additional development on the GLEIF plugin

caffix · caffix · commit 75f90088d54a · 2025-02-12T01:21:12.000-05:00
diff --git a/engine/plugins/api/gleif/fuzzy.go b/engine/plugins/api/gleif/fuzzy.go
@@ -9,6 +9,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"log/slog"
 	"net/url"
 	"strings"
 	"time"
@@ -18,6 +19,7 @@ import (
 	"github.com/owasp-amass/amass/v4/utils/net/http"
 	dbt "github.com/owasp-amass/asset-db/types"
 	oam "github.com/owasp-amass/open-asset-model"
+	"github.com/owasp-amass/open-asset-model/contact"
 	"github.com/owasp-amass/open-asset-model/general"
 	"github.com/owasp-amass/open-asset-model/org"
 )
@@ -116,23 +118,100 @@ func (fc *fuzzyCompletions) query(e *et.Event, orgent *dbt.Entity, src *et.Sourc
 				EntityID: d.Relationships.LEIRecords.Data.ID,
 				Type:     general.LEICode,
 			}
+			break
 		}
 	}
 	if lei == nil {
 		return nil
 	}
 
 	rec, err := fc.plugin.getLEIRecord(e, lei, src)
-	if err == nil {
+	if err == nil && fc.locMatch(e, orgent, rec) {
 		return nil
 	}
 
-	return fc.store(e, orgent, lei, fc.plugin.source)
+	return fc.store(e, lei, src)
 }
 
-func (fc *fuzzyCompletions) store(e *et.Event, orgent *dbt.Entity, id *general.Identifier, src *et.Source) *dbt.Entity {
+func (fc *fuzzyCompletions) locMatch(e *et.Event, orgent *dbt.Entity, rec *leiRecord) bool {
+	if edges, err := e.Session.Cache().OutgoingEdges(orgent, time.Time{}, "location"); err == nil {
+		for _, edge := range edges {
+			if a, err := e.Session.Cache().FindEntityById(edge.ToEntity.ID); err == nil && a != nil {
+				if loc, ok := a.Asset.(*contact.Location); ok &&
+					(loc.PostalCode == rec.Attributes.Entity.LegalAddress.PostalCode ||
+						(loc.PostalCode == rec.Attributes.Entity.HeadquartersAddress.PostalCode)) {
+					return true
+				}
+			}
+		}
+	}
+
+	var crs []*dbt.Entity
+	if edges, err := e.Session.Cache().IncomingEdges(orgent, time.Time{}, "organization"); err == nil {
+		for _, edge := range edges {
+			if a, err := e.Session.Cache().FindEntityById(edge.FromEntity.ID); err == nil && a != nil {
+				if _, ok := a.Asset.(*contact.ContactRecord); ok {
+					crs = append(crs, a)
+				}
+			}
+		}
+	}
+
+	for _, cr := range crs {
+		if edges, err := e.Session.Cache().OutgoingEdges(cr, time.Time{}, "location"); err == nil {
+			for _, edge := range edges {
+				if a, err := e.Session.Cache().FindEntityById(edge.ToEntity.ID); err == nil && a != nil {
+					if loc, ok := a.Asset.(*contact.Location); ok &&
+						(loc.PostalCode == rec.Attributes.Entity.LegalAddress.PostalCode ||
+							(loc.PostalCode == rec.Attributes.Entity.HeadquartersAddress.PostalCode)) {
+						return true
+					}
+				}
+			}
+		}
+	}
+	return false
+}
+
+func (fc *fuzzyCompletions) store(e *et.Event, id *general.Identifier, src *et.Source) *dbt.Entity {
+	a, err := e.Session.Cache().CreateAsset(id)
+
+	if err == nil && a != nil {
+		_, _ = e.Session.Cache().CreateEntityProperty(a, &general.SourceProperty{
+			Source:     src.Name,
+			Confidence: src.Confidence,
+		})
+		return a
+	}
+
+	e.Session.Log().Error(err.Error(), slog.Group("plugin", "name", fc.plugin.name, "handler", fc.name))
 	return nil
 }
 
 func (fc *fuzzyCompletions) process(e *et.Event, orgent, ident *dbt.Entity, src *et.Source) {
+	edge, err := e.Session.Cache().CreateEdge(&dbt.Edge{
+		Relation:   &general.SimpleRelation{Name: "id"},
+		FromEntity: orgent,
+		ToEntity:   ident,
+	})
+	if err != nil && edge == nil {
+		e.Session.Log().Error(err.Error(), slog.Group("plugin", "name", fc.plugin.name, "handler", fc.name))
+		return
+	}
+
+	_, _ = e.Session.Cache().CreateEdgeProperty(edge, &general.SourceProperty{
+		Source:     src.Name,
+		Confidence: src.Confidence,
+	})
+
+	id := ident.Asset.(*general.Identifier)
+	_ = e.Dispatcher.DispatchEvent(&et.Event{
+		Name:    id.UniqueID,
+		Entity:  ident,
+		Session: e.Session,
+	})
+
+	o := orgent.Asset.(*org.Organization)
+	e.Session.Log().Info("relationship discovered", "from", o.Name, "relation", "id",
+		"to", id.UniqueID, slog.Group("plugin", "name", fc.plugin.name, "handler", fc.name))
 }
diff --git a/engine/plugins/api/gleif/plugin.go b/engine/plugins/api/gleif/plugin.go
@@ -228,7 +228,7 @@ type leiRelationshipLinks struct {
 	ReportingException  string `json:"reporting-exception"`
 }
 
-func (g *gleif) getLEIRecord(e *et.Event, ident *general.Identifier, src *et.Source) (*singleResponse, error) {
+func (g *gleif) getLEIRecord(e *et.Event, ident *general.Identifier, src *et.Source) (*leiRecord, error) {
 	g.rlimit.Take()
 
 	u := "https://api.gleif.org/api/v1/lei-records/" + ident.EntityID
@@ -243,5 +243,5 @@ func (g *gleif) getLEIRecord(e *et.Event, ident *general.Identifier, src *et.Sou
 	} else if len(result.Data.ID) == 0 {
 		return nil, errors.New("Failed to find LEI record")
 	}
-	return &result, nil
+	return &result.Data, nil
 }
diff --git a/engine/plugins/api/gleif/related.go b/engine/plugins/api/gleif/related.go
@@ -16,6 +16,7 @@ import (
 	dbt "github.com/owasp-amass/asset-db/types"
 	oam "github.com/owasp-amass/open-asset-model"
 	"github.com/owasp-amass/open-asset-model/general"
+	"github.com/owasp-amass/open-asset-model/org"
 )
 
 type relatedOrgs struct {
@@ -27,29 +28,76 @@ func (ro *relatedOrgs) check(e *et.Event) error {
 	ident, ok := e.Entity.Asset.(*general.Identifier)
 	if !ok {
 		return errors.New("failed to extract the Identifier asset")
+	} else if ident.Type != general.LEICode {
+		return nil
 	}
 
-	since, err := support.TTLStartTime(e.Session.Config(), string(oam.Identifier), string(oam.Identifier), lr.name)
+	since, err := support.TTLStartTime(e.Session.Config(), string(oam.Identifier), string(oam.Identifier), ro.name)
 	if err != nil {
 		return err
 	}
 
-	var names []*dbt.Entity
+	var orgs []*dbt.Entity
 	if support.AssetMonitoredWithinTTL(e.Session, e.Entity, ro.plugin.source, since) {
-		names = append(names, ro.lookup(e, ident, ro.plugin.source, since)...)
+		orgs = append(orgs, ro.lookup(e, e.Entity, ro.plugin.source, since)...)
 	} else {
-		names = append(names, ro.query(e, ident, ro.plugin.source)...)
+		orgs = append(orgs, ro.query(e, ident, ro.plugin.source)...)
 		support.MarkAssetMonitored(e.Session, e.Entity, ro.plugin.source)
 	}
 
-	if len(names) > 0 {
-		ro.process(e, names, ro.plugin.source)
+	if len(orgs) > 0 {
+		ro.process(e, orgs, ro.plugin.source)
 	}
 	return nil
 }
 
-func (ro *relatedOrgs) lookup(e *et.Event, ident *general.Identifier, src *et.Source, since time.Time) []*dbt.Entity {
-	return support.SourceToAssetsWithinTTL(e.Session, ident.Key(), string(oam.Identifier), ro.plugin.source, since)
+func (ro *relatedOrgs) lookup(e *et.Event, ident *dbt.Entity, src *et.Source, since time.Time) []*dbt.Entity {
+	var o *dbt.Entity
+
+	if edges, err := e.Session.Cache().IncomingEdges(ident, since, "id"); err == nil {
+		for _, edge := range edges {
+			if tags, err := e.Session.Cache().GetEdgeTags(edge, since, src.Name); err != nil || len(tags) == 0 {
+				continue
+			}
+			if a, err := e.Session.Cache().FindEntityById(edge.FromEntity.ID); err == nil && a != nil {
+				if _, ok := a.Asset.(*org.Organization); ok {
+					o = a
+					break
+				}
+			}
+		}
+	}
+
+	var p *dbt.Entity
+	if edges, err := e.Session.Cache().OutgoingEdges(o, since, "parent"); err == nil {
+		for _, edge := range edges {
+			if tags, err := e.Session.Cache().GetEdgeTags(edge, since, src.Name); err != nil || len(tags) == 0 {
+				continue
+			}
+			if a, err := e.Session.Cache().FindEntityById(edge.ToEntity.ID); err == nil && a != nil {
+				if _, ok := a.Asset.(*org.Organization); ok {
+					p = a
+					break
+				}
+			}
+		}
+	}
+
+	var children []*dbt.Entity
+	if edges, err := e.Session.Cache().OutgoingEdges(o, since, "subsidiary"); err == nil {
+		for _, edge := range edges {
+			if tags, err := e.Session.Cache().GetEdgeTags(edge, since, src.Name); err != nil || len(tags) == 0 {
+				continue
+			}
+			if a, err := e.Session.Cache().FindEntityById(edge.ToEntity.ID); err == nil && a != nil {
+				if _, ok := a.Asset.(*org.Organization); ok {
+					children = append(children, a)
+				}
+			}
+		}
+	}
+
+	return append([]*dbt.Entity{o, p}, children...)
 }
 
 func (ro *relatedOrgs) query(e *et.Event, ident *general.Identifier, src *et.Source) []*dbt.Entity {
@@ -62,11 +110,11 @@ func (ro *relatedOrgs) query(e *et.Event, ident *general.Identifier, src *et.Sou
 	}
 
 	var result singleResponse
-	if err := json.Unmarshal([]byte(resp.Body), &result); err != nil || len(result.Data) == 0 {
+	if err := json.Unmarshal([]byte(resp.Body), &result); err != nil {
 		return nil
 	}
 
-	return ro.store(e, &result, ro.plugin.source)
+	return ro.store(e, &result, src)
 }
 
 func (ro *relatedOrgs) store(e *et.Event, lei *singleResponse, src *et.Source) []*dbt.Entity {

Original file line number	Diff line number	Diff line change
`@@ -228,7 +228,7 @@ type leiRelationshipLinks struct {`
`228`	`228`	ReportingException string `json:"reporting-exception"`
`229`	`229`	`}`
`230`	`230`
`231`		`-func (g gleif) getLEIRecord(e et.Event, ident general.Identifier, src et.Source) (*singleResponse, error) {`
	`231`	`+func (g gleif) getLEIRecord(e et.Event, ident general.Identifier, src et.Source) (*leiRecord, error) {`
`232`	`232`	`g.rlimit.Take()`
`233`	`233`
`234`	`234`	`u := "https://api.gleif.org/api/v1/lei-records/" + ident.EntityID`
`@@ -243,5 +243,5 @@ func (g gleif) getLEIRecord(e et.Event, ident general.Identifier, src et.Sou`
`243`	`243`	`} else if len(result.Data.ID) == 0 {`
`244`	`244`	`return nil, errors.New("Failed to find LEI record")`
`245`	`245`	`}`
`246`		`- return &result, nil`
	`246`	`+ return &result.Data, nil`
`247`	`247`	`}`