chg: [vulnerability_parser] Supporting GCVE vulnerability IDs

chrisr3d · chrisr3d · commit 69e793a12ec9 · 2025-09-01T17:10:59.000+02:00
- Including CIRCL and AHA sources
- Take on me (Take on me)
  Take me on (Take on me)
  I'll be gone In a day or two
diff --git a/misp_modules/modules/expansion/_vulnerability_parser/vulnerability_parser.py b/misp_modules/modules/expansion/_vulnerability_parser/vulnerability_parser.py
@@ -127,6 +127,12 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
         'lastModified': 'modified',
         'published': 'published'
     }
+    __gcve_mapping = {
+        "vulnId": "id",
+        "datePublished": "published",
+        "dateUpdated": "modified",
+        "state": "state"
+    }
     __gsd_mapping = {"id": "id", "details": "description", "modified": "modified"}
     __jvn_mapping = {
         "sec:identifier": "id",
@@ -154,6 +160,7 @@ class VulnerabilityLookupMapping(VulnerabilityMapping):
         "cnvd": "_parse_cnvd_description",
         "cve": "_parse_cve_description",
         'fkie_cve': '_parse_fkie_description',
+        "gcve": "_parse_gcve_description",
         "ghsa": "_parse_standard_description",
         "gsd": "_parse_gsd_description",
         "jvndb": "_parse_jvn_description",
@@ -209,6 +216,10 @@ def cwe_mapping(cls) -> dict:
     def fkie_mapping(cls) -> dict:
         return cls.__fkie_mapping
 
+    @classmethod
+    def gcve_mapping(cls) -> dict:
+        return cls.__gcve_mapping
+
     @classmethod
     def gsd_mapping(cls) -> dict:
         return cls.__gsd_mapping
@@ -462,6 +473,54 @@ def _parse_fkie_description(self, lookup_result: dict) -> str:
                     attribute.uuid, 'weakened-by'
                 )
 
+    def _parse_gcve_description(self, lookup_result: dict) -> str:
+        metadata = lookup_result['cveMetadata']
+        misp_object = self._create_vulnerability_object(metadata['vulnId'])
+        for field, relation in self.mapping.gcve_mapping().items():
+            misp_object.add_attribute(relation, metadata[field])
+        vulnerability_object = self.misp_event.add_object(misp_object)
+        container = lookup_result['containers'].get('cna')
+        if container is not None:
+            if container.get('title'):
+                vulnerability_object.add_attribute(
+                    'summary', container['title']
+                )
+            for description in container.get('descriptions', []):
+                vulnerability_object.add_attribute(
+                    'description', description['value']
+                )
+            for reference in container.get('references', []):
+                vulnerability_object.add_attribute(
+                    'references', reference['url']
+                )
+            for metric in container.get('metrics', []):
+                for key, fields in metric.items():
+                    if key.startswith('cvssV'):
+                        vulnerability_object.add_attribute(
+                            'cvss-score', fields['baseScore']
+                        )
+                        vulnerability_object.add_attribute(
+                            'cvss-string', fields['vectorString']
+                        )
+            for credit in container.get('credits', []):
+                vulnerability_object.add_attribute('credit', credit['value'])
+            for weakness in container.get('problemTypes', []):
+                for description in weakness.get('descriptions', []):
+                    weakness_object = MISPObject('weakness')
+                    weakness_object.add_attribute('id', description['cweId'])
+                    weakness_object.add_attribute(
+                        'description', description['description']
+                    )
+                    vulnerability_object.add_reference(
+                        self.misp_event.add_object(weakness_object).uuid,
+                        'weakened-by'
+                    )
+        if metadata.get('cveId') is not None:
+            vulnerability_object.add_reference(
+                self._parse_alias(metadata['cveId']), 'related-to'
+            )
+        return vulnerability_object.uuid
+
     def _parse_gsd_description(self, lookup_result: dict) -> str:
         gsd_details = lookup_result["gsd"]["osvSchema"]
         misp_object = self._create_vulnerability_object(gsd_details['id'])
