bbot icon indicating copy to clipboard operation
bbot copied to clipboard
verified publisher icon blacklanternsecurity

Don't Increment Scope Distance for Hostless Events

Open TheTechromancer opened this issue 1 year ago • 5 comments

Events without hosts associated with them, such as FILESYSTEM, should probably not have their scope distance incremented.

TheTechromancer avatar Jun 12 '24 13:06 TheTechromancer

Just looking into this, seems like I can add a if to the BaseEvent class that can satisfy this requirement

if self.host:
    if self._scope_distance_increment_same_host or not hosts_are_same:
        new_scope_distance += 1
self.scope_distance = new_scope_distance

Not sure if its as simple as this or if theres more areas that I'm overlooking

domwhewell-sage avatar Jun 12 '24 15:06 domwhewell-sage

Looks good.

The majority of the work will be in fixing the tests and making sure everything works as intended.

TheTechromancer avatar Jun 12 '24 17:06 TheTechromancer

Hey @domwhewell-sage, are you working on this one? If not, I can take it.

TheTechromancer avatar Jun 20 '24 15:06 TheTechromancer

Hey, I started with the if statement but the tests were returning some strange results (i.e. distance-0 for events that shouldn't be)

So it might make more sense to cast your expert eye over it @TheTechromancer

domwhewell-sage avatar Jun 20 '24 16:06 domwhewell-sage

Roger I'll take a look

TheTechromancer avatar Jun 20 '24 16:06 TheTechromancer

Added in https://github.com/blacklanternsecurity/bbot/pull/1603.

@domwhewell-sage this changed the way scope distance is handled for some of the code-related modules. When you get a chance to test it out, let me know if you notice anything unusual. Tests are still passing so we should be good overall.

TheTechromancer avatar Aug 02 '24 14:08 TheTechromancer