From 555a4dee8c34a41b659e9881dbc3903b4adec04e Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Tue, 26 Nov 2024 15:17:26 -0500
Subject: [PATCH 1/2] fix dnsresolve bug

---
 bbot/modules/internal/dnsresolve.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/bbot/modules/internal/dnsresolve.py b/bbot/modules/internal/dnsresolve.py
index bdca0ea5c..08c6eb5c6 100644
--- a/bbot/modules/internal/dnsresolve.py
+++ b/bbot/modules/internal/dnsresolve.py
@@ -73,6 +73,7 @@ async def handle_event(self, event, **kwargs):
         if blacklisted:
             return False, "it has a blacklisted DNS record"
 
+        # DNS resolution for hosts that aren't IPs
         if not event_is_ip:
             # if the event is within our dns search distance, resolve the rest of our records
             if main_host_event.scope_distance < self._dns_search_distance:
@@ -82,13 +83,14 @@ async def handle_event(self, event, **kwargs):
                     event_data_changed = await self.handle_wildcard_event(main_host_event)
                     if event_data_changed:
                         # since data has changed, we check again whether it's a duplicate
-                        if self.scan.ingress_module.is_incoming_duplicate(event, add=True):
-                            if not event._graph_important:
-                                return False, "event was already emitted by its module"
-                            else:
-                                self.debug(
-                                    f"Event {event} was already emitted by its module, but it's graph-important so it gets a pass"
-                                )
+                        if self.scan.ingress_module.is_incoming_duplicate(main_host_event):
+                            if new_event:
+                                if not event._graph_important:
+                                    return False, "event was already emitted by its module"
+                                else:
+                                    self.debug(
+                                        f"Event {event} was already emitted by its module, but it's graph-important so it gets a pass"
+                                    )
 
         # if there weren't any DNS children and it's not an IP address, tag as unresolved
         if not main_host_event.raw_dns_records and not event_is_ip:

From b4c316f3191ec79349e4cb5b50593a1affba9e7c Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Tue, 26 Nov 2024 15:33:08 -0500
Subject: [PATCH 2/2] fix tests

---
 bbot/modules/internal/dnsresolve.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/bbot/modules/internal/dnsresolve.py b/bbot/modules/internal/dnsresolve.py
index 08c6eb5c6..c746b0345 100644
--- a/bbot/modules/internal/dnsresolve.py
+++ b/bbot/modules/internal/dnsresolve.py
@@ -83,14 +83,13 @@ async def handle_event(self, event, **kwargs):
                     event_data_changed = await self.handle_wildcard_event(main_host_event)
                     if event_data_changed:
                         # since data has changed, we check again whether it's a duplicate
-                        if self.scan.ingress_module.is_incoming_duplicate(main_host_event):
-                            if new_event:
-                                if not event._graph_important:
-                                    return False, "event was already emitted by its module"
-                                else:
-                                    self.debug(
-                                        f"Event {event} was already emitted by its module, but it's graph-important so it gets a pass"
-                                    )
+                        if event.type == "DNS_NAME" and self.scan.ingress_module.is_incoming_duplicate(event, add=True):
+                            if not event._graph_important:
+                                return False, "it's a DNS wildcard, and its module already emitted a similar wildcard event"
+                            else:
+                                self.debug(
+                                    f"Event {event} was already emitted by its module, but it's graph-important so it gets a pass"
+                                )
 
         # if there weren't any DNS children and it's not an IP address, tag as unresolved
         if not main_host_event.raw_dns_records and not event_is_ip: