baddns logic bug fix

blacklanternsecurity · Jan 10, 2025 · 5803c51 · 5803c51
1 parent d383ec9
commit 5803c51
Showing 1 changed file with 21 additions and 15 deletions.
diff --git a/bbot/modules/baddns.py b/bbot/modules/baddns.py
@@ -87,10 +87,12 @@ async def handle_event(self, event):
                     for r in results:
                         r_dict = r.to_dict()
 
-                        if r_dict["confidence"] in ["CONFIRMED", "PROBABLE"]:
+                        confidence = r_dict["confidence"]
+
+                        if confidence in ["CONFIRMED", "PROBABLE"]:
                             data = {
                                 "severity": "MEDIUM",
-                                "description": f"{r_dict['description']}. Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]",
+                                "description": f"{r_dict['description']}. Confidence: [{confidence}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]",
                                 "host": str(event.host),
                             }
                             await self.emit_event(
@@ -101,20 +103,24 @@ async def handle_event(self, event):
                                 context=f'{{module}}\'s "{r_dict["module"]}" module found {{event.type}}: {r_dict["description"]}',
                             )
 
-                        elif r_dict["confidence"] in ["UNLIKELY", "POSSIBLE"] and not self.only_high_confidence:
-                            data = {
-                                "description": f"{r_dict['description']} Confidence: [{r_dict['confidence']}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]",
-                                "host": str(event.host),
-                            }
-                            await self.emit_event(
-                                data,
-                                "FINDING",
-                                event,
-                                tags=[f"baddns-{module_instance.name.lower()}"],
-                                context=f'{{module}}\'s "{r_dict["module"]}" module found {{event.type}}: {r_dict["description"]}',
-                            )
+                        elif confidence in ["UNLIKELY", "POSSIBLE"]:
+                            if not self.only_high_confidence:
+                                data = {
+                                    "description": f"{r_dict['description']} Confidence: [{confidence}] Signature: [{r_dict['signature']}] Indicator: [{r_dict['indicator']}] Trigger: [{r_dict['trigger']}] baddns Module: [{r_dict['module']}]",
+                                    "host": str(event.host),
+                                }
+                                await self.emit_event(
+                                    data,
+                                    "FINDING",
+                                    event,
+                                    tags=[f"baddns-{module_instance.name.lower()}"],
+                                    context=f'{{module}}\'s "{r_dict["module"]}" module found {{event.type}}: {r_dict["description"]}',
+                                )
+                            else:
+                                self.debug(f"Skipping low-confidence result due to only_high_confidence setting: {confidence}")
+
                         else:
-                            self.warning(f"Got unrecognized confidence level: {r_dict['confidence']}")
+                            self.warning(f"Got unrecognized confidence level: {confidence}")
 
                         found_domains = r_dict.get("found_domains", None)
                         if found_domains: