Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/julian-nash/cwe

Common weakness enumeration library for Python
https://github.com/julian-nash/cwe

Last synced: about 1 month ago
JSON representation

Common weakness enumeration library for Python

Host: GitHub
URL: https://github.com/julian-nash/cwe
Owner: Julian-Nash
License: mit
Created: 2020-03-26T15:25:18.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2024-03-17T21:20:17.000Z (10 months ago)
Last Synced: 2024-11-21T19:38:42.909Z (about 1 month ago)
Language: Python
Size: 1.6 MB
Stars: 14
Watchers: 3
Forks: 3
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

README

        ## Common weakness enumeration library for Python

![Python package](https://github.com/Julian-Nash/cwe/workflows/Python%20package/badge.svg)

https://cwe.mitre.org/index.html

#### Installation

```sh

pip install cwe

```

#### Usage

- Get a CWE by ID:

```pycon

>>> from cwe import Database

>>> db = Database()

>>> db.get(15)

Weakness(cwe_id=15, name=External Control of System or Configuration Setting)

```

- Access attributes of the Weakness using dot notation

```pycon

>>> weakness = db.get(15)

>>> weakness.description

'One or more system settings or configuration elements can be externally controlled by a user.'

```

- Or use the weakness `get` method

```pycon

>>> weakness.get("status", None)

'Incomplete'

```

- Get a dictionary of the weakness (Truncated for this example)

```pycon

>>> weakness.to_dict()

{'cwe_id': '15', 'name': 'External Control of System or Configuration Setting', 'weakness_abstraction': 'Base'}

```

- Get the top 25 weaknesses

```pycon

>>> from cwe import Database

>>> db = Database()

>>> db.get_top_25()

```

#### Weakness attributes

The following weakness object attributes can accessed:

- `cwe_id`

- `name`

- `weakness_abstraction`

- `status`

- `description`

- `extended_description`

- `related_weaknesses`

- `weakness_ordinalities`

- `applicable_platforms`

- `background_details`

- `alternate_terms`

- `modes_of_introduction`

- `exploitation_factors`

- `likelihood_of_exploit`

- `common_consequences`

- `detection_methods`

- `potential_mitigations`

- `observed_examples`

- `functional_areas`

- `affected_resources`

- `taxonomy_mappings`

- `related_attack_patterns`

- `notes`

#### Tests

There's a small `unittest` test suite in the `tests` directory