updates related to the Identifier asset type changes

Author: caffix

engine/plugins/enrich/email.go

@@ -59,7 +59,8 @@ func (ee *emailexpand) Stop() {
 }
 
 func (ee *emailexpand) check(e *et.Event) error {
-	if id, ok := e.Entity.Asset.(*general.Identifier); !ok || id == nil || id.Type != general.EmailAddress {
+	if id, ok := e.Entity.Asset.(*general.Identifier); !ok ||
+		id == nil || id.Type != general.EmailAddress || id.EntityID == "" {
 		return nil
 	}
 
@@ -73,7 +74,7 @@ func (ee *emailexpand) store(e *et.Event, asset *dbt.Entity) []*support.Finding
 	var findings []*support.Finding
 	oame := asset.Asset.(*general.Identifier)
 
-	parts := strings.Split(oame.ID, "@")
+	parts := strings.Split(oame.EntityID, "@")
 	if len(parts) != 2 {
 		return findings
 	}

engine/plugins/enrich/tls_cert.go

@@ -8,6 +8,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"errors"
+	"fmt"
 	"log/slog"
 	"net/netip"
 	"strings"
@@ -211,10 +212,14 @@ func (te *tlsexpand) store(e *et.Event, cert *x509.Certificate, asset *dbt.Entit
 	if m.IsMatch(string(oam.Identifier)) {
 		for _, emailstr := range cert.EmailAddresses {
 			email := strings.ToLower(strings.TrimSpace(emailstr))
+			if email == "" {
+				continue
+			}
 
 			if a, err := e.Session.Cache().CreateAsset(&general.Identifier{
-				ID:   email,
-				Type: general.EmailAddress,
+				UniqueID: fmt.Sprintf("%s:%s", general.EmailAddress, email),
+				EntityID: email,
+				Type:     general.EmailAddress,
 			}); err == nil && a != nil {
 				findings = append(findings, &support.Finding{
 					From:     asset,

engine/plugins/rdap/plugin.go

@@ -7,6 +7,7 @@ package rdap
 import (
 	"crypto/tls"
 	"errors"
+	"fmt"
 	"log/slog"
 	"net/http"
 	"path/filepath"
@@ -258,10 +259,13 @@ func (rd *rdapPlugin) storeEntity(e *et.Event, level int, entity *rdap.Entity, a
 			}
 		}
 	}
-	if m.IsMatch(string(oam.Identifier)) {
+	if m.IsMatch(string(oam.Identifier)) && v.Email() != "" {
+		email := strings.ToLower(v.Email())
+
 		if a, err := e.Session.Cache().CreateAsset(&general.Identifier{
-			ID:   v.Email(),
-			Type: general.EmailAddress,
+			UniqueID: fmt.Sprintf("%s:%s", general.EmailAddress, email),
+			EntityID: email,
+			Type:     general.EmailAddress,
 		}); err == nil && a != nil {
 			_ = rd.createContactEdge(e.Session, cr, a, &general.SimpleRelation{Name: "id"}, src)
 		}

engine/plugins/support/database.go

@@ -6,9 +6,11 @@ package support
 
 import (
 	"errors"
+	"fmt"
 	"log/slog"
 	"net/netip"
 	"strconv"
+	"strings"
 	"time"
 
 	et "github.com/owasp-amass/amass/v4/engine/types"
@@ -35,7 +37,15 @@ func SourceToAssetsWithinTTL(session et.Session, name, atype string, src *et.Sou
 
 		entities, _ = utils.FindByFQDNScope(session.Cache(), root, since)
 	case string(oam.Identifier):
-		entities, _ = session.Cache().FindEntitiesByContent(&general.Identifier{ID: name}, since)
+		if parts := strings.Split(name, ":"); len(parts) == 2 {
+			id := &general.Identifier{
+				UniqueID: name,
+				EntityID: parts[1],
+				Type:     parts[0],
+			}
+
+			entities, _ = session.Cache().FindEntitiesByContent(id, since)
+		}
 	case string(oam.AutnumRecord):
 		num, err := strconv.Atoi(name)
 		if err != nil {
@@ -96,10 +106,13 @@ func StoreEmailsWithSource(session et.Session, emails []string, src *et.Source,
 		return results
 	}
 
-	for _, email := range emails {
+	for _, e := range emails {
+		email := strings.ToLower(e)
+
 		if a, err := session.Cache().CreateAsset(&general.Identifier{
-			ID:   email,
-			Type: general.EmailAddress,
+			UniqueID: fmt.Sprintf("%s:%s", general.EmailAddress, email),
+			EntityID: email,
+			Type:     general.EmailAddress,
 		}); err == nil && a != nil {
 			results = append(results, a)
 			_, _ = session.Cache().CreateEntityProperty(a, &general.SourceProperty{

engine/plugins/support/dispatch.go

@@ -71,7 +71,7 @@ func ProcessFQDNsWithSource(e *et.Event, entities []*dbt.Entity, src *et.Source)
 func ProcessEmailsWithSource(e *et.Event, entities []*dbt.Entity, src *et.Source) {
 	for _, entity := range entities {
 		email, ok := entity.Asset.(*general.Identifier)
-		if !ok || email == nil || email.Type != general.EmailAddress {
+		if !ok || email == nil || email.Type != general.EmailAddress || email.EntityID == "" {
 			continue
 		}
 
@@ -93,7 +93,7 @@ func ProcessEmailsWithSource(e *et.Event, entities []*dbt.Entity, src *et.Source
 		})
 
 		_ = e.Dispatcher.DispatchEvent(&et.Event{
-			Name:    email.ID,
+			Name:    email.UniqueID,
 			Meta:    meta,
 			Entity:  entity,
 			Session: e.Session,

engine/plugins/whois/domain_record.go

@@ -233,10 +233,11 @@ func (r *domrec) storeContact(e *et.Event, c *domrecContact, dr *dbt.Entity, m *
 			r.createSimpleEdge(e.Session.Cache(), &general.SimpleRelation{Name: "location"}, cr, a)
 		}
 	}
-	if m.IsMatch(string(oam.Identifier)) {
+	if email := strings.ToLower(wc.Email); m.IsMatch(string(oam.Identifier)) && email != "" {
 		if a, err := e.Session.Cache().CreateAsset(&general.Identifier{
-			ID:   wc.Email,
-			Type: general.EmailAddress,
+			UniqueID: fmt.Sprintf("%s:%s", general.EmailAddress, email),
+			EntityID: email,
+			Type:     general.EmailAddress,
 		}); err == nil && a != nil {
 			r.createSimpleEdge(e.Session.Cache(), &general.SimpleRelation{Name: "id"}, cr, a)
 		}

engine/sessions/scope/assoc.go

@@ -18,7 +18,7 @@ import (
 	oam "github.com/owasp-amass/open-asset-model"
 	oamcert "github.com/owasp-amass/open-asset-model/certificate"
 	"github.com/owasp-amass/open-asset-model/contact"
-	"github.com/owasp-amass/open-asset-model/dns"
+	oamdns "github.com/owasp-amass/open-asset-model/dns"
 	oamnet "github.com/owasp-amass/open-asset-model/network"
 	"github.com/owasp-amass/open-asset-model/org"
 	oamreg "github.com/owasp-amass/open-asset-model/registration"
@@ -378,7 +378,7 @@ func (s *Scope) IsAddressInScope(c *cache.Cache, ip *oamnet.IPAddress) bool {
 
 	if edges, err := c.IncomingEdges(addr, c.StartTime(), "dns_record"); err == nil && len(edges) > 0 {
 		for _, edge := range edges {
-			if rec, ok := edge.Relation.(*dns.BasicDNSRelation); ok && rec.Header.RRType == rtype {
+			if rec, ok := edge.Relation.(*oamdns.BasicDNSRelation); ok && rec.Header.RRType == rtype {
 				from, err := c.FindEntityById(edge.FromEntity.ID)
 				if err != nil {
 					continue

engine/sessions/scope/scope.go

@@ -11,7 +11,8 @@ import (
 	oam "github.com/owasp-amass/open-asset-model"
 	oamcert "github.com/owasp-amass/open-asset-model/certificate"
 	"github.com/owasp-amass/open-asset-model/contact"
-	"github.com/owasp-amass/open-asset-model/dns"
+	oamdns "github.com/owasp-amass/open-asset-model/dns"
+	"github.com/owasp-amass/open-asset-model/general"
 	oamnet "github.com/owasp-amass/open-asset-model/network"
 	"github.com/owasp-amass/open-asset-model/org"
 	oamreg "github.com/owasp-amass/open-asset-model/registration"
@@ -22,10 +23,12 @@ func (s *Scope) Add(a oam.Asset) bool {
 	var newentry bool
 
 	switch v := a.(type) {
-	case *dns.FQDN:
+	case *oamdns.FQDN:
 		newentry = s.AddFQDN(v)
-	/*case *contact.EmailAddress:
-	newentry = s.AddFQDN(&domain.FQDN{Name: v.Domain})*/
+	case *general.Identifier:
+		if domain, found := getEmailDomain(v); found {
+			newentry = s.AddFQDN(&oamdns.FQDN{Name: domain})
+		}
 	case *oamnet.IPAddress:
 		newentry = s.AddIPAddress(v)
 	case *oamnet.Netblock:
@@ -62,18 +65,20 @@ func (s *Scope) IsAssetInScope(a oam.Asset, conf int) (oam.Asset, int) {
 	var match oam.Asset
 
 	switch v := a.(type) {
-	case *dns.FQDN:
+	case *oamdns.FQDN:
 		match, accuracy = s.matchesDomain(v)
-	/*case *contact.EmailAddress:
-	match, accuracy = s.matchesDomain(&domain.FQDN{Name: v.Domain})*/
+	case *general.Identifier:
+		if domain, found := getEmailDomain(v); found {
+			match, accuracy = s.matchesDomain(&oamdns.FQDN{Name: domain})
+		}
 	case *oamnet.IPAddress:
 		match, accuracy = s.addressInScope(v)
 	case *oamnet.Netblock:
 		match, accuracy = s.matchesNetblock(v)
 	case *oamnet.AutonomousSystem:
 		match, accuracy = s.matchesAutonomousSystem(v)
 	case *oamreg.DomainRecord:
-		match, accuracy = s.matchesDomain(&dns.FQDN{Name: v.Domain})
+		match, accuracy = s.matchesDomain(&oamdns.FQDN{Name: v.Domain})
 		if match == nil || accuracy == 0 {
 			match, accuracy = s.matchesOrg(&org.Organization{Name: v.Name}, conf)
 		}
@@ -85,9 +90,9 @@ func (s *Scope) IsAssetInScope(a oam.Asset, conf int) (oam.Asset, int) {
 			match, accuracy = s.matchesOrg(&org.Organization{Name: v.Name}, conf)
 		}
 	case *oamcert.TLSCertificate:
-		match, accuracy = s.matchesDomain(&dns.FQDN{Name: v.SubjectCommonName})
+		match, accuracy = s.matchesDomain(&oamdns.FQDN{Name: v.SubjectCommonName})
 	case *oamurl.URL:
-		match, accuracy = s.matchesDomain(&dns.FQDN{Name: v.Host})
+		match, accuracy = s.matchesDomain(&oamdns.FQDN{Name: v.Host})
 	case *org.Organization:
 		match, accuracy = s.matchesOrg(v, conf)
 	case *contact.Location:
@@ -107,3 +112,17 @@ func (s *Scope) isBadField(field string) bool {
 	}
 	return false
 }
+
+func getEmailDomain(email *general.Identifier) (string, bool) {
+	if email == nil || email.Type != general.EmailAddress {
+		return "", false
+	}
+
+	parts := strings.Split(email.EntityID, "@")
+
+	if len(parts) != 2 {
+		return "", false
+	}
+
+	return parts[1], true
+}