Skip to content

Commit

Permalink
Added IP and subdomain support for DNS0_rrsets_data (intelowlproject#…
Browse files Browse the repository at this point in the history 
…2042)

* Added IP support for DNS0_rrsets_data analyzer

* Added include_subdomain parameter

* Typo

* Restore original state

* Added alter migration to add a new supported type and new parameter

* fix deepsource
  • Loading branch information
@fgibertoni
fgibertoni authored Dec 27, 2023
1 parent 0e85ad1 commit aefb8bb
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 1 deletion.
62 changes: 62 additions & 0 deletions api_app/analyzers_manager/migrations/0056_alter_analyzer_config_dns0_rrsets_data.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
from django.db import migrations

from api_app.analyzers_manager.constants import ObservableTypes


def migrate(apps, schema_editor):
AnalyzerConfig = apps.get_model("analyzers_manager", "AnalyzerConfig")
config = AnalyzerConfig.objects.get(name="DNS0_rrsets_data")
config.observable_supported = [
ObservableTypes.DOMAIN,
ObservableTypes.URL,
ObservableTypes.GENERIC,
ObservableTypes.IP,
]
config.full_clean()
config.save()

PythonModule = apps.get_model("api_app", "PythonModule")
Parameter = apps.get_model("api_app", "Parameter")
pm = PythonModule.objects.get(
module="dns0.dns0_rrsets.DNS0Rrsets",
base_path="api_app.analyzers_manager.observable_analyzers",
)
p = Parameter(
name="include_subdomain",
type="bool",
description="Search for subdomains.",
is_secret=False,
required=False,
python_module=pm,
)
p.full_clean()
p.save()


def reverse_migrate(apps, schema_editor):
AnalyzerConfig = apps.get_model("analyzers_manager", "AnalyzerConfig")
config = AnalyzerConfig.objects.get(name="DNS0_rrsets_data")
config.observable_supported = [
ObservableTypes.DOMAIN,
ObservableTypes.URL,
ObservableTypes.GENERIC,
]
config.full_clean()
config.save()

PythonModule = apps.get_model("api_app", "PythonModule")
Parameter = apps.get_model("api_app", "Parameter")
pm = PythonModule.objects.get(
module="dns0.dns0_rrsets.DNS0Rrsets",
base_path="api_app.analyzers_manager.observable_analyzers",
)
Parameter(name="include_subdomain", python_module=pm).delete()


class Migration(migrations.Migration):
dependencies = [
("api_app", "0052_periodic_task_bi"),
("analyzers_manager", "0055_analyzerreport_sent_to_bi"),
]

operations = [migrations.RunPython(migrate, reverse_migrate)]
16 changes: 15 additions & 1 deletion api_app/analyzers_manager/observable_analyzers/dns0/dns0_rrsets.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ class DNS0Rrsets(classes.ObservableAnalyzer, DNS0Mixin):
name: str
data: str
type: list[str]
include_subdomain: bool

def config(self, runtime_configuration: Dict):
super().config(runtime_configuration)
Expand Down Expand Up @@ -75,7 +76,11 @@ def _create_params(self):
query_type = "name"
elif self.direction == "right":
query_type = "data"
params[query_type] = self.observable_name

query = self.observable_name
if hasattr(self, "include_subdomain") and self.include_subdomain:
query = "." + query
params[query_type] = query

# pass list of dns types parameter
if hasattr(self, "type") and self.type:
Expand Down Expand Up @@ -161,6 +166,15 @@ def _monkeypatch(cls):
owner=None,
value=[],
)
PluginConfig.objects.get_or_create(
analyzer_config=ac,
parameter=Parameter.objects.get(
name="include_subdomain", python_module__pk=ac.python_module_id
),
for_organization=False,
owner=None,
value=False,
)

ac = AnalyzerConfig.objects.get(name="DNS0_rrsets_name")
PluginConfig.objects.get_or_create(
Expand Down

0 comments on commit aefb8bb

Please sign in to comment.