Merge pull request #2457 from CERT-Bund/extract_cve_from_tag

Add extract_cve_from_tag to Shadowserver parser _config.py
certtools · Feb 7, 2024 · 76c08f9 · 76c08f9
2 parents 5cd5a40 + 3c32675
commit 76c08f9
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/intelmq/bots/parsers/shadowserver/_config.py b/intelmq/bots/parsers/shadowserver/_config.py
@@ -290,6 +290,20 @@ def category_or_detail(value: str, row: Dict[str, str]) -> str:
     return row.get('detail', '')
 
 
+def extract_cve_from_tag(tag: str) -> Optional[str]:
+    """ Returns a string with a sorted semicolon-separated list of CVEs or None if no CVE found in tag. """
+    cveset = set()
+    tags = tag.split(";")
+
+    for t in tags:
+        if re.match('^cve-[0-9]+-[0-9]+$', t):
+            cveset.add(t)
+
+    if not (len(cveset)):
+        return None
+    return (';'.join(str(c) for c in sorted(cveset)))
+
+
 functions = {
     'add_UTC_to_timestamp': add_UTC_to_timestamp,
     'convert_bool': convert_bool,
@@ -308,6 +322,7 @@ def category_or_detail(value: str, row: Dict[str, str]) -> str:
     'scan_exchange_type': scan_exchange_type,
     'scan_exchange_identifier': scan_exchange_identifier,
     'category_or_detail': category_or_detail,
+    'extract_cve_from_tag': extract_cve_from_tag,
 }