CIRCL CVE Search parse CVSS version (#27907)

* Added CVSS Version and tests * RN * function docstring update * RN
demisto · Jul 5, 2023 · 03b36d6 · 03b36d6
1 parent e5ab987
commit 03b36d6
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 2 deletions.
diff --git a/Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch.py b/Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch.py
@@ -64,6 +64,25 @@ def test_module(client: Client):
     return 'ok'
 
 
+def get_cvss_verion(cvss_vector: str) -> float:
+    """
+    Extracts the CVSS score version according to its vector.
+
+    Args:
+        cvss_vector: The CVSS of the CVE.
+
+    Returns:
+        The CVSS version as a float.
+
+    """
+    if not cvss_vector:
+        return 0
+    elif cvss_version_regex := re.match('CVSS:(?P<version>.+?)/', cvss_vector):
+        return float(cvss_version_regex.group("version"))
+    else:
+        return 2.0
+
+
 def cve_latest_command(client: Client, limit) -> list[CommandResults]:
     """
     Returns the 30 latest updated CVEs.
@@ -224,6 +243,7 @@ def generate_indicator(data: dict) -> Common.CVE:
         id=cve_id,
         cvss=data.get('cvss'),
         cvss_vector=data.get('cvss-vector'),
+        cvss_version=get_cvss_verion(data.get('cvss-vector', '')),
         cvss_table=cvss_table,
         published=data.get('Published'),
         modified=data.get('Modified'),

diff --git a/Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch_test.py b/Packs/CIRCL/Integrations/CirclCVESearch/CirclCVESearch_test.py
@@ -3,7 +3,7 @@
 from pathlib import Path
 
 import pytest
-from CirclCVESearch import Client, cve_command, generate_indicator, parse_cpe, valid_cve_id_format
+from CirclCVESearch import Client, cve_command, generate_indicator, parse_cpe, valid_cve_id_format, get_cvss_verion
 
 from CommonServerPython import DemistoException, EntityRelationship, argToList
 
@@ -74,6 +74,16 @@ def test_indicator_creation():
         correct_indicator["CVE(val.ID && val.ID == obj.ID)"]["Tags"])
 
 
+@pytest.mark.parametrize("cvss_vector, expected_output", [
+    ("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", 3.0),
+    ("", 0),
+    ("AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", 2.0)
+])
+def test_parse_cvss_version(cvss_vector, expected_output):
+    version = get_cvss_verion(cvss_vector)
+    assert version == expected_output
+
+
 @pytest.mark.parametrize("cpe, expected_output, expected_relationships", [
     (["cpe:2.3:a:vendor:product"],
      ["Vendor", "Product", "Application"],

diff --git a/Packs/CIRCL/ReleaseNotes/1_0_13.md b/Packs/CIRCL/ReleaseNotes/1_0_13.md
@@ -1,3 +1,4 @@
 #### Integrations
 ##### CIRCL
 - Updated the Docker image to: *demisto/python3:3.10.12.63474*.
+
diff --git a/Packs/CIRCL/ReleaseNotes/1_0_14.md b/Packs/CIRCL/ReleaseNotes/1_0_14.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### CIRCL CVE Search
+
+- Updated the integration to parse the CVE CVSS Version according to the vector.
diff --git a/Packs/CIRCL/pack_metadata.json b/Packs/CIRCL/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "CIRCL",
     "description": "The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents.\nThis pack includes:\n# CIRCL Passive DNS which is a database storing historical DNS records from various resources.\n# CIRCL Passive SSL is a database storing historical X.509 certificates seen per IP address. The Passive SSL historical data is indexed per IP address.\n# CIRCL CVE Search, interface to search publicly known information from security vulnerabilities in software and hardware along with their corresponding exposures.",
     "support": "xsoar",
-    "currentVersion": "1.0.13",
+    "currentVersion": "1.0.14",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",