diff --git a/misp_modules/modules/expansion/cve_advanced.py b/misp_modules/modules/expansion/cve_advanced.py index c1b8c6a..f08bb1c 100644 --- a/misp_modules/modules/expansion/cve_advanced.py +++ b/misp_modules/modules/expansion/cve_advanced.py @@ -16,6 +16,7 @@ class VulnerabilityParser(): self.vulnerability = vulnerability self.misp_event = MISPEvent() self.references = defaultdict(list) + self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions') self.vulnerability_mapping = { 'id': ('text', 'id'), 'summary': ('text', 'summary'), 'vulnerable_configuration_cpe_2_2': ('text', 'vulnerable_configuration'), @@ -46,9 +47,22 @@ class VulnerabilityParser(): vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value}) self.misp_event.add_object(**vulnerability_object) if 'cwe' in self.vulnerability: - self.parse_weakness(vulnerability_object.uuid) + self.__parse_weakness(vulnerability_object.uuid) + if 'capec' in self.vulnerability: + self.__parse_capec(vulnerability_object.uuid) - def parse_weakness(self, vulnerability_uuid): + def __parse_capec(self, vulnerability_uuid): + attribute_type = 'text' + for capec in self.vulnerability['capec']: + capec_object = MISPObject('capec') + for feature in self.capec_features: + capec_object.add_attribute(feature, **dict(type=attribute_type, value=capec[feature])) + for related_weakness in capec['related_weakness']: + attribute = dict(type='weakness', value="CWE-{}".format(related_weakness)) + capec_object.add_attribute('related-weakness', **attribute) + self.misp_event.add_object(**capec_object) + + def __parse_weakness(self, vulnerability_uuid): attribute_type = 'text' cwe_string, cwe_id = self.vulnerability['cwe'].split('-') cwes = requests.get(cveapi_url.replace('/cve/', '/cwe'))