From fe3a45b807639d90a04e22e24e73ed1862456634 Mon Sep 17 00:00:00 2001 From: Kyle Sullivan <47400288+FestiveKyle@users.noreply.github.com> Date: Tue, 9 Aug 2022 15:14:10 -0300 Subject: [PATCH 1/2] Change base image from ubuntu 21.04 (eof) to 20.04 --- scanners/dns-processor/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scanners/dns-processor/Dockerfile b/scanners/dns-processor/Dockerfile index e7fd610215..f30e593f3e 100644 --- a/scanners/dns-processor/Dockerfile +++ b/scanners/dns-processor/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:21.04 +FROM ubuntu:20.04 # Copy local code to the container image. ENV PYTHONUNBUFFERED 1 From 77901da6ffd0286484ca6fe26e1103d13ab42d0e Mon Sep 17 00:00:00 2001 From: Kyle Sullivan <47400288+FestiveKyle@users.noreply.github.com> Date: Tue, 9 Aug 2022 15:33:31 -0300 Subject: [PATCH 2/2] Remove logic to check duplicate dkim key (broken) --- .../dns-processor/dns_processor/__init__.py | 84 ------------------- 1 file changed, 84 deletions(-) diff --git a/scanners/dns-processor/dns_processor/__init__.py b/scanners/dns-processor/dns_processor/__init__.py index 108e73e4ec..4e6bde3fac 100644 --- a/scanners/dns-processor/dns_processor/__init__.py +++ b/scanners/dns-processor/dns_processor/__init__.py @@ -503,90 +503,6 @@ def process_results(results, domain_key, user_key, shared_id): # store key_modulus as string, ArangoDB is not capable or storing numbers this size results["dkim"][selector]["public_key_modulus"] = str(results["dkim"][selector]["public_key_modulus"]) keyModulus = results["dkim"][selector]["public_key_modulus"] - # going to the database to find previous results by keyModulus - # From the test data: - # "selector1": { - # "t_value": "null", - # "txt_record": { - # "v": "DKIM1", - # "k": "rsa", - # "p": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3rvAQg9bl72tae1RFu4zdx1ZE4E8VUbQfxDcm/x6YW2eNRdGg9cRSgqSLXmj4I+HQQ4GHFItn7Hb0ubGt6AJYMCvygbnnwFX2Skt+w/msnXzQOYY+NR6DEfL/4kwiDaawcDumvD2JfEXD3yCyPBoZStg1wf0a9KgLQQNe4aMREQIDAQAB", - # }, - # "public_key_value": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3rvAQg9bl72tae1RFu4zdx1ZE4E8VUbQfxDcm/x6YW2eNRdGg9cRSgqSLXmj4I+HQQ4GHFItn7Hb0ubGt6AJYMCvygbnnwFX2Skt+w/msnXzQOYY+NR6DEfL/4kwiDaawcDumvD2JfEXD3yCyPBoZStg1wf0a9KgLQQNe4aMREQIDAQAB", - # "key_size": 1024, - # "key_type": "rsa", - # "public_key_modulus": 128986835293314190150497987524189448449432921513193192948873532904302192799974922792602624695895630642090219163581382671361079596067726465810188870659566753252627341029040386217423692275583904625222303885358524296924420382485253455698862760166022132727095317896399159035250651155696560064015533460599431434513, - # "public_exponent": 65537, - # } - previous_dkim_results = db.collection("dkimResults").find( - {"keyModulus": keyModulus} - ) - - # Has this public key been used before? - # "dkim14": { - # "en": { - # "tagName": "P-duplicate", - # "guidance": "Public key used for multiple domains", - # graph traversal across edges in dkimToDkimResults - for previous_dkim_result in previous_dkim_results: - edges = db.collection("dkimToDkimResults").find( - {"_to": previous_dkim_result["_id"]} - ) - for edge in edges: - previous_dkim = db.collection("dkim").get({"_id": edge["_from"]}) - - # Check if PK was used for another domain - previous_dkim_domain_query = db.collection("domainsDKIM").find( - {"_to": previous_dkim["_id"]}, limit=1 - ) - previous_dkim_domain = previous_dkim_domain_query.next() - if (previous_dkim_domain["_key"] != domain_key) and ( - "dkim14" not in guidance_tags["dkim"][selector]["negativeTags"] - ): - guidance_tags["dkim"][selector]["negativeTags"].append("dkim14") - - # Check if public key is older than 1 year - current_timestamp = datetime.datetime.strptime( - timestamp, "%Y-%m-%d %H:%M:%S.%f" - ) - previous_timestamp = datetime.datetime.strptime( - previous_dkim["timestamp"], "%Y-%m-%d %H:%M:%S.%f" - ) - for edge in edges: - previous_dkim = db.collection("dkim").get( - {"_id": edge["_from"]} - ) - - # Check if PK was used for another domain - previous_dkim_domain_query = db.collection("domainsDKIM").find( - {"_to": previous_dkim["_id"]}, limit=1 - ) - previous_dkim_domain = previous_dkim_domain_query.next() - if (previous_dkim_domain["_key"] != domain_key) and ( - "dkim14" - not in guidance_tags["dkim"][selector]["negativeTags"] - ): - guidance_tags["dkim"][selector]["negativeTags"].append( - "dkim14" - ) - - # Check if PK is older than 1 year - current_timestamp = datetime.datetime.strptime( - timestamp, "%Y-%m-%d %H:%M:%S.%f" - ) - previous_timestamp = datetime.datetime.strptime( - previous_dkim["timestamp"], "%Y-%m-%d %H:%M:%S.%f" - ) - - time_delta = current_timestamp - previous_timestamp - - if (time_delta.total_seconds() > 31536000) and ( - "dkim10" - not in guidance_tags["dkim"][selector]["negativeTags"] - ): - guidance_tags["dkim"][selector]["negativeTags"].append( - "dkim10" - ) dkimResults.update( {