diff --git a/misp_modules/modules/expansion/vulnerability_lookup.py b/misp_modules/modules/expansion/vulnerability_lookup.py index ebcf7e3f..0e32fa10 100644 --- a/misp_modules/modules/expansion/vulnerability_lookup.py +++ b/misp_modules/modules/expansion/vulnerability_lookup.py @@ -36,6 +36,11 @@ class VulnerabilityLookupMapping(VulnerabilityMapping): 'dateUpdated': 'modified', 'state': 'state' } + __cwe_mapping = { + 'cweId': 'id', + 'description': 'description', + 'name': 'name' + } __gsd_mapping = { 'id': 'id', 'details': 'description', @@ -90,6 +95,10 @@ class VulnerabilityLookupMapping(VulnerabilityMapping): def cve_mapping(cls) -> dict: return cls.__cve_mapping + @classmethod + def cwe_mapping(cls) -> dict: + return cls.__cwe_mapping + @classmethod def gsd_mapping(cls) -> dict: return cls.__gsd_mapping @@ -270,6 +279,18 @@ class VulnerabilityLookupParser(VulnerabilityParser): misp_object.add_attribute('references', reference['url']) misp_object.add_reference(self.misp_attribute.uuid, 'related-to') vulnerability_object = self.misp_event.add_object(misp_object) + for affected in lookup_result.get('affected', []): + for cwe in affected.get('database_specific', {}).get('cwes', []): + cwe_id = cwe.get('cweId') + if cwe_id is not None: + weakness = MISPObject('weakness') + for field, relation in self.mapping.cwe_mapping().items(): + if cwe.get(field): + weakness.add_attribute(relation, cwe[field]) + self.misp_event.add_object(weakness) + vulnerability_object.add_reference( + weakness.uuid, 'weakened-by' + ) if lookup_result.get('aliases'): for vuln_uuid in self._parse_aliases(lookup_result['aliases']):