MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: [vulnerability_lookup] Handling weakness (CWE) information while parsing OpenSSF vulnerability descriptions

pull/709/head
Christian Studer 2024-12-16 16:39:46 +01:00
parent 8acd890605
commit 8b3da50c57
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
misp_modules/modules/expansion/vulnerability_lookup.py
View File

@ -36,6 +36,11 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
'dateUpdated': 'modified',
'state': 'state'
}
__cwe_mapping = {
'cweId': 'id',
'description': 'description',
'name': 'name'
}
__gsd_mapping = {
'id': 'id',
'details': 'description',
@ -90,6 +95,10 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
def cve_mapping(cls) -> dict:
return cls.__cve_mapping
@classmethod
def cwe_mapping(cls) -> dict:
return cls.__cwe_mapping
@classmethod
def gsd_mapping(cls) -> dict:
return cls.__gsd_mapping
@ -270,6 +279,18 @@ class VulnerabilityLookupParser(VulnerabilityParser):
misp_object.add_attribute('references', reference['url'])
misp_object.add_reference(self.misp_attribute.uuid, 'related-to')
vulnerability_object = self.misp_event.add_object(misp_object)
for affected in lookup_result.get('affected', []):
for cwe in affected.get('database_specific', {}).get('cwes', []):
cwe_id = cwe.get('cweId')
if cwe_id is not None:
weakness = MISPObject('weakness')
for field, relation in self.mapping.cwe_mapping().items():
if cwe.get(field):
weakness.add_attribute(relation, cwe[field])
self.misp_event.add_object(weakness)
vulnerability_object.add_reference(
weakness.uuid, 'weakened-by'
)
if lookup_result.get('aliases'):
for vuln_uuid in self._parse_aliases(lookup_result['aliases']):