From c00349e1984ee7b00b88eb36e382f9a5c98cd94e Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Thu, 22 Oct 2020 23:25:20 +0200 Subject: [PATCH] fix: [cve-advanced] Using the cpe and weakness attribute types --- .../modules/expansion/cve_advanced.py | 32 +++++++++++-------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/misp_modules/modules/expansion/cve_advanced.py b/misp_modules/modules/expansion/cve_advanced.py index d15711f..9071ff9 100644 --- a/misp_modules/modules/expansion/cve_advanced.py +++ b/misp_modules/modules/expansion/cve_advanced.py @@ -23,9 +23,9 @@ class VulnerabilityParser(): self.references = defaultdict(list) self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions') self.vulnerability_mapping = { - 'id': ('text', 'id'), 'summary': ('text', 'summary'), - 'vulnerable_configuration': ('text', 'vulnerable_configuration'), - 'vulnerable_configuration_cpe_2_2': ('text', 'vulnerable_configuration'), + 'id': ('vulnerability', 'id'), 'summary': ('text', 'summary'), + 'vulnerable_configuration': ('cpe', 'vulnerable_configuration'), + 'vulnerable_configuration_cpe_2_2': ('cpe', 'vulnerable_configuration'), 'Modified': ('datetime', 'modified'), 'Published': ('datetime', 'published'), 'references': ('link', 'references'), 'cvss': ('float', 'cvss-score')} self.weakness_mapping = {'name': 'name', 'description_summary': 'description', @@ -71,33 +71,39 @@ class VulnerabilityParser(): break def __parse_capec(self, vulnerability_uuid): - attribute_type = 'text' for capec in self.vulnerability['capec']: capec_object = MISPObject('attack-pattern') for feature in self.capec_features: - capec_object.add_attribute(feature, **dict(type=attribute_type, value=capec[feature])) + capec_object.add_attribute(feature, **{'type': 'text', 'value': capec[feature]}) for related_weakness in capec['related_weakness']: - attribute = dict(type='weakness', value="CWE-{}".format(related_weakness)) + attribute = {'type': 'weakness', 'value': f"CWE-{related_weakness}"} capec_object.add_attribute('related-weakness', **attribute) self.misp_event.add_object(capec_object) - self.references[vulnerability_uuid].append(dict(referenced_uuid=capec_object.uuid, - relationship_type='targeted-by')) + self.references[vulnerability_uuid].append( + { + 'referenced_uuid': capec_object.uuid, + 'relationship_type': 'targeted-by' + } + ) def __parse_weakness(self, vulnerability_uuid): - attribute_type = 'text' cwe_string, cwe_id = self.vulnerability['cwe'].split('-') cwes = requests.get(self.api_url.replace('/cve/', '/cwe')) if cwes.status_code == 200: for cwe in cwes.json(): if cwe['id'] == cwe_id: weakness_object = MISPObject('weakness') - weakness_object.add_attribute('id', **dict(type=attribute_type, value='-'.join([cwe_string, cwe_id]))) + weakness_object.add_attribute('id', {'type': 'weakness', 'value': f'{cwe_string}-{cwe_id}'}) for feature, relation in self.weakness_mapping.items(): if cwe.get(feature): - weakness_object.add_attribute(relation, **dict(type=attribute_type, value=cwe[feature])) + weakness_object.add_attribute(relation, **{'type': 'text', 'value': cwe[feature]}) self.misp_event.add_object(weakness_object) - self.references[vulnerability_uuid].append(dict(referenced_uuid=weakness_object.uuid, - relationship_type='weakened-by')) + self.references[vulnerability_uuid].append( + { + 'referenced_uuid': weakness_object.uuid, + 'relationship_type': 'weakened-by' + } + ) break