Skip to content

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

License

Notifications You must be signed in to change notification settings

OWASP/cwe-sdk-javascript

cwe-sdk

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

npm version license downloads build codecov Known Vulnerabilities Responsible Disclosure Policy OWASP CWE Toolkit

Install

yarn add cwe-sdk

Usage

Require the CweManager class and use its methods

const { CweManager } = require('cwe-sdk')

Example

const { CweManager } = require('cwe-sdk')

const cweManager = new CweManager()
const result = cweManager.isChildOf({ weaknessId: '117', parentId: '116' })

console.log(result) // true

Build

This CWE SDK has a build process that prepares the JSON data by downloading the latest version of the CWE archive (e.g. https://cwe.mitre.org/data/xml/cwec_v4.1.xml.zip) and then crunches it to create the following data snapshots:

  1. A mirror JSON object, available at ./raw/cwe-archive.json
  2. A JSON dictionary to easily access CWEs by their ID, available at ./raw/cwe-dictionary.json
  3. A JSON array for the relationship hierarchy between CWEs, available at ./raw/cwe-hierarchy.json

This work is made possible thanks to scripts in ./build/

To run it, execute yarn run build

Contributing

Please consult CONTRIBUTING for guidelines on contributing to this project.

Author

cwe-sdk © Liran Tal, Released under the Apache-2.0 License.