From 19f7529dc354fa5f945ef055a67e7d9254212c3b Mon Sep 17 00:00:00 2001
From: liquidsec <paul.mueller08@gmail.com>
Date: Tue, 23 Jan 2024 11:19:41 -0500
Subject: [PATCH 1/2] fixing bug with signature parsing

---
 baddns/lib/matcher.py   |  5 +++--
 baddns/modules/cname.py |  2 +-
 tests/matcher_test.py   | 33 +++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/baddns/lib/matcher.py b/baddns/lib/matcher.py
index 7f598c83..5cb7fb7d 100644
--- a/baddns/lib/matcher.py
+++ b/baddns/lib/matcher.py
@@ -75,12 +75,13 @@ def is_match(self, response):
         if not isinstance(response, httpx.Response):
             raise TypeError("response must be an httpx.Response object")
         self.response = response
-
         matchers_condition = self.rules.get("matchers-condition", "and")
         results = []
-        for matcher in self.rules.get("matchers", []):
+        matcher_rule = self.rules.get("matcher_rule", [])
+        for matcher in matcher_rule.get("matchers", []):
             match_type = matcher["type"]
             match_func = getattr(self, f"_{match_type}", None)
+
             if match_func:
                 result = match_func(matcher)
                 results.append(result)
diff --git a/baddns/modules/cname.py b/baddns/modules/cname.py
index fe31cf35..22f723ea 100644
--- a/baddns/modules/cname.py
+++ b/baddns/modules/cname.py
@@ -157,7 +157,7 @@ def analyze(self):
                             continue
                         log.debug("passed IPS")
 
-                    m = Matcher(sig.signature["matcher_rule"])
+                    m = Matcher(sig.signature)
                     log.debug("Checking for HTTP matches")
                     if any(m.is_match(hr) for hr in http_results if hr is not None):
                         log.debug(f"CNAME {self.cname_dnsmanager.target} Vulnerable")
diff --git a/tests/matcher_test.py b/tests/matcher_test.py
index 6780c2d3..97a73653 100644
--- a/tests/matcher_test.py
+++ b/tests/matcher_test.py
@@ -102,3 +102,36 @@ def test_matcher_3(httpx_mock):
     m = Matcher(rules)
     r = httpx.get("https://baddns.com/test3")
     assert m.is_match(r)
+
+
+
+def test_matcher_4(httpx_mock):
+    httpx_mock.add_response(
+        url="https://baddns.com/test4",
+        status_code=302,
+        text="<html><p>regex_matcher_test_1234</p></html>",
+        headers={"Foo": "offline.ghost.org"},
+    )
+    rules = """
+  identifiers:
+    cnames: []
+    ips: []
+    nameservers: []
+    not_cnames: []
+  matcher_rule:
+    matchers:
+    - dsl:
+      - Host != ip
+      type: dsl
+    - regex:
+      - 'regex_matcher_test_\d{1,4}'
+      type: regex
+    matchers-condition: and
+  mode: http
+  service_name: test signature regex
+  source: nucleitemplates
+        """
+    m = Matcher(rules)
+    r = httpx.get("https://baddns.com/test4")
+    print(m.is_match(r))
+    assert m.is_match(r)

From 67b6a7b4c4a179687df926e1f3e3ec6f2cdd1b46 Mon Sep 17 00:00:00 2001
From: liquidsec <paul.mueller08@gmail.com>
Date: Tue, 23 Jan 2024 11:24:23 -0500
Subject: [PATCH 2/2] black

---
 tests/matcher_test.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/matcher_test.py b/tests/matcher_test.py
index 97a73653..fe1a2ac2 100644
--- a/tests/matcher_test.py
+++ b/tests/matcher_test.py
@@ -104,7 +104,6 @@ def test_matcher_3(httpx_mock):
     assert m.is_match(r)
 
 
-
 def test_matcher_4(httpx_mock):
     httpx_mock.add_response(
         url="https://baddns.com/test4",