def _exchange_online_query_emails_function(self, event, *args, **kwargs): """Function: This function will query Exchange Online to find emails matching the specified input parameters.""" try: # Initialize the results payload rp = ResultPayload(CONFIG_DATA_SECTION, **kwargs) # Validate fields validate_fields(['exo_email_address'], kwargs) # Get the function parameters email_address = kwargs.get('exo_email_address') # text mail_folders = kwargs.get('exo_mail_folders') # text sender = kwargs.get('exo_email_address_sender') # text start_date = kwargs.get('exo_start_date') # datetime end_date = kwargs.get('exo_end_date') # datetime has_attachments = kwargs.get('exo_has_attachments') # bool message_subject = kwargs.get('exo_message_subject') # text message_body = kwargs.get('exo_message_body') # text LOG.info(u"exo_email_address: %s", email_address) LOG.info(u"exo_mailfolders: %s", mail_folders) LOG.info(u"exo_email_address_sender: %s", sender) LOG.info(u"exo_start_date: %s", start_date) LOG.info(u"exo_end_date: %s", end_date) LOG.info(u"exo_email_has_attachments: %s", has_attachments) LOG.info(u"exo_message_subject: %s", message_subject) LOG.info(u"exo_message_body: %s", message_body) yield StatusMessage(u"Starting message query.") # Get the MS Graph helper class MS_graph_helper = MSGraphHelper( self.options.get("microsoft_graph_token_url"), self.options.get("microsoft_graph_url"), self.options.get("tenant_id"), self.options.get("client_id"), self.options.get("client_secret"), self.options.get("max_messages"), self.options.get("max_users"), RequestsCommon(self.opts, self.options).get_proxies()) email_results = MS_graph_helper.query_messages( email_address, mail_folders, sender, start_date, end_date, has_attachments, message_subject, message_body) # Put query results in the results payload. results = rp.done(True, email_results) yield StatusMessage(u"Returning results from query.") LOG.debug(json.dumps(results['content'])) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as err: LOG.error(err) yield FunctionError(err)
def test_query_messages(self, authenticate_mock, mocked_get): """ Test Query Message Single User""" print("Test Query Messages Single User\n") try: authenticate_mock.return_value = True MS_graph_helper = MSGraphHelper( MOCKED_OPTS.get("microsoft_graph_token_url"), MOCKED_OPTS.get("microsoft_graph_url"), MOCKED_OPTS.get("tenant_id"), MOCKED_OPTS.get("client_id"), MOCKED_OPTS.get("client_secret"), MOCKED_OPTS.get("max_messages"), MOCKED_OPTS.get("max_users"), MOCKED_OPTS.get("max_retries_total"), MOCKED_OPTS.get("max_retries_backoff_factor"), MOCKED_OPTS.get("max_batched_requests"), None) # Mock the email lists for user 1 content1 = {'value': [{'id': 'AAA'}, {'id': 'BBB'}]} mocked_get.side_effect = [generate_response(content1, 200)] result_list = MS_graph_helper.query_messages( "*****@*****.**", None, "*****@*****.**", None, None, None, "lunch", None) assert len(result_list) == 1 assert result_list[0]['email_address'] == '*****@*****.**' assert result_list[0]['status_code'] == 200 assert result_list[0]['email_list'][0]['id'] == 'AAA' assert result_list[0]['email_list'][1]['id'] == 'BBB' mocked_get.side_effect = [generate_response(content1, 404)] result_list = MS_graph_helper.query_messages( "*****@*****.**", None, None, None, None, None, "lunch", None) assert len(result_list) == 0 mocked_get.side_effect = [generate_response(content1, 300)] result_list = MS_graph_helper.query_messages( "*****@*****.**", None, None, None, None, None, "lunch", None) except IntegrationError as err: assert True
def _exchange_online_query_emails_function(self, event, *args, **kwargs): """Function: This function will query Exchange Online to find emails matching the specified input parameters.""" try: # Initialize the results payload rp = ResultPayload(CONFIG_DATA_SECTION, **kwargs) # Validate fields validate_fields(['exo_email_address', 'exo_query_output_format'], kwargs) # Get the function parameters incident_id = kwargs.get('incident_id') # number email_address = kwargs.get('exo_email_address') # text mail_folders = kwargs.get('exo_mail_folders') # text sender = kwargs.get('exo_email_address_sender') # text start_date = kwargs.get('exo_start_date') # datetime end_date = kwargs.get('exo_end_date') # datetime has_attachments = kwargs.get('exo_has_attachments') # bool message_subject = kwargs.get('exo_message_subject') # text message_body = kwargs.get('exo_message_body') # text query_output_format = self.get_select_param( kwargs.get('exo_query_output_format') ) # select values: "Exchange Online data table", "Incident attachment", "Incident note" LOG.info(u"incident_id: %s", str(incident_id)) LOG.info(u"exo_email_address: %s", email_address) LOG.info(u"exo_mailfolders: %s", mail_folders) LOG.info(u"exo_email_address_sender: %s", sender) LOG.info(u"exo_start_date: %s", start_date) LOG.info(u"exo_end_date: %s", end_date) LOG.info(u"exo_email_has_attachments: %s", has_attachments) LOG.info(u"exo_message_subject: %s", message_subject) LOG.info(u"exo_message_body: %s", message_body) LOG.info(u"exo_query_output_format: %s", query_output_format) yield StatusMessage(u"Starting message query.") # Get the MS Graph helper class MS_graph_helper = MSGraphHelper( self.options.get("microsoft_graph_token_url"), self.options.get("microsoft_graph_url"), self.options.get("tenant_id"), self.options.get("client_id"), self.options.get("client_secret"), self.options.get("max_messages"), self.options.get("max_users"), self.options.get("max_retries_total", MAX_RETRIES_TOTAL), self.options.get("max_retries_backoff_factor", MAX_RETRIES_BACKOFF_FACTOR), self.options.get("max_batched_requests", MAX_BATCHED_REQUESTS), RequestsCommon(self.opts, self.options).get_proxies()) email_results = MS_graph_helper.query_messages( email_address, mail_folders, sender, start_date, end_date, has_attachments, message_subject, message_body) query_results = { "incident_id": incident_id, "exo_query_output_format": query_output_format, "email_results": email_results } # Put query results in the results payload. results = rp.done(True, query_results) metrics = results.get("metrics") query_time_ms = metrics.get("execution_time_ms") # Write query results to an attachment or note as specified by the user in activity field. # Writing results to the data table takes place in the post processor script. self.write_results_to_note_or_attachment( email_address, mail_folders, sender, start_date, end_date, has_attachments, message_subject, message_body, query_results, query_time_ms) # Produce a FunctionResult with the results yield FunctionResult(results) except Exception as err: LOG.error(err) yield FunctionError(err)
def test_query_messages_all_users(self, authenticate_mock, mocked_get, mocked_post): """ Test Query Messages All Users""" print("Test Query Messages All Users\n") try: authenticate_mock.return_value = True MS_graph_helper = MSGraphHelper( MOCKED_OPTS.get("microsoft_graph_token_url"), MOCKED_OPTS.get("microsoft_graph_url"), MOCKED_OPTS.get("tenant_id"), MOCKED_OPTS.get("client_id"), MOCKED_OPTS.get("client_secret"), MOCKED_OPTS.get("max_messages"), MOCKED_OPTS.get("max_users"), MOCKED_OPTS.get("max_retries_total"), MOCKED_OPTS.get("max_retries_backoff_factor"), MOCKED_OPTS.get("max_batched_requests"), None) # Mock the users content1 = { 'value': [{ 'userPrincipalName': '*****@*****.**' }, { 'userPrincipalName': '*****@*****.**' }] } # Mock the responses from the POST to $batch endpoint. content2 = { 'responses': [{ 'id': '1', 'status': 200, 'body': { 'value': [{ 'id': 'AAA' }, { 'id': 'BBB' }] } }, { 'id': '2', 'status': 200, 'body': { 'value': [{ 'id': 'CCC' }] } }] } mocked_get.side_effect = [generate_response(content1, 200)] mocked_post.side_effect = [generate_response(content2, 200)] email_list = MS_graph_helper.query_messages( "all", None, None, None, None, None, "lunch", None) assert len(email_list) == 2 assert email_list[0]['email_address'] == '*****@*****.**' assert email_list[0]['status_code'] == 200 assert email_list[0]['email_list'][0]['id'] == 'AAA' assert email_list[0]['email_list'][1]['id'] == 'BBB' assert email_list[1]['email_address'] == '*****@*****.**' assert email_list[1]['status_code'] == 200 assert email_list[1]['email_list'][0]['id'] == 'CCC' except IntegrationError as err: assert True