Add CWE ID filtering support in MatchOptions

[M9nx]

Summary

Adds the ability to filter vulnerability advisories by Common Weakness Enumeration (CWE) identifiers, enabling security teams to focus on specific vulnerability categories (e.g., injection flaws, XSS, deserialization issues).

Changes

Core Implementation

• Add cwe_ids field to MatchOptions struct for CWE-based filtering
• Implement with_cwes() constructor for convenient single-purpose filtering
• Add extract_cwes_from_advisory() helper to extract CWEs from database_specific.cwe_ids
• Update advisory_passes_filters() with case-insensitive CWE matching logic

Testing & Quality

• Add 10 comprehensive unit tests covering all CWE filtering scenarios
• Add test_cwe example for developer testing (cargo run --example test_cwe)
• Fix clippy warnings (unnecessary_map_or, dead_code)

Documentation & Tooling

• Update README with CWE filtering examples and common CWE reference table
• Enhance test script with CLI arguments (-v, --skip-optional, -h)
• Add graceful handling for optional tools (cargo-audit, cargo-machete, cargo-outdated)

Usage Example

// Filter for XSS vulnerabilities
let options = MatchOptions::with_cwes(vec!["CWE-79".to_string()]);

// Filter for multiple injection types
let options = MatchOptions::with_cwes(vec![
    "CWE-79".to_string(),  // XSS
    "CWE-89".to_string(),  // SQL Injection
    "CWE-78".to_string(),  // OS Command Injection
]);

let vulns = manager.matches_with_options("npm", "pkg", "1.0.0", &options).await?;

Testing

cargo test cwe           # Run CWE-specific tests
cargo run --example test_cwe  # Run interactive example
./scripts/test.sh        # Run full test suite

Files Changed

File	Description
src/manager.rs	Core CWE filtering implementation (+228 lines)
examples/test_cwe.rs	Developer testing example (+66 lines)
scripts/test.sh	Enhanced test script with CLI args (+96 lines)
README.md	CWE filtering documentation (+30 lines)

---

Closes #1

[Copilot]

Pull request overview

This pull request adds CWE (Common Weakness Enumeration) ID filtering support to the vulnerability advisory matching system, enabling security teams to filter advisories by specific vulnerability categories like XSS, SQL injection, or deserialization issues.

Changes:

• Added cwe_ids field to MatchOptions struct with case-insensitive filtering logic
• Implemented extract_cwes_from_advisory() to parse CWEs from database_specific.cwe_ids
• Added 10 comprehensive unit tests covering various CWE filtering scenarios
• Enhanced test script with CLI arguments and optional tool handling
• Added example demonstrating CWE filtering usage

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
src/manager.rs	Core CWE filtering implementation including MatchOptions extension, filtering logic, CWE extraction helper, and comprehensive unit tests
scripts/test.sh	Enhanced test script with verbose mode, optional tool checks, and CLI argument parsing
examples/test_cwe.rs	Demonstration example showing various CWE filtering patterns and combinations
README.md	Documentation updates with CWE filtering examples and reference table of common CWE IDs

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[k5602]

@M9nx
only ID normalization (e.g., "CWE-79" vs "79") to ensure consistent matching, to merge.

[M9nx]

Good catch! Fixed in the latest commit - changed to cargo test --lib cwe which correctly matches all CWE-related tests (test_cwe_filter_, test_extract_cwes_, etc.).

[M9nx]

Done! Added normalize_cwe_id that handles all formats:

"79"     → "CWE-79"
"cwe-79" → "CWE-79" 
"CWE-79" → "CWE-79"

both user input and advisory CWEs are normalized before comparison, so "79" will correctly match "CWE-79" in advisories (and vice versa).

[M9nx]

Fixed! Changes:

-vec!["79".to_string() →"79".to_string() (array literal, no heap allocation)