MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [freetext] Convert CVE string to uppercase to follow attribute validation

pull/6396/head
Jakub Onderka 2020-10-06 19:16:52 +02:00
parent 9b1e1cb1ba
commit 66b0d34337
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Lib/Tools/ComplexTypeTool.php
View File

@ -376,7 +376,13 @@ class ComplexTypeTool
{
// CVE numbers
if (preg_match("#^cve-[0-9]{4}-[0-9]{4,9}$#i", $input['raw'])) {
return array('types' => array('vulnerability'), 'categories' => array('External analysis'), 'to_ids' => false, 'default_type' => 'vulnerability', 'value' => $input['raw']);
return [
'types' => ['vulnerability'],
'categories' => ['External analysis'],
'to_ids' => false,
'default_type' => 'vulnerability',
'value' => strtoupper($input['raw']), // 'CVE' must be uppercase
];
}
// Phone numbers - for automatic recognition, needs to start with + or include dashes
if ($input['raw'][0] === '+' || strpos($input['raw'], '-')) {

9
app/Test/ComplexTypeToolTest.php
View File

@ -420,6 +420,15 @@ EOT;
$this->assertEquals('vulnerability', $results[0]['default_type']);
}
public function testCheckFreeTextCveLowercase(): void
{
$complexTypeTool = new ComplexTypeTool();
$results = $complexTypeTool->checkFreeText('cve-2019-16202');
$this->assertCount(1, $results);
$this->assertEquals('CVE-2019-16202', $results[0]['value']);
$this->assertEquals('vulnerability', $results[0]['default_type']);
}
public function testCheckFreeTextAs(): void
{
$complexTypeTool = new ComplexTypeTool();