From ffbaf5f26d3b543da45d0776171962666a92b2be Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Sat, 7 Dec 2024 22:41:39 -0500
Subject: [PATCH] disable cloudcheck HTTP_RESPONSE extraction

---
 bbot/modules/internal/cloudcheck.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/bbot/modules/internal/cloudcheck.py b/bbot/modules/internal/cloudcheck.py
index 65cf6ea24..c45acfe95 100644
--- a/bbot/modules/internal/cloudcheck.py
+++ b/bbot/modules/internal/cloudcheck.py
@@ -72,9 +72,10 @@ async def handle_event(self, event, **kwargs):
                 base_kwargs["event_type"] = event_type
                 for sig in sigs:
                     matches = []
-                    if event.type == "HTTP_RESPONSE":
-                        matches = await self.helpers.re.findall(sig, event.data.get("body", ""))
-                    elif event.type.startswith("DNS_NAME"):
+                    # TODO: convert this to an excavate YARA hook
+                    # if event.type == "HTTP_RESPONSE":
+                    #     matches = await self.helpers.re.findall(sig, event.data.get("body", ""))
+                    if event.type.startswith("DNS_NAME"):
                         for host in str_hosts_to_check:
                             match = sig.match(host)
                             if match: