From c8c44e75bf3ce5355ce25233776724092cf87f51 Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Thu, 18 Mar 2021 18:40:27 +0100
Subject: [PATCH] fix: [farsight_passivedns] Fixed queries to the API

- Since flex queries input may be email addresses,
  we nake sure we replace '@' by '.' in the flex
  queries input.
- We also run the flex queries with the input as
  is first, before runnning them as second time
  with '.' characters escaped: '\\.'
---
 .../modules/expansion/farsight_passivedns.py      | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/misp_modules/modules/expansion/farsight_passivedns.py b/misp_modules/modules/expansion/farsight_passivedns.py
index 10e5dbf..c398245 100755
--- a/misp_modules/modules/expansion/farsight_passivedns.py
+++ b/misp_modules/modules/expansion/farsight_passivedns.py
@@ -174,12 +174,15 @@ def add_flex_queries(flex):
 
 def flex_queries(client, lookup_args, name):
     response = {}
-    rdata = list(client.flex_rdata_regex(name.replace('.', '\\.'), **lookup_args))
-    if rdata:
-        response['flex_rdata'] = rdata
-    rrnames = list(client.flex_rrnames_regex(name.replace('.', '\\.'), **lookup_args))
-    if rrnames:
-        response['flex_rrnames'] = rrnames
+    name = name.replace('@', '.')
+    for feature in ('rdata', 'rrnames'):
+        to_call = getattr(client, f'flex_{feature}_regex')
+        results = list(to_call(name, **lookup_args))
+        for result in list(to_call(name.replace('.', '\\.'), **lookup_args)):
+            if result not in results:
+                results.append(result)
+        if results:
+            response[f'flex_{feature}'] = results
     return response