fix: [cve_advanced] Avoiding potential MISP object references issues

- Adding objects as dictionaries in an event may cause issues in some cases. It is better to pass the MISP object as is, as it is already a valid object since the MISPObject class is used
2020-10-01 22:44:39 +02:00 · 2020-10-01 22:44:39 +02:00 · 14aa6e2d1a
parent c5abf89805
commit 14aa6e2d1a
1 changed files with 3 additions and 3 deletions
--- a/misp_modules/modules/expansion/cve_advanced.py
+++ b/misp_modules/modules/expansion/cve_advanced.py
@ -56,7 +56,7 @@ class VulnerabilityParser():
                        value = value['title']
                    vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value})
        vulnerability_object.add_reference(self.attribute['uuid'], 'related-to')
-        self.misp_event.add_object(**vulnerability_object)
+        self.misp_event.add_object(vulnerability_object)
        if 'cwe' in self.vulnerability and self.vulnerability['cwe'] not in ('Unknown', 'NVD-CWE-noinfo'):
            self.__parse_weakness(vulnerability_object.uuid)
        if 'capec' in self.vulnerability:
@ -79,7 +79,7 @@ class VulnerabilityParser():
            for related_weakness in capec['related_weakness']:
                attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
                capec_object.add_attribute('related-weakness', **attribute)
-            self.misp_event.add_object(**capec_object)
+            self.misp_event.add_object(capec_object)
            self.references[vulnerability_uuid].append(dict(referenced_uuid=capec_object.uuid,
                                                            relationship_type='targeted-by'))

@ -95,7 +95,7 @@ class VulnerabilityParser():
                    for feature, relation in self.weakness_mapping.items():
                        if cwe.get(feature):
                            weakness_object.add_attribute(relation, **dict(type=attribute_type, value=cwe[feature]))
-                    self.misp_event.add_object(**weakness_object)
+                    self.misp_event.add_object(weakness_object)
                    self.references[vulnerability_uuid].append(dict(referenced_uuid=weakness_object.uuid,
                                                                    relationship_type='weakened-by'))
                    break