update for PR

blacklanternsecurity · Nov 15, 2024 · be3b685 · be3b685
1 parent ef887da
commit be3b685
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 11 deletions.
diff --git a/bbot/modules/dnsbimi.py b/bbot/modules/dnsbimi.py
@@ -53,7 +53,7 @@ class dnsbimi(BaseModule):
     meta = {
         "description": "Check DNS_NAME's for BIMI records to find image and certificate hosting URL's",
         "author": "@colin-stubbs",
-        "created_date": "2024-08-26",
+        "created_date": "2024-11-15",
     }
     options = {
         "emit_raw_dns_records": False,
@@ -107,7 +107,11 @@ async def inspectBIMI(self, event, domain):
                 for answer in raw_results:
                     if self.emit_raw_dns_records:
                         await self.emit_event(
-                            {"host": hostname, "type": rdtype, "answer": answer.to_text()},
+                            {
+                                "host": hostname,
+                                "type": rdtype,
+                                "answer": answer.to_text(),
+                            },
                             "RAW_DNS_RECORD",
                             parent=event,
                             tags=tags.append(f"{rdtype.lower()}-record"),

diff --git a/bbot/test/test_step_2/module_tests/test_module_dnsbimi.py b/bbot/test/test_step_2/module_tests/test_module_dnsbimi.py
@@ -1,7 +1,7 @@
 from .base import ModuleTestBase
 
 raw_bimi_txt_default = (
-    '"v=BIMI1;l=https://default.thirdparty.tld/brand/logo.svg; a=https://default.thirdparty.tld/brand/certificate.pem"'
+    '"v=BIMI1;l=https://bimi.test.localdomain/logo.svg; a=https://bimi.test.localdomain/certificate.pem"'
 )
 raw_bimi_txt_nondefault = '"v=BIMI1; l=https://nondefault.thirdparty.tld/brand/logo.svg;a=https://nondefault.thirdparty.tld/brand/certificate.pem;"'
 
@@ -67,18 +67,24 @@ def check(self, module_test, events):
             and e.data["answer"] == raw_bimi_txt_nondefault
             for e in events
         ), "Failed to emit RAW_DNS_RECORD"
-        assert not any(str(e.data) == "https://default.thirdparty.tld/brand/logo.svg" for e in events)
-        assert not any(str(e.data) == "https://default.thirdparty.tld/brand/certificate.pem" for e in events)
+
+        assert any(
+            e.type == "DNS_NAME" and e.data == "bimi.test.localdomain" for e in events
+        ), "Failed to emit DNS_NAME"
+
+        # This should be filtered by a default BBOT configuration
         assert not any(str(e.data) == "https://nondefault.thirdparty.tld/brand/logo.svg" for e in events)
-        assert not any(str(e.data) == "https://nondefault.thirdparty.tld/brand/certificate.pem" for e in events)
 
+        # This should not be filtered by a default BBOT configuration
+        assert any(
+            e.type == "URL_UNVERIFIED" and e.data == "https://bimi.test.localdomain/certificate.pem" for e in events
+        ), "Failed to emit URL_UNVERIFIED"
 
-class TestBIMIRecursiveRecursion(TestBIMI):
-    config_overrides = {
-        "modules": {"dnsbimi": {"emit_raw_dns_records": True, "selectors": "default, nondefault"}},
-    }
+        # These should be filtered simply due to distance
+        assert not any(str(e.data) == "https://nondefault.thirdparty.tld/brand/logo.svg" for e in events)
+        assert not any(str(e.data) == "https://nondefault.thirdparty.tld/certificate.pem" for e in events)
 
-    def check(self, module_test, events):
+        # These should have been filtered via filter_event()
         assert not any(
             e.type == "RAW_DNS_RECORD" and e.data["host"] == "default._bimi.default._bimi.test.localdomain"
             for e in events