mirror of https://github.com/MISP/misp-modules
fix: [cve-advanced] Using the cpe and weakness attribute types
parent
4b1b1820d2
commit
c00349e198
|
@ -23,9 +23,9 @@ class VulnerabilityParser():
|
||||||
self.references = defaultdict(list)
|
self.references = defaultdict(list)
|
||||||
self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions')
|
self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions')
|
||||||
self.vulnerability_mapping = {
|
self.vulnerability_mapping = {
|
||||||
'id': ('text', 'id'), 'summary': ('text', 'summary'),
|
'id': ('vulnerability', 'id'), 'summary': ('text', 'summary'),
|
||||||
'vulnerable_configuration': ('text', 'vulnerable_configuration'),
|
'vulnerable_configuration': ('cpe', 'vulnerable_configuration'),
|
||||||
'vulnerable_configuration_cpe_2_2': ('text', 'vulnerable_configuration'),
|
'vulnerable_configuration_cpe_2_2': ('cpe', 'vulnerable_configuration'),
|
||||||
'Modified': ('datetime', 'modified'), 'Published': ('datetime', 'published'),
|
'Modified': ('datetime', 'modified'), 'Published': ('datetime', 'published'),
|
||||||
'references': ('link', 'references'), 'cvss': ('float', 'cvss-score')}
|
'references': ('link', 'references'), 'cvss': ('float', 'cvss-score')}
|
||||||
self.weakness_mapping = {'name': 'name', 'description_summary': 'description',
|
self.weakness_mapping = {'name': 'name', 'description_summary': 'description',
|
||||||
|
@ -71,33 +71,39 @@ class VulnerabilityParser():
|
||||||
break
|
break
|
||||||
|
|
||||||
def __parse_capec(self, vulnerability_uuid):
|
def __parse_capec(self, vulnerability_uuid):
|
||||||
attribute_type = 'text'
|
|
||||||
for capec in self.vulnerability['capec']:
|
for capec in self.vulnerability['capec']:
|
||||||
capec_object = MISPObject('attack-pattern')
|
capec_object = MISPObject('attack-pattern')
|
||||||
for feature in self.capec_features:
|
for feature in self.capec_features:
|
||||||
capec_object.add_attribute(feature, **dict(type=attribute_type, value=capec[feature]))
|
capec_object.add_attribute(feature, **{'type': 'text', 'value': capec[feature]})
|
||||||
for related_weakness in capec['related_weakness']:
|
for related_weakness in capec['related_weakness']:
|
||||||
attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
|
attribute = {'type': 'weakness', 'value': f"CWE-{related_weakness}"}
|
||||||
capec_object.add_attribute('related-weakness', **attribute)
|
capec_object.add_attribute('related-weakness', **attribute)
|
||||||
self.misp_event.add_object(capec_object)
|
self.misp_event.add_object(capec_object)
|
||||||
self.references[vulnerability_uuid].append(dict(referenced_uuid=capec_object.uuid,
|
self.references[vulnerability_uuid].append(
|
||||||
relationship_type='targeted-by'))
|
{
|
||||||
|
'referenced_uuid': capec_object.uuid,
|
||||||
|
'relationship_type': 'targeted-by'
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
def __parse_weakness(self, vulnerability_uuid):
|
def __parse_weakness(self, vulnerability_uuid):
|
||||||
attribute_type = 'text'
|
|
||||||
cwe_string, cwe_id = self.vulnerability['cwe'].split('-')
|
cwe_string, cwe_id = self.vulnerability['cwe'].split('-')
|
||||||
cwes = requests.get(self.api_url.replace('/cve/', '/cwe'))
|
cwes = requests.get(self.api_url.replace('/cve/', '/cwe'))
|
||||||
if cwes.status_code == 200:
|
if cwes.status_code == 200:
|
||||||
for cwe in cwes.json():
|
for cwe in cwes.json():
|
||||||
if cwe['id'] == cwe_id:
|
if cwe['id'] == cwe_id:
|
||||||
weakness_object = MISPObject('weakness')
|
weakness_object = MISPObject('weakness')
|
||||||
weakness_object.add_attribute('id', **dict(type=attribute_type, value='-'.join([cwe_string, cwe_id])))
|
weakness_object.add_attribute('id', {'type': 'weakness', 'value': f'{cwe_string}-{cwe_id}'})
|
||||||
for feature, relation in self.weakness_mapping.items():
|
for feature, relation in self.weakness_mapping.items():
|
||||||
if cwe.get(feature):
|
if cwe.get(feature):
|
||||||
weakness_object.add_attribute(relation, **dict(type=attribute_type, value=cwe[feature]))
|
weakness_object.add_attribute(relation, **{'type': 'text', 'value': cwe[feature]})
|
||||||
self.misp_event.add_object(weakness_object)
|
self.misp_event.add_object(weakness_object)
|
||||||
self.references[vulnerability_uuid].append(dict(referenced_uuid=weakness_object.uuid,
|
self.references[vulnerability_uuid].append(
|
||||||
relationship_type='weakened-by'))
|
{
|
||||||
|
'referenced_uuid': weakness_object.uuid,
|
||||||
|
'relationship_type': 'weakened-by'
|
||||||
|
}
|
||||||
|
)
|
||||||
break
|
break
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue