Skip to content

Commit

Permalink
Merge pull request #1969 from blacklanternsecurity/fix-excavate-bug
Browse files Browse the repository at this point in the history
fix excavate bug
  • Loading branch information
TheTechromancer authored Nov 18, 2024
2 parents b0e5bc9 + 9d48030 commit 6b9f07f
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 12 deletions.
28 changes: 16 additions & 12 deletions bbot/core/event/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -1003,13 +1003,15 @@ def __init__(self, *args, **kwargs):
if parent_url is not None:
self.data["url"] = parent_url.geturl()
# inherit closest path
if not "path" in self.data and isinstance(parent.data, dict):
if not "path" in self.data and isinstance(parent.data, dict) and not parent.type == "HTTP_RESPONSE":
parent_path = parent.data.get("path", None)
if parent_path is not None:
self.data["path"] = parent_path
# inherit closest host
if parent.host:
self.data["host"] = str(parent.host)
# we do this to refresh the hash
self.data = self.data
break
# die if we still haven't found a host
if not self.host:
Expand Down Expand Up @@ -1559,6 +1561,8 @@ def __init__(self, *args, **kwargs):
self.add_tag("compressed")
self.add_tag(f"{compression}-archive")
self.data["compression"] = compression
# refresh hash
self.data = self.data


class RAW_DNS_RECORD(DictHostEvent, DnsEvent):
Expand Down Expand Up @@ -1639,23 +1643,23 @@ def make_event(
tags = set(tags)

if is_event(data):
data = copy(data)
if scan is not None and not data.scan:
data.scan = scan
if scans is not None and not data.scans:
data.scans = scans
event = copy(data)
if scan is not None and not event.scan:
event.scan = scan
if scans is not None and not event.scans:
event.scans = scans
if module is not None:
data.module = module
event.module = module
if parent is not None:
data.parent = parent
event.parent = parent
if context is not None:
data.discovery_context = context
event.discovery_context = context
if internal == True:
data.internal = True
event.internal = True
if tags:
data.tags = tags.union(data.tags)
event.tags = tags.union(event.tags)
event_type = data.type
return data
return event
else:
if event_type is None:
event_type, data = get_event_type(data)
Expand Down
32 changes: 32 additions & 0 deletions bbot/test/test_step_1/test_events.py
Original file line number Diff line number Diff line change
Expand Up @@ -966,3 +966,35 @@ def test_event_magic():
assert event.tags == {"folder"}

zip_file.unlink()


def test_event_hashing():
scan = Scanner("example.com")
url_event = scan.make_event("https://api.example.com/", "URL_UNVERIFIED", parent=scan.root_event)
host_event_1 = scan.make_event("www.example.com", "DNS_NAME", parent=url_event)
host_event_2 = scan.make_event("test.example.com", "DNS_NAME", parent=url_event)
finding_data = {"description": "Custom Yara Rule [find_string] Matched via identifier [str1]"}
finding1 = scan.make_event(finding_data, "FINDING", parent=host_event_1)
finding2 = scan.make_event(finding_data, "FINDING", parent=host_event_2)
finding3 = scan.make_event(finding_data, "FINDING", parent=host_event_2)

assert finding1.data == {
"description": "Custom Yara Rule [find_string] Matched via identifier [str1]",
"host": "www.example.com",
}
assert finding2.data == {
"description": "Custom Yara Rule [find_string] Matched via identifier [str1]",
"host": "test.example.com",
}
assert finding3.data == {
"description": "Custom Yara Rule [find_string] Matched via identifier [str1]",
"host": "test.example.com",
}
assert finding1.id != finding2.id
assert finding2.id == finding3.id
assert finding1.data_id != finding2.data_id
assert finding2.data_id == finding3.data_id
assert finding1.data_hash != finding2.data_hash
assert finding2.data_hash == finding3.data_hash
assert hash(finding1) != hash(finding2)
assert hash(finding2) == hash(finding3)

0 comments on commit 6b9f07f

Please sign in to comment.