Congratulations to @caffix v5.1.1 today! Thank you for all the continued work on this project.
I posted about this in the OWASP Amass Discord a couple of months ago and have now done a deeper investigation into the source.
The Problem
When using amass assoc with a regex (#/.../#) in the subject position of a triple, the regex is validated during parsing but never actually evaluated when querying the database. The #/.../# delimiters are passed through as a literal string to PostgreSQL, resulting in zero matches.
Regex in the object position works fine.
# Broken — regex in subject
amass assoc -config config.yaml -t1 '<fqdn:#/.*example.com/#> - <*:dns_record> -> <ipaddress:*>'
# Works — regex in object
amass assoc -config config.yaml -t1 '<fqdn:example.com> - <*:dns_record> -> <ipaddress:#/192\.168\..*/#>'
Root Cause (best guess)
I'm not a Go developer, so I had AI help me trace through the source code — take this with a grain of salt. But the bug appears to be in the asset-db package, not in amass itself. I've filed a detailed issue with my analysis there:
owasp-amass/asset-db#41 — Regex in triple subject is parsed but ignored by findFirstSubject() in asset-db/triples/extract.go
As best I can tell: findFirstSubject() in extract.go builds a ContentFilters map from the raw subject.Key string (which still contains the delimiters), while the object and subsequent-subject code paths correctly use the in-memory valueMatch() function with the compiled Regexp. But I could be wrong about the specifics — the behavior is definitely reproducible though.
Environment
- Amass v5.0.1 (Docker Compose setup)
- PostgreSQL backend
Thanks again for the awesome project — happy to help test a fix or contribute a PR.
Congratulations to @caffix v5.1.1 today! Thank you for all the continued work on this project.
I posted about this in the OWASP Amass Discord a couple of months ago and have now done a deeper investigation into the source.
The Problem
When using
amass assocwith a regex (#/.../#) in the subject position of a triple, the regex is validated during parsing but never actually evaluated when querying the database. The#/.../#delimiters are passed through as a literal string to PostgreSQL, resulting in zero matches.Regex in the object position works fine.
Root Cause (best guess)
I'm not a Go developer, so I had AI help me trace through the source code — take this with a grain of salt. But the bug appears to be in the
asset-dbpackage, not in amass itself. I've filed a detailed issue with my analysis there:owasp-amass/asset-db#41 — Regex in triple subject is parsed but ignored by
findFirstSubject()inasset-db/triples/extract.goAs best I can tell:
findFirstSubject()inextract.gobuilds aContentFiltersmap from the rawsubject.Keystring (which still contains the delimiters), while the object and subsequent-subject code paths correctly use the in-memoryvalueMatch()function with the compiledRegexp. But I could be wrong about the specifics — the behavior is definitely reproducible though.Environment
Thanks again for the awesome project — happy to help test a fix or contribute a PR.