cwec-v4.14-weaknesses-1.0

## 介绍 这个数据集基于[CWE List Version 4.14](https://cwe.mitre.org/data/index.html)的完整XML文件，旨在为研究人员和安全专家提供关于软件和硬件常见弱点枚举（CWE）的结构化数据。数据集包含`963`个条目，每个条目以`Alpaca`格式提供关于特定弱点的详细信息。 ## 数据集结构 数据集中的每个条目包括以下字段： `ID`：弱点的唯一标识符（例如，CWE-1004）。 `Name`：描述问题本质的弱点名称（例如，没有"HttpOnly"标志的敏感Cookie）。 `Abstraction`：表示弱点概念级别的抽象级别（例如，变体）。 `Structure`：弱点结构类型（例如，简单）。 `Status`：弱点描述的完成状态（例如，未完成）。 `Description`：关于没有HttpOnly标志的敏感cookie的问题的简要描述。 `Extended Description`：提供问题的更详细描述，解释HttpOnly标志的作用以及不使用它与之相关的安全风险。 `Related Weaknesses`：描述与此弱点相关的其他弱点。 `Applicable Platforms`：描述此弱点适用的编程语言和技术平台。 `Background Details`：提供有关HTTP cookies的背景信息，解释cookies的工作原理及其目的。 `Modes Of Introduction`：描述软件开发周期中可能引入此弱点的阶段。 `Likelihood Of Exploit`：表示此弱点被利用的可能性（例如，中等）。 `Common Consequences`：描述如果此弱点被利用，对系统可能产生的影响。 `Detection Methods`：描述检测此弱点存在的方法。 `Potential Mitigations`：提供减轻此弱点的推荐措施。 `Demonstrative Examples`：提供示例代码来演示这个弱点以及如何减轻它。 `Observed Examples`：列出在现实世界中观察到的这种弱点的实例，包括相关的CVE编号。 `References`：提供相关参考资料的链接。 `Mapping Notes`：包含关于此弱点条目的映射和使用的注释。 `Content History`：提供此弱点描述内容的历史修订记录。 ## 使用说明 此数据集适用于安全研究、教育培训、工具开发等多种用途。用户可以通过`MsDataset.load`直接加载此数据集进行分析和研究。 ```python from modelscope.msdatasets import MsDataset ds = MsDataset.load('bayuncao/cwec-v4.14-weaknesses-1.0') ```

### Introduction This dataset is based on the complete XML file of [CWE List Version 4.14](https://cwe.mitre.org/data/index.html), and aims to provide researchers and security experts with structured data regarding the Common Weakness Enumeration (CWE) for software and hardware. The dataset contains 963 entries, and each entry provides detailed information about a specific weakness in Alpaca format. ### Dataset Structure Each entry in this dataset includes the following fields: - `ID`: Unique identifier of the weakness (e.g., CWE-1004). - `Name`: The name of the weakness that describes the essence of the issue (e.g., Sensitive Cookie Without "HttpOnly" Flag). - `Abstraction`: The abstraction level representing the conceptual tier of the weakness (e.g., Variant). - `Structure`: The structural type of the weakness (e.g., Simple). - `Status`: The completion status of the weakness description (e.g., Incomplete). - `Description`: A brief description of the issue related to sensitive cookies without the HttpOnly flag. - `Extended Description`: A more detailed description of the issue, explaining the function of the HttpOnly flag and the security risks associated with not using it. - `Related Weaknesses`: Describes other weaknesses related to this weakness. - `Applicable Platforms`: Describes the programming languages and technical platforms to which this weakness applies. - `Background Details`: Provides background information on HTTP cookies, explaining how cookies operate and their intended purpose. - `Modes Of Introduction`: Describes the stages in the software development lifecycle where this weakness may be introduced. - `Likelihood Of Exploit`: Indicates the likelihood that this weakness will be exploited (e.g., Medium). - `Common Consequences`: Describes the potential impacts on the system if this weakness is exploited. - `Detection Methods`: Describes methods for detecting the presence of this weakness. - `Potential Mitigations`: Provides recommended measures to mitigate this weakness. - `Demonstrative Examples`: Provides sample code to demonstrate this weakness and how to mitigate it. - `Observed Examples`: Lists real-world instances of this weakness that have been observed, including relevant CVE IDs. - `References`: Provides links to relevant reference materials. - `Mapping Notes`: Contains annotations regarding mappings and usage for this weakness entry. - `Content History`: Provides the historical revision records of the description content for this weakness. ### Usage Instructions This dataset is suitable for various scenarios such as security research, education and training, tool development, and more. Users can directly load this dataset for analysis and research via `MsDataset.load`. python from modelscope.msdatasets import MsDataset ds = MsDataset.load('bayuncao/cwec-v4.14-weaknesses-1.0')