MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [vulnerability_lookup] Adding to the vulnerability object the Vulnerability Lookup link to the vulnerability description

pull/709/head
Christian Studer 2024-12-19 17:10:19 +01:00
parent 9d492af227
commit 4accbc9823
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
misp_modules/modules/expansion/_vulnerability_parser/vulnerability_parser.py
View File

@ -271,6 +271,13 @@ class VulnerabilityLookupParser(VulnerabilityParser):
)
getattr(self, feature)(lookup_result)
def _create_vulnerability_object(self) -> MISPObject:
misp_object = MISPObject('vulnerability')
misp_object.add_attribute(
'references', f'{self.api_url}/vuln/{self.misp_attribute.value}'
)
return misp_object
def _parse_aliases(self, *aliases: tuple) -> Iterator[str]:
for alias in aliases:
query = requests.get(f"{self.api_url}/api/vulnerability/{alias}")
@ -301,7 +308,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
description = lookup_result['document']
tracking = description['tracking']
misp_object = MISPObject('vulnerability')
misp_object = self._create_vulnerability_object()
for field, relation in self.mapping.csaf_mapping().items():
misp_object.add_attribute(relation, tracking[field])
misp_object.add_attribute('summary', description['title'])
@ -341,7 +348,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
return vulnerability_object.uuid
def _parse_cve_description(self, lookup_result: dict) -> str:
misp_object = MISPObject('vulnerability')
misp_object = self._create_vulnerability_object()
cveMetaData = lookup_result['cveMetadata']
for field, relation in self.mapping.cve_mapping().items():
misp_object.add_attribute(relation, cveMetaData[field])
@ -373,7 +380,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
return self.misp_event.add_object(misp_object).uuid
def _parse_gsd_description(self, lookup_result: dict) -> str:
misp_object = MISPObject('vulnerability')
misp_object = self._create_vulnerability_object()
gsd_details = lookup_result['gsd']['osvSchema']
for field, relation in self.mapping.gsd_mapping().items():
if gsd_details.get(field):
@ -396,7 +403,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
return vulnerability_object.uuid
def _parse_jvn_description(self, lookup_result: dict) -> str:
vulnerability = MISPObject('vulnerability')
vulnerability = self._create_vulnerability_object()
for field, relation in self.mapping.jvn_mapping().items():
vulnerability.add_attribute(relation, lookup_result[field])
for cpe in lookup_result.get('sec:cpe', []):
@ -448,7 +455,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
return self.misp_event.add_object(misp_object).uuid
def _parse_ossf_description(self, lookup_result: dict) -> str:
misp_object = MISPObject('vulnerability')
misp_object = self._create_vulnerability_object()
for field, relation in self.mapping.ossf_mapping().items():
misp_object.add_attribute(relation, lookup_result[field])
for reference in lookup_result['references']:
@ -475,7 +482,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
return vulnerability_object.uuid
def _parse_standard_description(self, lookup_result: dict) -> str:
misp_object = MISPObject('vulnerability')
misp_object = self._create_vulnerability_object()
for field, relation in self.mapping.standard_mapping().items():
misp_object.add_attribute(relation, lookup_result[field])
for cvss in lookup_result.get('severity', []):
@ -497,7 +504,7 @@ class VulnerabilityLookupParser(VulnerabilityParser):
return vulnerability_object.uuid
def _parse_tailscale_description(self, lookup_result: dict) -> str:
misp_object = MISPObject('vulnerability')
misp_object = self._create_vulnerability_object()
for field, relation in self.mapping.tailscale_mapping().items():
misp_object.add_attribute(relation, lookup_result[field])
misp_object.add_reference(self.misp_attribute.uuid, 'related-to')