fix: [cve_advanced] Avoiding potential MISP object references issues

- Adding objects as dictionaries in an event may
  cause issues in some cases. It is better to pass
  the MISP object as is, as it is already a valid
  object since the MISPObject class is used
pull/429/head
chrisr3d 2020-10-01 22:44:39 +02:00
parent c5abf89805
commit 14aa6e2d1a
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 3 additions and 3 deletions

View File

@ -56,7 +56,7 @@ class VulnerabilityParser():
value = value['title']
vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value})
vulnerability_object.add_reference(self.attribute['uuid'], 'related-to')
self.misp_event.add_object(**vulnerability_object)
self.misp_event.add_object(vulnerability_object)
if 'cwe' in self.vulnerability and self.vulnerability['cwe'] not in ('Unknown', 'NVD-CWE-noinfo'):
self.__parse_weakness(vulnerability_object.uuid)
if 'capec' in self.vulnerability:
@ -79,7 +79,7 @@ class VulnerabilityParser():
for related_weakness in capec['related_weakness']:
attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
capec_object.add_attribute('related-weakness', **attribute)
self.misp_event.add_object(**capec_object)
self.misp_event.add_object(capec_object)
self.references[vulnerability_uuid].append(dict(referenced_uuid=capec_object.uuid,
relationship_type='targeted-by'))
@ -95,7 +95,7 @@ class VulnerabilityParser():
for feature, relation in self.weakness_mapping.items():
if cwe.get(feature):
weakness_object.add_attribute(relation, **dict(type=attribute_type, value=cwe[feature]))
self.misp_event.add_object(**weakness_object)
self.misp_event.add_object(weakness_object)
self.references[vulnerability_uuid].append(dict(referenced_uuid=weakness_object.uuid,
relationship_type='weakened-by'))
break