());
33    for root in &cwe_db.weakness_roots() {
34        println!("CWE-{} is a root '{}'", root.id, root.name);
35    }
36
37    let mut visitor = Visitor;
38
39    cwe_db.visit_weaknesses(&mut visitor);
40
41    // Display the CWE catalog summary.
42    println!("{}", cwe_db);
43
44    Ok(())
45}

Trait Implementations§

Source§

impl Debug for CweDatabase

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for CweDatabase

Source§

fn default() -> CweDatabase

Returns the “default value” for a type. Read more
Source§

impl Display for CweDatabase

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,