add: Making vulnerability object reference to its related capec & cwe objects

2019-08-01 15:37:10 +02:00 · 2019-08-01 15:37:10 +02:00 · 5c15c0ff93
parent c4302aa35e
commit 5c15c0ff93
1 changed files with 15 additions and 0 deletions
--- a/misp_modules/modules/expansion/cve_advanced.py
+++ b/misp_modules/modules/expansion/cve_advanced.py
@ -1,3 +1,4 @@
+from collections import defaultdict
 from pymisp import MISPEvent, MISPObject
 import json
 import requests
@ -26,6 +27,8 @@ class VulnerabilityParser():
                                 'status': 'status', 'weaknessabs': 'weakness-abs'}

    def get_result(self):
+        if self.references:
+            self.__build_references()
        event = json.loads(self.misp_event.to_json())['Event']
        results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])}
        return {'results': results}
@ -51,6 +54,14 @@ class VulnerabilityParser():
        if 'capec' in self.vulnerability:
            self.__parse_capec(vulnerability_object.uuid)

+    def __build_references(self):
+        for object_uuid, references in self.references.items():
+            for misp_object in self.misp_event.objects:
+                if misp_object.uuid == object_uuid:
+                    for reference in references:
+                        misp_object.add_reference(**reference)
+                    break
+
    def __parse_capec(self, vulnerability_uuid):
        attribute_type = 'text'
        for capec in self.vulnerability['capec']:
@ -61,6 +72,8 @@ class VulnerabilityParser():
                attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
                capec_object.add_attribute('related-weakness', **attribute)
            self.misp_event.add_object(**capec_object)
+            self.references[vulnerability_uuid].append(dict(referenced_uuid=capec_object.uuid,
+                                                            relationship_type='targeted-by'))

    def __parse_weakness(self, vulnerability_uuid):
        attribute_type = 'text'
@ -75,6 +88,8 @@ class VulnerabilityParser():
                        if cwe.get(feature):
                            weakness_object.add_attribute(relation, **dict(type=attribute_type, value=cwe[feature]))
                    self.misp_event.add_object(**weakness_object)
+                    self.references[vulnerability_uuid].append(dict(referenced_uuid=weakness_object.uuid,
+                                                                    relationship_type='weakened-by'))
                    break