def test_input_email():
"""
Given:
- Nothing
When:
- Processing email reputation from API
Then:
- Raises Value error for missing email field
"""
from EmailRepIO import email_command
client = emailrep_client()
with pytest.raises(ValueError) as error_info:
email_command(client, {})
assert 'Email(s) not specified' in str(error_info.value)
def test_email_score_bad_malicious_activity_and_credentials_leaked_recent(requests_mock):
"""
Given:
- email_address
When:
- processing suspicious email reputation from API
- email malicious_activity_recent is True
- email credentials_leaked_recent is True
Then:
- Returns BAD DBot score and malicious_description accordingly
"""
from EmailRepIO import email_command
mock_response = util_load_json('test_data/reputation_get_results.json')
requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response)
client = emailrep_client()
args = {
'email': f'{TEST_EMAIL_ADDRESS}'
}
mock_response["suspicious"] = True
mock_response["details.malicious_activity_recent"] = True
mock_response["details.credentials_leaked_recent"] = True
requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response)
response = email_command(client, args)
assert response.indicator.dbot_score.score == Common.DBotScore.BAD
assert response.indicator.dbot_score.malicious_description == \
'EmailRepIO returned malicious_activity_recent credentials_leaked_recent'
def test_email(requests_mock):
"""
Given:
- email_address
When:
- processing email reputation from API
Then:
- Returns DBot score and API outputs
"""
from EmailRepIO import INTEGRATION_NAME, email_command
mock_response = util_load_json('test_data/reputation_get_results.json')
requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}',
json=mock_response)
client = emailrep_client()
args = {'email': f'{TEST_EMAIL_ADDRESS}'}
response = email_command(client, args)
assert response.outputs_prefix == f'{INTEGRATION_NAME}.Email'
assert response.outputs_key_field == 'id'
assert response.outputs == {
"details": {
"blacklisted": True,
"malicious_activity": True,
"malicious_activity_recent": True,
"credentials_leaked": True,
"credentials_leaked_recent": False,
"data_breach": True,
"first_seen": "07/01/2008",
"last_seen": "10/18/2020",
"domain_exists": True,
"domain_reputation": "n/a",
"new_domain": False,
"days_since_domain_creation": 9197,
"suspicious_tld": False,
"spam": True,
"free_provider": True,
"disposable": False,
"deliverable": False,
"accept_all": False,
"valid_mx": True,
"spoofable": True,
"spf_strict": True,
"dmarc_enforced": False,
"profiles": ["twitter"]
},
"email": "*****@*****.**",
"reputation": "none",
"suspicious": True,
"references": 143
}
# Assert SUSPICIOUS dbot score
assert response.indicator.email_address == TEST_EMAIL_ADDRESS
assert response.indicator.dbot_score.indicator == TEST_EMAIL_ADDRESS
assert response.indicator.dbot_score.indicator_type == DBotScoreType.ACCOUNT
assert response.indicator.dbot_score.integration_name == INTEGRATION_NAME
assert response.indicator.dbot_score.score == Common.DBotScore.SUSPICIOUS
def test_email_score_good(requests_mock):
"""
Given:
- email_address
When:
- processing not suspicious email reputation from API
Then:
- Returns GOOD DBot score
"""
from EmailRepIO import email_command
mock_response = util_load_json('test_data/reputation_get_results.json')
requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response)
client = emailrep_client()
args = {
'email': f'{TEST_EMAIL_ADDRESS}'
}
mock_response["suspicious"] = False
requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response)
response = email_command(client, args)
assert response.indicator.dbot_score.score == Common.DBotScore.GOOD
