updates to DNS plugin handlers

Author: caffix

engine/plugins/dns/cname.go

@@ -22,6 +22,7 @@ import (
 type dnsCNAME struct {
 	name   string
 	plugin *dnsPlugin
+	source *et.Source
 }
 
 type relAlias struct {
@@ -41,8 +42,7 @@ func (d *dnsCNAME) check(e *et.Event) error {
 	}
 
 	var alias []*relAlias
-	src := d.plugin.source
-	if support.AssetMonitoredWithinTTL(e.Session, e.Entity, src, since) {
+	if support.AssetMonitoredWithinTTL(e.Session, e.Entity, d.source, since) {
 		alias = append(alias, d.lookup(e, e.Entity, since)...)
 	} else {
 		alias = append(alias, d.query(e, e.Entity)...)
@@ -77,7 +77,7 @@ func (d *dnsCNAME) query(e *et.Event, name *dbt.Entity) []*relAlias {
 	if rr, err := support.PerformQuery(fqdn.Name, dns.TypeCNAME); err == nil {
 		if records := d.store(e, name, rr); len(records) > 0 {
 			alias = append(alias, records...)
-			support.MarkAssetMonitored(e.Session, name, d.plugin.source)
+			support.MarkAssetMonitored(e.Session, name, d.source)
 		}
 	}
 
@@ -106,8 +106,8 @@ func (d *dnsCNAME) store(e *et.Event, fqdn *dbt.Entity, rr []*resolve.ExtractedA
 			}); err == nil && edge != nil {
 				alias = append(alias, &relAlias{alias: fqdn, target: cname})
 				_, _ = e.Session.Cache().CreateEdgeProperty(edge, &general.SourceProperty{
-					Source:     d.plugin.source.Name,
-					Confidence: d.plugin.source.Confidence,
+					Source:     d.source.Name,
+					Confidence: d.source.Confidence,
 				})
 			}
 		}

engine/plugins/dns/ip.go

@@ -25,6 +25,7 @@ type dnsIP struct {
 	name    string
 	queries []uint16
 	plugin  *dnsPlugin
+	source  *et.Source
 }
 
 type relIP struct {
@@ -48,11 +49,10 @@ func (d *dnsIP) check(e *et.Event) error {
 	}
 
 	var ips []*relIP
-	src := d.plugin.source
-	if support.AssetMonitoredWithinTTL(e.Session, e.Entity, src, since) {
+	if support.AssetMonitoredWithinTTL(e.Session, e.Entity, d.source, since) {
 		ips = append(ips, d.lookup(e, fqdn.Name, since)...)
 	} else {
-		ips = append(ips, d.query(e, e.Entity, src)...)
+		ips = append(ips, d.query(e, e.Entity)...)
 	}
 
 	if len(ips) > 0 {
@@ -74,7 +74,7 @@ func (d *dnsIP) check(e *et.Event) error {
 				size = d.plugin.firstSweepSize
 			}
 			if size > 0 {
-				support.IPAddressSweep(e, ip, src, size, sweepCallback)
+				support.IPAddressSweep(e, ip, d.source, size, sweepCallback)
 			}
 		}
 	}
@@ -98,23 +98,23 @@ func (d *dnsIP) lookup(e *et.Event, fqdn string, since time.Time) []*relIP {
 	return ips
 }
 
-func (d *dnsIP) query(e *et.Event, name *dbt.Entity, src *et.Source) []*relIP {
+func (d *dnsIP) query(e *et.Event, name *dbt.Entity) []*relIP {
 	var ips []*relIP
 
 	fqdn := name.Asset.(*oamdns.FQDN)
 	for _, qtype := range d.queries {
 		if rr, err := support.PerformQuery(fqdn.Name, qtype); err == nil {
-			if records := d.store(e, name, src, rr); len(records) > 0 {
+			if records := d.store(e, name, rr); len(records) > 0 {
 				ips = append(ips, records...)
-				support.MarkAssetMonitored(e.Session, name, src)
+				support.MarkAssetMonitored(e.Session, name, d.source)
 			}
 		}
 	}
 
 	return ips
 }
 
-func (d *dnsIP) store(e *et.Event, fqdn *dbt.Entity, src *et.Source, rr []*resolve.ExtractedAnswer) []*relIP {
+func (d *dnsIP) store(e *et.Event, fqdn *dbt.Entity, rr []*resolve.ExtractedAnswer) []*relIP {
 	var ips []*relIP
 
 	for _, record := range rr {
@@ -133,8 +133,8 @@ func (d *dnsIP) store(e *et.Event, fqdn *dbt.Entity, src *et.Source, rr []*resol
 				}); err == nil && edge != nil {
 					ips = append(ips, &relIP{rtype: "dns_record", ip: ip})
 					_, _ = e.Session.Cache().CreateEdgeProperty(edge, &general.SourceProperty{
-						Source:     src.Name,
-						Confidence: src.Confidence,
+						Source:     d.source.Name,
+						Confidence: d.source.Confidence,
 					})
 				}
 			} else {
@@ -155,8 +155,8 @@ func (d *dnsIP) store(e *et.Event, fqdn *dbt.Entity, src *et.Source, rr []*resol
 				}); err == nil && edge != nil {
 					ips = append(ips, &relIP{rtype: "dns_record", ip: ip})
 					_, _ = e.Session.Cache().CreateEdgeProperty(edge, &general.SourceProperty{
-						Source:     src.Name,
-						Confidence: src.Confidence,
+						Source:     d.source.Name,
+						Confidence: d.source.Confidence,
 					})
 				}
 			} else {

engine/plugins/dns/plugin.go

@@ -69,7 +69,15 @@ func (d *dnsPlugin) Start(r et.Registry) error {
 		return err
 	}
 
-	d.cname = &dnsCNAME{name: d.name + "-CNAME", plugin: d}
+	cname := d.name + "-CNAME"
+	d.cname = &dnsCNAME{
+		name:   cname,
+		plugin: d,
+		source: &et.Source{
+			Name:       cname,
+			Confidence: 100,
+		},
+	}
 	if err := r.RegisterHandler(&et.Handler{
 		Plugin:       d,
 		Name:         d.cname.name,
@@ -82,10 +90,15 @@ func (d *dnsPlugin) Start(r et.Registry) error {
 		return err
 	}
 
+	ipname := d.name + "-IP"
 	d.ip = &dnsIP{
-		name:    d.name + "-IP",
+		name:    ipname,
 		queries: []uint16{dns.TypeA, dns.TypeAAAA},
 		plugin:  d,
+		source: &et.Source{
+			Name:       ipname,
+			Confidence: 100,
+		},
 	}
 	if err := r.RegisterHandler(&et.Handler{
 		Plugin:       d,
@@ -126,7 +139,15 @@ func (d *dnsPlugin) Start(r et.Registry) error {
 	}
 	go d.subs.releaseSessions()
 
-	d.txt = &dnsTXT{name: d.name + "-TXT", plugin: d}
+	txtname := d.name + "-TXT"
+	d.txt = &dnsTXT{
+		name:   d.name + "-TXT",
+		plugin: d,
+		source: &et.Source{
+			Name:       txtname,
+			Confidence: 100,
+		},
+	}
 	if err := r.RegisterHandler(&et.Handler{
 		Plugin:       d,
 		Name:         d.txt.name,

engine/plugins/dns/txt.go

@@ -1,121 +1,120 @@
+// Copyright © by Jeff Foley 2017-2025. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+// SPDX-License-Identifier: Apache-2.0
+
 package dns
 
 import (
-    "errors"
-    "log/slog"
-    "time"
-
-    "github.com/miekg/dns"
-    "github.com/owasp-amass/amass/v4/engine/plugins/support"
-    et "github.com/owasp-amass/amass/v4/engine/types"
-    dbt "github.com/owasp-amass/asset-db/types"
-    oam "github.com/owasp-amass/open-asset-model"
-    oamdns "github.com/owasp-amass/open-asset-model/dns"
-    "github.com/owasp-amass/resolve"
+	"errors"
+	"fmt"
+	"log/slog"
+	"time"
+
+	"github.com/miekg/dns"
+	"github.com/owasp-amass/amass/v4/engine/plugins/support"
+	et "github.com/owasp-amass/amass/v4/engine/types"
+	dbt "github.com/owasp-amass/asset-db/types"
+	oamdns "github.com/owasp-amass/open-asset-model/dns"
+	"github.com/owasp-amass/resolve"
 )
 
 type dnsTXT struct {
-    name   string
-    plugin *dnsPlugin
+	name   string
+	plugin *dnsPlugin
+	source *et.Source
 }
 
 func (d *dnsTXT) check(e *et.Event) error {
-    _, ok := e.Entity.Asset.(*oamdns.FQDN)
-    if !ok {
-        slog.Error("failed to extract the FQDN asset", "event", e)
-        return errors.New("failed to extract the FQDN asset")
-    }
-
-    since, err := support.TTLStartTime(e.Session.Config(), "FQDN", "FQDN", d.plugin.name)
-    if err != nil {
-        slog.Error("failed to get TTL start time", "error", err, "event", e)
-        return err
-    }
-
-    var txtRecords []*resolve.ExtractedAnswer
-    src := d.plugin.source
-    if support.AssetMonitoredWithinTTL(e.Session, e.Entity, src, since) {
-        txtRecords = d.lookup(e, e.Entity, since)
-    } else {
-        txtRecords = d.query(e, e.Entity)
-    }
-
-    if len(txtRecords) > 0 {
-        d.process(e, e.Entity, txtRecords)
-    } else {
-        slog.Warn("no TXT records found", "event", e)
-    }
-    return nil
+	_, ok := e.Entity.Asset.(*oamdns.FQDN)
+	if !ok {
+		return errors.New("failed to extract the FQDN asset")
+	}
+
+	since, err := support.TTLStartTime(e.Session.Config(), "FQDN", "FQDN", d.plugin.name)
+	if err != nil {
+		return err
+	}
+
+	var txtRecords []*resolve.ExtractedAnswer
+	if support.AssetMonitoredWithinTTL(e.Session, e.Entity, d.source, since) {
+		txtRecords = d.lookup(e, e.Entity, since)
+	} else {
+		txtRecords = d.query(e, e.Entity)
+		d.store(e, e.Entity, txtRecords)
+	}
+
+	if len(txtRecords) > 0 {
+		d.process(e, e.Entity, txtRecords)
+	}
+	return nil
 }
 
 func (d *dnsTXT) lookup(e *et.Event, fqdn *dbt.Entity, since time.Time) []*resolve.ExtractedAnswer {
-    var txtRecords []*resolve.ExtractedAnswer
-
-    n, ok := fqdn.Asset.(*oamdns.FQDN)
-    if !ok || n == nil {
-        slog.Error("Failed to cast asset to FQDN", "event", e, "fqdn", fqdn)
-        return txtRecords
-    }
-
-    if assets := d.plugin.lookupWithinTTL(e.Session, n.Name, oam.FQDN, since, oam.BasicDNSRelation, int(dns.TypeTXT)); len(assets) > 0 {
-        for _, a := range assets {
-            txtRecords = append(txtRecords, &resolve.ExtractedAnswer{
-                Type: dns.TypeTXT,
-                Data: a.Asset.(*oamdns.FQDN).Name,
-            })
-        }
-    } else {
-        slog.Warn("No assets found within TTL", "event", e, "fqdn", fqdn)
-    }
-    return txtRecords
+	var txtRecords []*resolve.ExtractedAnswer
+
+	n, ok := fqdn.Asset.(*oamdns.FQDN)
+	if !ok || n == nil {
+		return txtRecords
+	}
+
+	if tags, err := e.Session.Cache().GetEntityTags(fqdn, since, "dns_record"); err == nil {
+		for _, tag := range tags {
+			if prop, ok := tag.Property.(*oamdns.DNSRecordProperty); ok && prop.Header.RRType == int(dns.TypeTXT) {
+				txtRecords = append(txtRecords, &resolve.ExtractedAnswer{
+					Name: n.Name,
+					Type: dns.TypeTXT,
+					Data: prop.Data,
+				})
+			}
+		}
+	}
+
+	return txtRecords
 }
 
 func (d *dnsTXT) query(e *et.Event, name *dbt.Entity) []*resolve.ExtractedAnswer {
-    var txtRecords []*resolve.ExtractedAnswer
-
-    fqdn, ok := name.Asset.(*oamdns.FQDN)
-    if !ok {
-        slog.Error("Failed to cast asset to FQDN in query", "event", e, "name", name)
-        return txtRecords
-    }
-
-    if rr, err := support.PerformQuery(fqdn.Name, dns.TypeTXT); err == nil {
-        txtRecords = append(txtRecords, rr...)
-        support.MarkAssetMonitored(e.Session, name, d.plugin.source)
-    } else {
-        slog.Error("Failed to perform DNS query", "error", err, "event", e, "fqdn", fqdn)
-    }
-
-    return txtRecords
+	var txtRecords []*resolve.ExtractedAnswer
+
+	fqdn, ok := name.Asset.(*oamdns.FQDN)
+	if !ok {
+		return txtRecords
+	}
+
+	if rr, err := support.PerformQuery(fqdn.Name, dns.TypeTXT); err == nil {
+		txtRecords = append(txtRecords, rr...)
+		support.MarkAssetMonitored(e.Session, name, d.source)
+	}
+
+	return txtRecords
 }
 
 func (d *dnsTXT) store(e *et.Event, fqdn *dbt.Entity, rr []*resolve.ExtractedAnswer) {
-    for _, record := range rr {
-        if record.Type != dns.TypeTXT {
-            continue
-        }
-
-        txtValue := record.Data
-
-        _, err := e.Session.Cache().CreateEntityProperty(fqdn, &oamdns.DNSRecordProperty{
-            PropertyName: "dns_record",
-            Header: oamdns.RRHeader{
-                RRType: 16,
-                Class:  1,
-                TTL:    300,
-            },
-            Data: txtValue,
-        })
-        if err != nil {
-            slog.Error("failed to create entity property", "error", err, "event", e, "fqdn", fqdn, "txtValue", txtValue)
-        }
-    }
+	for _, record := range rr {
+		if record.Type != dns.TypeTXT {
+			continue
+		}
+
+		txtValue := record.Data
+		_, err := e.Session.Cache().CreateEntityProperty(fqdn, &oamdns.DNSRecordProperty{
+			PropertyName: "dns_record",
+			Header: oamdns.RRHeader{
+				RRType: int(dns.TypeTXT),
+				Class:  1,
+			},
+			Data: txtValue,
+		})
+		if err != nil {
+			msg := fmt.Sprintf("failed to create entity property for %s: %s", txtValue, err)
+			e.Session.Log().Error(msg, "error", err.Error(),
+				slog.Group("plugin", "name", d.plugin.name, "handler", d.name))
+		}
+	}
 }
 
 func (d *dnsTXT) process(e *et.Event, fqdn *dbt.Entity, txtRecords []*resolve.ExtractedAnswer) {
-    d.store(e, fqdn, txtRecords)
-
-    for _, record := range txtRecords {
-        e.Session.Log().Info("TXT record discovered", "fqdn", fqdn.Asset.(*oamdns.FQDN).Name, "txt", record.Data, slog.Group("plugin", "name", d.plugin.name, "handler", d.name))
-    }
-}
+	for _, record := range txtRecords {
+		e.Session.Log().Info("TXT record discovered", "fqdn",
+			fqdn.Asset.(*oamdns.FQDN).Name, "txt", record.Data,
+			slog.Group("plugin", "name", d.plugin.name, "handler", d.name))
+	}
+}