diff --git a/misp_modules/modules/expansion/vulnerability_lookup.py b/misp_modules/modules/expansion/vulnerability_lookup.py index 9a84d0b3..7b938f89 100644 --- a/misp_modules/modules/expansion/vulnerability_lookup.py +++ b/misp_modules/modules/expansion/vulnerability_lookup.py @@ -78,6 +78,7 @@ class VulnerabilityLookupMapping(VulnerabilityMapping): 'jvndb': '_parse_jvn_description', 'mal': '_parse_ossf_description', 'pysec': '_parse_standard_description', + 'ts': '_parse_tailscale_description', 'var': '_parse_variot_description' } __source_mapping.update( @@ -95,6 +96,12 @@ class VulnerabilityLookupMapping(VulnerabilityMapping): 'published': 'published', 'modified': 'modified' } + __tailscale_mapping = { + 'title': 'id', + 'link': 'references', + 'summary': 'summary', + 'published': 'published' + } @classmethod def csaf_mapping(cls) -> dict: @@ -136,6 +143,10 @@ class VulnerabilityLookupMapping(VulnerabilityMapping): def standard_mapping(cls) -> dict: return cls.__standard_mapping + @classmethod + def tailscale_mapping(cls) -> dict: + return cls.__tailscale_mapping + class VulnerabilityLookupParser(VulnerabilityParser): def __init__(self, attribute: dict): @@ -382,6 +393,13 @@ class VulnerabilityLookupParser(VulnerabilityParser): return vulnerability_object.uuid + def _parse_tailscale_description(self, lookup_result: dict) -> str: + misp_object = MISPObject('vulnerability') + for field, relation in self.mapping.tailscale_mapping().items(): + misp_object.add_attribute(relation, lookup_result[field]) + misp_object.add_reference(self.misp_attribute.uuid, 'related-to') + self.misp_event.add_object(misp_object) + def handler(q=False): if q is False: