CVE updates - type, layouts and CVEsearchV2

Packs/Base/.pack-ignore

@@ -78,6 +78,8 @@ FeedIndicatorType
 str
 FileResult
 JavaScript
+CPE
+CPEs
 
 [tests_require_network]
 CommonServerPython

Packs/Base/ReleaseNotes/1_32_18.md

@@ -0,0 +1,5 @@
+
+#### Scripts
+
+##### CommonServerPython
+Updated the CVE class adding missing attributes and creating the CPE class to handle CPEs.

Packs/Base/Scripts/CommonServerPython/CommonServerPython.py

@@ -3623,6 +3623,27 @@ def to_context(self):
                 'data': self.dns_record_data
             }
 
+
+    class CPE:
+        """
+        Represents one Common Platform Enumeration (CPE) object, see https://nvlpubs.nist.gov/nistpubs/legacy/ir/nistir7695.pdf
+
+        :type cpe: ``str``
+        :param cpe: a single CPE string
+
+        :return: None
+        :rtype: ``None``
+
+        """
+        def __init__(self, cpe=None):
+            self.cpe = cpe
+
+        def to_context(self):
+            return {
+                'CPE': self.cpe,
+            }
+
+
     class File(Indicator):
         """
         File indicator class - https://xsoar.pan.dev/docs/integrations/context-standards-mandatory#file
@@ -3975,15 +3996,21 @@ class CVE(Indicator):
         :type dbot_score: ``DBotScore``
         :param dbot_score: If file has a score then create and set a DBotScore object
 
+        :type vulnerable_products: ``CPE``
+        :param vulnerable_products: A list of CPE objects
+
+        :type vulnerable_configurations: ``CPE``
+        :param vulnerable_configurations: A list of CPE objects
+
         :return: None
         :rtype: ``None``
         """
         CONTEXT_PATH = 'CVE(val.ID && val.ID == obj.ID)'
 
         def __init__(self, id, cvss, published, modified, description, relationships=None, stix_id=None,
                      cvss_version=None, cvss_score=None, cvss_vector=None, cvss_table=None, community_notes=None,
-                     tags=None, traffic_light_protocol=None, dbot_score=None, publications=None):
-            # type (str, str, str, str, str) -> None
+                     tags=None, traffic_light_protocol=None, dbot_score=None, publications=None,
+                     vulnerable_products=None, vulnerable_configurations=None):
 
             # Main indicator value
             self.id = id
@@ -4010,6 +4037,10 @@ def __init__(self, id, cvss, published, modified, description, relationships=Non
                                                                              integration_name=None,
                                                                              score=Common.DBotScore.NONE)
 
+            # Core custom fields for CVE type
+            self.vulnerable_products = vulnerable_products
+            self.vulnerable_configurations = vulnerable_configurations
+
         def to_context(self):
             cve_context = {
                 'ID': self.id,
@@ -4057,16 +4088,22 @@ def to_context(self):
             if self.traffic_light_protocol:
                 cve_context['TrafficLightProtocol'] = self.traffic_light_protocol
 
-            if self.publications:
-                cve_context['Publications'] = self.create_context_table(self.publications)
-
             ret_value = {
                 Common.CVE.CONTEXT_PATH: cve_context
             }
 
             if self.dbot_score:
                 ret_value.update(self.dbot_score.to_context())
 
+            if self.publications:
+                cve_context['Publications'] = self.create_context_table(self.publications)
+
+            if self.vulnerable_products:
+                cve_context['VulnerableProducts'] = self.create_context_table(self.vulnerable_products)
+
+            if self.vulnerable_configurations:
+                cve_context['VulnerableConfigurations'] = self.create_context_table(self.vulnerable_configurations)
+
             return ret_value
 
     class EMAIL(Indicator):

Packs/Base/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Base",
     "description": "The base pack for Cortex XSOAR.",
     "support": "xsoar",
-    "currentVersion": "1.32.17",
+    "currentVersion": "1.32.18",
     "author": "Cortex XSOAR",
     "serverMinVersion": "6.0.0",
     "url": "https://www.paloaltonetworks.com/cortex",

Packs/CIRCL/.secrets-ignore

@@ -0,0 +1,2 @@
+https://cve.bad_url
+cve@mitre.org