def test_emails(emails: List[bytes]):
for email in emails:
try:
eml = EmlFactory.from_bytes(email)
assert eml is not None
except Exception as e:
print(e)
print(email.decode())
def test_sample(sample_eml):
eml = EmlFactory.from_bytes(sample_eml)
assert eml.header.message_id is None
assert eml.header.subject == "Winter promotions"
assert eml.header.to == ["*****@*****.**"]
assert eml.header.from_ == "*****@*****.**"
assert len(eml.bodies) == 2
def test_multipart(multipart_eml):
eml = EmlFactory.from_bytes(multipart_eml)
assert eml.attachments is not None
assert len(eml.attachments) == 1
first = eml.attachments[0]
assert first.filename == "tired_boot.FJ010019.jpeg"
assert first.hash_.md5 == "f561388f7446cedd5b8b480311744b3c"
def test_encrypted_docx(encrypted_docx_eml):
eml = EmlFactory.from_bytes(encrypted_docx_eml)
assert eml.attachments is not None
assert len(eml.attachments) == 1
first = eml.attachments[0]
assert (first.hash_.sha256 ==
"28df2d6dfa10dc85c8ebb5defffcb15c196dca7b26d4fd6859b9ec75ac60cf9e")
async def to_model(self) -> Response:
eml = EmlFactory.from_bytes(self.eml_file)
verdicts: List[Verdict] = []
verdicts.append(await
SpamAssassinVerdictFactory.from_bytes(self.eml_file))
verdicts.append(OleIDVerdictFactory.from_attachments(eml.attachments))
return Response(eml=eml, verdicts=verdicts)
def test_cc(cc_eml):
eml = EmlFactory.from_bytes(cc_eml)
assert eml.header.message_id == "<*****@*****.**>"
assert eml.header.subject == "To and Cc headers"
assert eml.header.to == ["*****@*****.**", "*****@*****.**"]
assert eml.header.cc == ["*****@*****.**", "*****@*****.**"]
assert len(eml.bodies) == 1
assert eml.bodies[0].content == ""
assert eml.attachments == []
async def to_model(self) -> Response:
eml = EmlFactory.from_bytes(self.eml_file)
urls = aggregate_urls_from_bodies(eml.bodies)
sha256s = aggregate_sha256s_from_attachments(eml.attachments)
verdicts: List[Verdict] = []
async_tasks = [
partial(SpamAssassinVerdictFactory.from_bytes, self.eml_file),
]
if has_urlscan_api_key():
async_tasks.append(partial(UrlscanVerdictFactory.from_urls, urls))
if has_virustotal_api_key():
async_tasks.append(partial(VirusTotalVerdictFactory.from_sha256s, sha256s))
if has_inquest_api_key():
async_tasks.append(partial(InQuestVerdictFactory.from_sha256s, sha256s))
# Add SpamAsassin, urlscan, virustotal verdicts
verdicts = await aiometer.run_all(async_tasks)
# Add OleID verdict
verdicts.append(OleIDVerdictFactory.from_attachments(eml.attachments))
# Add VT verdict
return Response(eml=eml, verdicts=verdicts)
def get_attachments(eml_file: bytes) -> List[Attachment]:
eml = EmlFactory.from_bytes(eml_file)
return eml.attachments
def test_complete_msg(complete_msg):
eml = EmlFactory.from_bytes(complete_msg)
assert eml.header.subject == "Test Multiple attachments complete email!!"
def docx_attachment(encrypted_docx_eml: bytes) -> Attachment:
eml = EmlFactory.from_bytes(encrypted_docx_eml)
return eml.attachments[0]