chg: [vulnerability_parser] Supporting CERTFR vulnerability IDs

chrisr3d · chrisr3d · commit 4c50f515651c · 2025-09-01T16:24:43.000+02:00
diff --git a/misp_modules/modules/expansion/_vulnerability_parser/vulnerability_parser.py b/misp_modules/modules/expansion/_vulnerability_parser/vulnerability_parser.py
@@ -1,8 +1,8 @@
 import json
-from typing import Iterator
-
 import requests
+from datetime import datetime
 from pymisp import MISPAttribute, MISPEvent, MISPObject
+from typing import Iterator
 
 
 class VulnerabilityMapping:
@@ -98,6 +98,11 @@ def _parse_variot_description(self, query_results):
 
 
 class VulnerabilityLookupMapping(VulnerabilityMapping):
+    __certfr_mapping = {
+        "reference": "id",
+        "title": "summary",
+        "summary": "description"
+    }
     __cnvd_mapping = {
         "number": "id",
         "title": "summary",
@@ -145,6 +150,7 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
         "discovery_date": "published"
     }
     __source_mapping = {
+        "certfr": "_parse_certfr_description",
         "cnvd": "_parse_cnvd_description",
         "cve": "_parse_cve_description",
         'fkie_cve': '_parse_fkie_description',
@@ -179,6 +185,10 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
         "published": "published"
     }
 
+    @classmethod
+    def certfr_mapping(cls) -> dict:
+        return cls.__certfr_mapping
+
     @classmethod
     def cnvd_mapping(cls) -> dict:
         return cls.__cnvd_mapping
@@ -282,6 +292,31 @@ def _parse_aliases(self, *aliases: tuple) -> Iterator[str]:
         for alias in aliases:
             yield self._parse_alias(alias)
 
+    def _parse_certfr_description(self, lookup_result: dict) -> str:
+        misp_object = self._create_vulnerability_object(
+            lookup_result['reference']
+        )
+        for field, relation in self.mapping.certfr_mapping().items():
+            misp_object.add_attribute(relation, lookup_result[field])
+        timestamps = {
+            datetime.strptime(revision['revision_date'], '%Y-%m-%dT%H:%M:%S.%f')
+            for revision in lookup_result.get('revisions', [])
+        }
+        if timestamps:
+            misp_object.add_attribute('published', min(timestamps))
+            if len(timestamps) > 1:
+                misp_object.add_attribute('modified', max(timestamps))
+        for link in lookup_result.get('links', []):
+            misp_object.add_attribute(
+                'references', link['url'], comment=link['title']
+            )
+        vulnerability_object = self.misp_event.add_object(misp_object)
+        for cve in lookup_result.get('cves', []):
+            vulnerability_object.add_reference(
+                self._parse_alias(cve['name']), 'related-to'
+            )
+        return vulnerability_object.uuid
+
     def _parse_cnvd_description(self, lookup_result: dict) -> str:
         misp_object = self._create_vulnerability_object(lookup_result['number'])
         for field, relation in self.mapping.cnvd_mapping().items():
@@ -292,6 +327,7 @@ def _parse_cnvd_description(self, lookup_result: dict) -> str:
             vulnerability_object.add_reference(
                 self._parse_alias(cve), 'related-to'
             )
+        return vulnerability_object.uuid
 
     def _parse_csaf_branch(self, branch: list) -> Iterator[str]:
         for sub_branch in branch:
