MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: [vulnerability_lookup] Handling weakness (CWE) information while parsing github vulnerabilities

pull/709/head
Christian Studer 2024-12-16 13:13:21 +01:00
parent 5488396938
commit cd8a2881d4
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
misp_modules/modules/expansion/vulnerability_lookup.py
View File

@ -284,6 +284,11 @@ class VulnerabilityLookupParser(VulnerabilityParser):
misp_object.add_attribute('cvss-string', cvss['score'])
for reference in lookup_result['references']:
misp_object.add_attribute('references', reference['url'])
for cwe_id in lookup_result.get('database_specific', {}).get('cwe_ids', []):
attribute = self.misp_event.add_attribute(
type='weakness', value=cwe_id
)
misp_object.add_reference(attribute.uuid, 'weakened-by')
misp_object.add_reference(self.misp_attribute.uuid, 'related-to')
vulnerability_object = self.misp_event.add_object(misp_object)