mirror of https://github.com/MISP/misp-modules
fix: [farsight_passivedns] Fixed queries to the API
- Since flex queries input may be email addresses, we nake sure we replace '@' by '.' in the flex queries input. - We also run the flex queries with the input as is first, before runnning them as second time with '.' characters escaped: '\\.'pull/482/head
parent
f58f4aa9eb
commit
c8c44e75bf
|
@ -174,12 +174,15 @@ def add_flex_queries(flex):
|
||||||
|
|
||||||
def flex_queries(client, lookup_args, name):
|
def flex_queries(client, lookup_args, name):
|
||||||
response = {}
|
response = {}
|
||||||
rdata = list(client.flex_rdata_regex(name.replace('.', '\\.'), **lookup_args))
|
name = name.replace('@', '.')
|
||||||
if rdata:
|
for feature in ('rdata', 'rrnames'):
|
||||||
response['flex_rdata'] = rdata
|
to_call = getattr(client, f'flex_{feature}_regex')
|
||||||
rrnames = list(client.flex_rrnames_regex(name.replace('.', '\\.'), **lookup_args))
|
results = list(to_call(name, **lookup_args))
|
||||||
if rrnames:
|
for result in list(to_call(name.replace('.', '\\.'), **lookup_args)):
|
||||||
response['flex_rrnames'] = rrnames
|
if result not in results:
|
||||||
|
results.append(result)
|
||||||
|
if results:
|
||||||
|
response[f'flex_{feature}'] = results
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue