Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Tenable Vuln Management] fix: Unhandled CPE URI formats should be skipped #3545

Merged
merged 2 commits into from
Mar 4, 2025
+38 −2
Merged

[Tenable Vuln Management] fix: Unhandled CPE URI formats should be skipped #3545

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6fdff40
fix: unhandled CPE URI format should be skipped in use case
flavienSindou Mar 3, 2025
8eba035
test: add unit tests
flavienSindou Mar 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions external-import/tenable-vuln-management/src/tenable_vuln_management/converter_to_stix.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,21 @@ def _make_targeted_software_s(self, plugin: Plugin) -> list[Software]:
Returns:
list[Software]: A list of Software objects extracted from the CPE URIs in the plugin.
"""
# early out
if plugin.cpe is None:
return []

# filter out the CPE URIs that are not handled (i.e. should start with cpe, not p-cpe, etc)
unhandled_uris = [
cpe_uri for cpe_uri in plugin.cpe if not cpe_uri.startswith("cpe:")
]
if unhandled_uris:
self.helper.connector_logger.warning(
f"Unhandled CPE URIs: {unhandled_uris}. They will be ignored."
)

# remove unhandled URIs and eventually deduplicate
cpe_uris = list(set(plugin.cpe) - set(unhandled_uris))

return (
[
Expand All @@ -321,10 +336,11 @@ def _make_targeted_software_s(self, plugin: Plugin) -> list[Software]:
vendor=cpe_data["vendor"],
cpe=cpe_uri,
)
for cpe_uri in plugin.cpe
for cpe_uri in cpe_uris
for cpe_data in [parse_cpe_uri(cpe_uri)]
]
if plugin.cpe is not None
if plugin.cpe
is not None # mypy needed this, even though it's already checked above
else []
)

Expand Down
20 changes: 20 additions & 0 deletions external-import/tenable-vuln-management/tests/test_converter_to_stix.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -442,6 +442,26 @@ def test_converter_to_stix_make_targeted_software_s(
assert software.cpe == "cpe:/a:microsoft:sharepoint_server"


def test_unhandled_cpe_uri_are_skipped(mock_helper, mock_config, fake_plugin):
# Test added in the same time than a fix for the issue
# https://github.com/OpenCTI-Platform/connectors/issues/3473
# Given a converter to stix instance
converter_to_stix = ConverterToStix(
helper=mock_helper, config=mock_config, default_marking="TLP:CLEAR"
)
# And a fake plugin with unhandled CPE URI
fake_plugin = fake_plugin.model_copy(
update={"cpe": ["p-cpe:/a:unhandled:unhandled"]}
)

# When calling _make_targeted_software_s
targeted_software = converter_to_stix._make_targeted_software_s(plugin=fake_plugin)

# Then the result should contain no software objects
assert len(targeted_software) == 0
# and nothing raised error...


def test_converter_to_stix_make_vulnerabilities(mock_helper, mock_config, fake_plugin):
# Given a converter to stix instance and a fake plugin instance
converter_to_stix = ConverterToStix(
Expand Down