From 5c15c0ff93a72a750ba8d6137abc4bd16ccbe23d Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Thu, 1 Aug 2019 15:37:10 +0200
Subject: [PATCH] add: Making vulnerability object reference to its related
 capec & cwe objects

---
 misp_modules/modules/expansion/cve_advanced.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/misp_modules/modules/expansion/cve_advanced.py b/misp_modules/modules/expansion/cve_advanced.py
index f08bb1c..413b049 100644
--- a/misp_modules/modules/expansion/cve_advanced.py
+++ b/misp_modules/modules/expansion/cve_advanced.py
@@ -1,3 +1,4 @@
+from collections import defaultdict
 from pymisp import MISPEvent, MISPObject
 import json
 import requests
@@ -26,6 +27,8 @@ class VulnerabilityParser():
                                  'status': 'status', 'weaknessabs': 'weakness-abs'}
 
     def get_result(self):
+        if self.references:
+            self.__build_references()
         event = json.loads(self.misp_event.to_json())['Event']
         results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])}
         return {'results': results}
@@ -51,6 +54,14 @@ class VulnerabilityParser():
         if 'capec' in self.vulnerability:
             self.__parse_capec(vulnerability_object.uuid)
 
+    def __build_references(self):
+        for object_uuid, references in self.references.items():
+            for misp_object in self.misp_event.objects:
+                if misp_object.uuid == object_uuid:
+                    for reference in references:
+                        misp_object.add_reference(**reference)
+                    break
+
     def __parse_capec(self, vulnerability_uuid):
         attribute_type = 'text'
         for capec in self.vulnerability['capec']:
@@ -61,6 +72,8 @@ class VulnerabilityParser():
                 attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
                 capec_object.add_attribute('related-weakness', **attribute)
             self.misp_event.add_object(**capec_object)
+            self.references[vulnerability_uuid].append(dict(referenced_uuid=capec_object.uuid,
+                                                            relationship_type='targeted-by'))
 
     def __parse_weakness(self, vulnerability_uuid):
         attribute_type = 'text'
@@ -75,6 +88,8 @@ class VulnerabilityParser():
                         if cwe.get(feature):
                             weakness_object.add_attribute(relation, **dict(type=attribute_type, value=cwe[feature]))
                     self.misp_event.add_object(**weakness_object)
+                    self.references[vulnerability_uuid].append(dict(referenced_uuid=weakness_object.uuid,
+                                                                    relationship_type='weakened-by'))
                     break