mirror of https://github.com/MISP/misp-modules
add: [vulnerability_lookup] Parsing JVNDB descriptions
Christian Studer
parent
4ff402e117
commit
157ac8ca99
|
|
@ -46,6 +46,14 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
|
||||||
'details': 'description',
|
'details': 'description',
|
||||||
'modified': 'modified'
|
'modified': 'modified'
|
||||||
}
|
}
|
||||||
|
__jvn_mapping = {
|
||||||
|
'sec:identifier': 'id',
|
||||||
|
'description': 'description',
|
||||||
|
'title': 'summary',
|
||||||
|
'link': 'references',
|
||||||
|
'dcterms:issued': 'published',
|
||||||
|
'dcterms:modified': 'modified'
|
||||||
|
}
|
||||||
__nvd_mapping = {
|
__nvd_mapping = {
|
||||||
'id': 'id',
|
'id': 'id',
|
||||||
'published': 'published',
|
'published': 'published',
|
||||||
|
|
@ -67,6 +75,7 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
|
||||||
'cve': '_parse_cve_description',
|
'cve': '_parse_cve_description',
|
||||||
'ghsa': '_parse_standard_description',
|
'ghsa': '_parse_standard_description',
|
||||||
'gsd': '_parse_gsd_description',
|
'gsd': '_parse_gsd_description',
|
||||||
|
'jvndb': '_parse_jvn_description',
|
||||||
'mal': '_parse_ossf_description',
|
'mal': '_parse_ossf_description',
|
||||||
'pysec': '_parse_standard_description',
|
'pysec': '_parse_standard_description',
|
||||||
'var': '_parse_variot_description'
|
'var': '_parse_variot_description'
|
||||||
|
|
@ -103,6 +112,10 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
|
||||||
def gsd_mapping(cls) -> dict:
|
def gsd_mapping(cls) -> dict:
|
||||||
return cls.__gsd_mapping
|
return cls.__gsd_mapping
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def jvn_mapping(cls) -> dict:
|
||||||
|
return cls.__jvn_mapping
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def nvd_mapping(cls) -> dict:
|
def nvd_mapping(cls) -> dict:
|
||||||
return cls.__nvd_mapping
|
return cls.__nvd_mapping
|
||||||
|
|
@ -144,7 +157,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
|
||||||
)
|
)
|
||||||
getattr(self, feature)(lookup_result)
|
getattr(self, feature)(lookup_result)
|
||||||
|
|
||||||
def _parse_aliases(self, aliases: list) -> Iterator[str]:
|
def _parse_aliases(self, *aliases: tuple[str]) -> Iterator[str]:
|
||||||
for alias in aliases:
|
for alias in aliases:
|
||||||
query = requests.get(f"{api_url}/vulnerability/{alias}")
|
query = requests.get(f"{api_url}/vulnerability/{alias}")
|
||||||
if query.status_code != 200:
|
if query.status_code != 200:
|
||||||
|
|
@ -266,6 +279,40 @@ class VulnerabilityLookupParser(VulnerabilityParser):
|
||||||
|
|
||||||
return vulnerability_object.uuid
|
return vulnerability_object.uuid
|
||||||
|
|
||||||
|
def _parse_jvn_description(self, lookup_result: dict) -> str:
|
||||||
|
vulnerability = MISPObject('vulnerability')
|
||||||
|
for field, relation in self.mapping.jvn_mapping().items():
|
||||||
|
vulnerability.add_attribute(relation, lookup_result[field])
|
||||||
|
for cpe in lookup_result.get('sec:cpe', []):
|
||||||
|
cpe_value = cpe.get('#text')
|
||||||
|
if cpe_value is not None:
|
||||||
|
vulnerability.add_attribute('vulnerable-configuration', cpe_value)
|
||||||
|
misp_object = self.misp_event.add_object(vulnerability)
|
||||||
|
for reference in lookup_result.get('sec:references', []):
|
||||||
|
source = reference.get('@source')
|
||||||
|
if source is None and reference.get('@id', '').startswith('CWE-'):
|
||||||
|
title = reference.get('@title')
|
||||||
|
if title is not None:
|
||||||
|
weakness = MISPObject('weakness')
|
||||||
|
weakness.add_attribute('id', reference['@id'])
|
||||||
|
weakness.add_attribute('description', title)
|
||||||
|
misp_object.add_reference(
|
||||||
|
self.misp_event.add_object(weakness).uuid, 'weakened-by'
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
misp_object.add_reference(
|
||||||
|
self.misp_event.add_attribute(
|
||||||
|
type='weakness', value=reference['@id']).uuid,
|
||||||
|
'weakened-by'
|
||||||
|
)
|
||||||
|
continue
|
||||||
|
if source == 'JVN':
|
||||||
|
misp_object.add_attribute('references', reference['#text'])
|
||||||
|
elif source == 'CVE':
|
||||||
|
for referenced_uuid in self._parse_aliases(reference['@id']):
|
||||||
|
misp_object.add_reference(referenced_uuid, 'related-to')
|
||||||
|
return misp_object.uuid
|
||||||
|
|
||||||
def _parse_nvd_related_description(self, nvd_description: dict) -> str:
|
def _parse_nvd_related_description(self, nvd_description: dict) -> str:
|
||||||
misp_object = MISPObject('vulnerability')
|
misp_object = MISPObject('vulnerability')
|
||||||
for field, relation in self.mapping.nvd_mapping().items():
|
for field, relation in self.mapping.nvd_mapping().items():
|
||||||
|
|
@ -306,7 +353,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
|
||||||
)
|
)
|
||||||
|
|
||||||
if lookup_result.get('aliases'):
|
if lookup_result.get('aliases'):
|
||||||
for vuln_uuid in self._parse_aliases(lookup_result['aliases']):
|
for vuln_uuid in self._parse_aliases(*lookup_result['aliases']):
|
||||||
vulnerability_object.add_reference(vuln_uuid, 'related-to')
|
vulnerability_object.add_reference(vuln_uuid, 'related-to')
|
||||||
|
|
||||||
return vulnerability_object.uuid
|
return vulnerability_object.uuid
|
||||||
|
|
@ -328,7 +375,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
|
||||||
vulnerability_object = self.misp_event.add_object(misp_object)
|
vulnerability_object = self.misp_event.add_object(misp_object)
|
||||||
|
|
||||||
if lookup_result.get('aliases'):
|
if lookup_result.get('aliases'):
|
||||||
for vuln_uuid in self._parse_aliases(lookup_result['aliases']):
|
for vuln_uuid in self._parse_aliases(*lookup_result['aliases']):
|
||||||
vulnerability_object.add_reference(vuln_uuid, 'related-to')
|
vulnerability_object.add_reference(vuln_uuid, 'related-to')
|
||||||
|
|
||||||
return vulnerability_object.uuid
|
return vulnerability_object.uuid
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue