From 8b3da50c57d4964729c1a36a606cf20cfeeb46a2 Mon Sep 17 00:00:00 2001 From: Christian Studer Date: Mon, 16 Dec 2024 16:39:46 +0100 Subject: [PATCH] add: [vulnerability_lookup] Handling weakness (CWE) information while parsing OpenSSF vulnerability descriptions --- .../modules/expansion/vulnerability_lookup.py | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/misp_modules/modules/expansion/vulnerability_lookup.py b/misp_modules/modules/expansion/vulnerability_lookup.py index ebcf7e3f..0e32fa10 100644 --- a/misp_modules/modules/expansion/vulnerability_lookup.py +++ b/misp_modules/modules/expansion/vulnerability_lookup.py @@ -36,6 +36,11 @@ class VulnerabilityLookupMapping(VulnerabilityMapping): 'dateUpdated': 'modified', 'state': 'state' } + __cwe_mapping = { + 'cweId': 'id', + 'description': 'description', + 'name': 'name' + } __gsd_mapping = { 'id': 'id', 'details': 'description', @@ -90,6 +95,10 @@ class VulnerabilityLookupMapping(VulnerabilityMapping): def cve_mapping(cls) -> dict: return cls.__cve_mapping + @classmethod + def cwe_mapping(cls) -> dict: + return cls.__cwe_mapping + @classmethod def gsd_mapping(cls) -> dict: return cls.__gsd_mapping @@ -270,6 +279,18 @@ class VulnerabilityLookupParser(VulnerabilityParser): misp_object.add_attribute('references', reference['url']) misp_object.add_reference(self.misp_attribute.uuid, 'related-to') vulnerability_object = self.misp_event.add_object(misp_object) + for affected in lookup_result.get('affected', []): + for cwe in affected.get('database_specific', {}).get('cwes', []): + cwe_id = cwe.get('cweId') + if cwe_id is not None: + weakness = MISPObject('weakness') + for field, relation in self.mapping.cwe_mapping().items(): + if cwe.get(field): + weakness.add_attribute(relation, cwe[field]) + self.misp_event.add_object(weakness) + vulnerability_object.add_reference( + weakness.uuid, 'weakened-by' + ) if lookup_result.get('aliases'): for vuln_uuid in self._parse_aliases(lookup_result['aliases']):