add: Parsing CAPEC information related to the CVE

pull/318/head
chrisr3d 2019-08-01 15:21:18 +02:00
parent 7445d7336e
commit c4302aa35e
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 16 additions and 2 deletions

View File

@ -16,6 +16,7 @@ class VulnerabilityParser():
self.vulnerability = vulnerability self.vulnerability = vulnerability
self.misp_event = MISPEvent() self.misp_event = MISPEvent()
self.references = defaultdict(list) self.references = defaultdict(list)
self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions')
self.vulnerability_mapping = { self.vulnerability_mapping = {
'id': ('text', 'id'), 'summary': ('text', 'summary'), 'id': ('text', 'id'), 'summary': ('text', 'summary'),
'vulnerable_configuration_cpe_2_2': ('text', 'vulnerable_configuration'), 'vulnerable_configuration_cpe_2_2': ('text', 'vulnerable_configuration'),
@ -46,9 +47,22 @@ class VulnerabilityParser():
vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value}) vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value})
self.misp_event.add_object(**vulnerability_object) self.misp_event.add_object(**vulnerability_object)
if 'cwe' in self.vulnerability: if 'cwe' in self.vulnerability:
self.parse_weakness(vulnerability_object.uuid) self.__parse_weakness(vulnerability_object.uuid)
if 'capec' in self.vulnerability:
self.__parse_capec(vulnerability_object.uuid)
def parse_weakness(self, vulnerability_uuid): def __parse_capec(self, vulnerability_uuid):
attribute_type = 'text'
for capec in self.vulnerability['capec']:
capec_object = MISPObject('capec')
for feature in self.capec_features:
capec_object.add_attribute(feature, **dict(type=attribute_type, value=capec[feature]))
for related_weakness in capec['related_weakness']:
attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
capec_object.add_attribute('related-weakness', **attribute)
self.misp_event.add_object(**capec_object)
def __parse_weakness(self, vulnerability_uuid):
attribute_type = 'text' attribute_type = 'text'
cwe_string, cwe_id = self.vulnerability['cwe'].split('-') cwe_string, cwe_id = self.vulnerability['cwe'].split('-')
cwes = requests.get(cveapi_url.replace('/cve/', '/cwe')) cwes = requests.get(cveapi_url.replace('/cve/', '/cwe'))