add: Parsing CAPEC information related to the CVE

misp_modules/modules/expansion/cve_advanced.py

@@ -16,6 +16,7 @@ class VulnerabilityParser():
         self.vulnerability = vulnerability
         self.misp_event = MISPEvent()
         self.references = defaultdict(list)
+        self.capec_features = ('id', 'name', 'summary', 'prerequisites', 'solutions')
         self.vulnerability_mapping = {
             'id': ('text', 'id'), 'summary': ('text', 'summary'),
             'vulnerable_configuration_cpe_2_2': ('text', 'vulnerable_configuration'),
@@ -46,9 +47,22 @@ class VulnerabilityParser():
                     vulnerability_object.add_attribute(relation, **{'type': attribute_type, 'value': value})
         self.misp_event.add_object(**vulnerability_object)
         if 'cwe' in self.vulnerability:
-            self.parse_weakness(vulnerability_object.uuid)
+            self.__parse_weakness(vulnerability_object.uuid)
+        if 'capec' in self.vulnerability:
+            self.__parse_capec(vulnerability_object.uuid)
 
-    def parse_weakness(self, vulnerability_uuid):
+    def __parse_capec(self, vulnerability_uuid):
+        attribute_type = 'text'
+        for capec in self.vulnerability['capec']:
+            capec_object = MISPObject('capec')
+            for feature in self.capec_features:
+                capec_object.add_attribute(feature, **dict(type=attribute_type, value=capec[feature]))
+            for related_weakness in capec['related_weakness']:
+                attribute = dict(type='weakness', value="CWE-{}".format(related_weakness))
+                capec_object.add_attribute('related-weakness', **attribute)
+            self.misp_event.add_object(**capec_object)
+
+    def __parse_weakness(self, vulnerability_uuid):
         attribute_type = 'text'
         cwe_string, cwe_id  = self.vulnerability['cwe'].split('-')
         cwes = requests.get(cveapi_url.replace('/cve/', '/cwe'))