add: [vulnerability_lookup] Handling weakness (CWE) information while parsing OpenSSF vulnerability descriptions

misp_modules/modules/expansion/vulnerability_lookup.py

@@ -36,6 +36,11 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
         'dateUpdated': 'modified',
         'state': 'state'
     }
+    __cwe_mapping = {
+        'cweId': 'id',
+        'description': 'description',
+        'name': 'name'
+    }
     __gsd_mapping = {
         'id': 'id',
         'details': 'description',
@@ -90,6 +95,10 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
     def cve_mapping(cls) -> dict:
         return cls.__cve_mapping
 
+    @classmethod
+    def cwe_mapping(cls) -> dict:
+        return cls.__cwe_mapping
+
     @classmethod
     def gsd_mapping(cls) -> dict:
         return cls.__gsd_mapping
@@ -270,6 +279,18 @@ class VulnerabilityLookupParser(VulnerabilityParser):
             misp_object.add_attribute('references', reference['url'])
         misp_object.add_reference(self.misp_attribute.uuid, 'related-to')
         vulnerability_object = self.misp_event.add_object(misp_object)
+        for affected in lookup_result.get('affected', []):
+            for cwe in affected.get('database_specific', {}).get('cwes', []):
+                cwe_id = cwe.get('cweId')
+                if cwe_id is not None:
+                    weakness = MISPObject('weakness')
+                    for field, relation in self.mapping.cwe_mapping().items():
+                        if cwe.get(field):
+                            weakness.add_attribute(relation, cwe[field])
+                    self.misp_event.add_object(weakness)
+                    vulnerability_object.add_reference(
+                        weakness.uuid, 'weakened-by'
+                    )
 
         if lookup_result.get('aliases'):
             for vuln_uuid in self._parse_aliases(lookup_result['aliases']):