Getting Started

Prerequisites

cwe.cr is pure Crystal with no native dependencies. The MITRE CWE catalog is embedded directly into the resulting binary — no runtime data files, no network calls.

Installation

Add the dependency to your shard.yml:

dependencies:
  cwe:
    github: hahwul/cwe.cr

Then install:

shards install

Your First Program

Create hello.cr:

require "cwe"

w = CWE.find!("CWE-79")
puts w.name        # => Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
puts w.abstraction # => Base
puts w.url         # => https://cwe.mitre.org/data/definitions/79.html

Run it:

crystal run hello.cr

Tolerant id parsing

Any of these forms is accepted as an id:

CWE.find(79)
CWE.find("79")
CWE.find("CWE-79")
CWE.find("cwe-79")
CWE.find("CWE_79")
CWE.find("CWE:79")
CWE.find("  CWE-79  ") # whitespace tolerated

For details on raising vs non-raising lookups, see Lookups.

Non-raising lookups

When you can't be sure an id is in the catalog, prefer find over find!:

if w = CWE.find(user_input)
  # use w
else
  # malformed id or not in the catalog
end

Catalog metadata

CWE.catalog_version # => "4.20"
CWE.size            # => 944  (weaknesses)
CWE.categories.size # => 422
CWE.views.size      # => 59

Next Steps

• Lookups — find, find!, [], []?, includes?, parse_id
• Relationships — walk the catalog hierarchy
• Search & Filters — full-text search and abstraction/status filters
• Categories & Views — beyond Weaknesses