From 2200090647ca7cb5c1027448b427567d4f91172b Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Fri, 18 Oct 2024 17:08:53 -0400
Subject: [PATCH] strict scope reorg

---
 bbot/defaults.yml             |  3 +++
 bbot/scanner/preset/args.py   |  5 ++++-
 bbot/scanner/preset/preset.py | 16 ++++++++--------
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/bbot/defaults.yml b/bbot/defaults.yml
index ca215a1edf..e659a183bb 100644
--- a/bbot/defaults.yml
+++ b/bbot/defaults.yml
@@ -14,6 +14,9 @@ folder_blobs: false
 ### SCOPE ###
 
 scope:
+  # strict scope means only exact DNS names are considered in-scope
+  # subdomains are not included unless they are explicitly provided in the target list
+  strict: false
   # Filter by scope distance which events are displayed in the output
   # 0 == show only in-scope events (affiliates are always shown)
   # 1 == show all events up to distance-1 (1 hop from target)
diff --git a/bbot/scanner/preset/args.py b/bbot/scanner/preset/args.py
index 986fd909f5..b386d4d843 100644
--- a/bbot/scanner/preset/args.py
+++ b/bbot/scanner/preset/args.py
@@ -91,7 +91,6 @@ def preset_from_args(self):
             *self.parsed.targets,
             whitelist=self.parsed.whitelist,
             blacklist=self.parsed.blacklist,
-            strict_scope=self.parsed.strict_scope,
             name="args_preset",
         )
 
@@ -165,6 +164,10 @@ def preset_from_args(self):
             except Exception as e:
                 raise BBOTArgumentError(f'Error parsing command-line config option: "{config_arg}": {e}')
 
+        # strict scope
+        if self.parsed.strict_scope:
+            args_preset.core.merge_custom({"scope": {"strict": True}})
+
         return args_preset
 
     def create_parser(self, *args, **kwargs):
diff --git a/bbot/scanner/preset/preset.py b/bbot/scanner/preset/preset.py
index a8fe471b4b..41f1b1a917 100644
--- a/bbot/scanner/preset/preset.py
+++ b/bbot/scanner/preset/preset.py
@@ -47,7 +47,6 @@ class Preset:
         target (Target): Target(s) of scan.
         whitelist (Target): Scan whitelist (by default this is the same as `target`).
         blacklist (Target): Scan blacklist (this takes ultimate precedence).
-        strict_scope (bool): If True, subdomains of targets are not considered to be in-scope.
         helpers (ConfigAwareHelper): Helper containing various reusable functions, regexes, etc.
         output_dir (pathlib.Path): Output directory for scan.
         scan_name (str): Name of scan. Defaults to random value, e.g. "demonic_jimmy".
@@ -87,7 +86,6 @@ def __init__(
         *targets,
         whitelist=None,
         blacklist=None,
-        strict_scope=False,
         modules=None,
         output_modules=None,
         exclude_modules=None,
@@ -117,7 +115,6 @@ def __init__(
             *targets (str): Target(s) to scan. Types supported: hostnames, IPs, CIDRs, emails, open ports.
             whitelist (list, optional): Whitelisted target(s) to scan. Defaults to the same as `targets`.
             blacklist (list, optional): Blacklisted target(s). Takes ultimate precedence. Defaults to empty.
-            strict_scope (bool, optional): If True, subdomains of targets are not in-scope.
             modules (list[str], optional): List of scan modules to enable for the scan. Defaults to empty list.
             output_modules (list[str], optional): List of output modules to use. Defaults to csv, human, and json.
             exclude_modules (list[str], optional): List of modules to exclude from the scan.
@@ -234,7 +231,6 @@ def __init__(
         self.module_dirs = module_dirs
 
         # target / whitelist / blacklist
-        self.strict_scope = strict_scope
         # these are temporary receptacles until they all get .baked() together
         self._seeds = set(targets if targets else [])
         self._whitelist = set(whitelist) if whitelist else whitelist
@@ -353,7 +349,6 @@ def merge(self, other):
             else:
                 self._whitelist.update(other._whitelist)
         self._blacklist.update(other._blacklist)
-        self.strict_scope = self.strict_scope or other.strict_scope
 
         # module dirs
         self.module_dirs = self.module_dirs.union(other.module_dirs)
@@ -534,6 +529,14 @@ def config(self):
     def web_config(self):
         return self.core.config.get("web", {})
 
+    @property
+    def scope_config(self):
+        return self.config.get("scope", {})
+
+    @property
+    def strict_scope(self):
+        return self.scope_config.get("strict", False)
+
     def apply_log_level(self, apply_core=False):
         # silent takes precedence
         if self.silent:
@@ -632,7 +635,6 @@ def from_dict(cls, preset_dict, name=None, _exclude=None, _log=False):
             debug=preset_dict.get("debug", False),
             silent=preset_dict.get("silent", False),
             config=preset_dict.get("config"),
-            strict_scope=preset_dict.get("strict_scope", False),
             module_dirs=preset_dict.get("module_dirs", []),
             include=list(preset_dict.get("include", [])),
             scan_name=preset_dict.get("scan_name"),
@@ -761,8 +763,6 @@ def to_dict(self, include_target=False, full_config=False, redact_secrets=False)
                 preset_dict["whitelist"] = whitelist
             if blacklist:
                 preset_dict["blacklist"] = blacklist
-        if self.strict_scope:
-            preset_dict["strict_scope"] = True
 
         # flags + modules
         if self.require_flags: