MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: fix vulnerable_configuration object ref, rely on template. 

Related #853
pull/572/head
Raphaël Vinot 2022-07-28 14:41:32 +02:00
parent a019958635
commit 81ec6fe415
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
misp_modules/modules/expansion/cve_advanced.py
View File

@ -23,11 +23,11 @@ class VulnerabilityParser():
self.references = defaultdict(list)
self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions')
self.vulnerability_mapping = {
'id': ('vulnerability', 'id'), 'summary': ('text', 'summary'),
'vulnerable_configuration': ('cpe', 'vulnerable_configuration'),
'vulnerable_configuration_cpe_2_2': ('cpe', 'vulnerable_configuration'),
'Modified': ('datetime', 'modified'), 'Published': ('datetime', 'published'),
'references': ('link', 'references'), 'cvss': ('float', 'cvss-score')}
'id': 'id', 'summary': 'summary',
'vulnerable_configuration': 'vulnerable-configuration',
'vulnerable_configuration_cpe_2_2': 'vulnerable-configuration',
'Modified': 'modified', 'Published': 'published',
'references': 'references', 'cvss': 'cvss-score'}
self.weakness_mapping = {'name': 'name', 'description_summary': 'description',
'status': 'status', 'weaknessabs': 'weakness-abs'}
@ -43,18 +43,17 @@ class VulnerabilityParser():
for feature in ('id', 'summary', 'Modified', 'cvss'):
value = self.vulnerability.get(feature)
if value:
attribute_type, relation = self.vulnerability_mapping[feature]
vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value})
vulnerability_object.add_attribute(self.vulnerability_mapping[feature], value)
if 'Published' in self.vulnerability:
vulnerability_object.add_attribute('published', **{'type': 'datetime', 'value': self.vulnerability['Published']})
vulnerability_object.add_attribute('state', **{'type': 'text', 'value': 'Published'})
vulnerability_object.add_attribute('published', self.vulnerability['Published'])
vulnerability_object.add_attribute('state', 'Published')
for feature in ('references', 'vulnerable_configuration', 'vulnerable_configuration_cpe_2_2'):
if feature in self.vulnerability:
attribute_type, relation = self.vulnerability_mapping[feature]
relation = self.vulnerability_mapping[feature]
for value in self.vulnerability[feature]:
if isinstance(value, dict):
value = value['title']
vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value})
vulnerability_object.add_attribute(relation, value)
vulnerability_object.add_reference(self.attribute['uuid'], 'related-to')
self.misp_event.add_object(vulnerability_object)
if 'cwe' in self.vulnerability and self.vulnerability['cwe'] not in ('Unknown', 'NVD-CWE-noinfo'):
@ -74,10 +73,9 @@ class VulnerabilityParser():
for capec in self.vulnerability['capec']:
capec_object = MISPObject('attack-pattern')
for feature in self.capec_features:
capec_object.add_attribute(feature, **{'type': 'text', 'value': capec[feature]})
capec_object.add_attribute(feature, capec[feature])
for related_weakness in capec['related_weakness']:
attribute = {'type': 'weakness', 'value': f"CWE-{related_weakness}"}
capec_object.add_attribute('related-weakness', **attribute)
capec_object.add_attribute('related-weakness', f"CWE-{related_weakness}")
self.misp_event.add_object(capec_object)
self.references[vulnerability_uuid].append(
{
@ -93,10 +91,10 @@ class VulnerabilityParser():
for cwe in cwes.json():
if cwe['id'] == cwe_id:
weakness_object = MISPObject('weakness')
weakness_object.add_attribute('id', {'type': 'weakness', 'value': f'{cwe_string}-{cwe_id}'})
weakness_object.add_attribute('id', f'{cwe_string}-{cwe_id}')
for feature, relation in self.weakness_mapping.items():
if cwe.get(feature):
weakness_object.add_attribute(relation, **{'type': 'text', 'value': cwe[feature]})
weakness_object.add_attribute(relation, cwe[feature])
self.misp_event.add_object(weakness_object)
self.references[vulnerability_uuid].append(
{