Add support for `cveTags` property
Closed this issue · 5 comments
himynamesdave commented
The API new prints a list of cveTags
.
e.g.
{
"resultsPerPage": 1,
"startIndex": 0,
"totalResults": 1,
"format": "NVD_CVE",
"version": "2.0",
"timestamp": "2024-08-15T11:44:23.737",
"vulnerabilities": [
{
"cve": {
"id": "CVE-2024-26049",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-06-13T08:15:51.293",
"lastModified": "2024-08-07T13:15:59.723",
"vulnStatus": "Modified",
"cveTags": ["unsupported-when-assigned","disputed"],
We should add the values under cveTags
to the vulnerability
object created using the labels
property, e.g.
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--<UUIDv5 LOGIC>",
"created_by_ref": "<IMPORTED IDENTITY OBJECT>",
"created": "<vulnerabilities.cve.published>",
"modified": "<vulnerabilities.cve.lastModified>",
"name": "<vulnerabilities.cve.id>",
"description": "<vulnerabilities.cve.descriptions.description_data.value> (if multiple, where lan = en, else first result)",
"labels": [
"<vulnerabilities.cve.cveTags>"
],
fqrious commented
is it goinh to be labels=[cveTag1, cveTag2,...]
or?
himynamesdave commented
Like
"labels": ["label1","label2"]
fqrious commented
"cveTags": ["unsupported-when-assigned","disputed"],
use this example here
himynamesdave commented
so this would be...
"labels": ["unsupported-when-assigned","disputed"]
himynamesdave commented
@fqrious it's not being parsed as expected,
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--00ed69d1-721c-5dad-9747-38e87ac91b7c",
"created_by_ref": "identity--562918ee-d5da-5579-b6a1-fae50cc6bad3",
"created": "2009-03-30T01:30:00.420Z",
"modified": "2024-08-07T12:15:26.957Z",
"name": "CVE-2008-6544",
"description": "Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request",
"labels": [
"{'sourceIdentifier': 'cve@mitre.org', 'tags': ['disputed']}"
],
"external_references": [
{
"source_name": "cve",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6544",
"external_id": "CVE-2008-6544"
},
this should just be
"labels": [
"disputed"
],