def test_rating_100_2(self, f_sender, f_recipient, f_mail_fields_dict):
"""Test email which already in test_emails table in db"""
test_email = TestMail(self.mail_fields1)
push_email_into_db(self.mail_fields1, test_email, [self.recipient1],
self.sender1)
self.mail_fields_dict5 = {
"text": " ".join([self.body_plain1]),
"html": "",
"subject": self.subject1,
"from": self.email1,
"from_name": "",
"to": [(self.email1, self.name1)],
"date": 1587298372.484211,
"attachmentFileName": [],
"links": [],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
rating = conclude(self.mail_fields_dict5, self.fake_eml_file,
self.fake_mail_request)
assert rating == 100
def test_similar_email_in_db(self, f_sender, f_recipient,
f_mail_fields_dict):
"""Similar test email is already in the database"""
test_email = TestMail(self.mail_fields1)
push_email_into_db(self.mail_fields1, test_email, [self.recipient1],
self.sender1)
self.mail_fields_dict5 = {
"text": " ".join([self.body_plain1]),
"html": "",
"subject": self.subject1,
"from": self.email1,
"from_name": "",
"to": [(self.email1, self.name1)],
"date": 1587298372.484211,
"attachmentFileName": [],
"links": [],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
spam = Spam(
subject=str(self.mail_fields_dict5["subject"]),
email_date=str(self.mail_fields_dict5["date"]),
body_plain=self.mail_fields_dict5["text"],
body_html=self.mail_fields_dict5["html"],
ssdeep=self.mail_fields_dict5["ssdeep"],
length=self.mail_fields_dict5["len"],
attachment=False,
)
similar_emails_ids = spam.get_ids_for_similarity_check()
assert similar_emails_ids[0] == 1
def test_rating_100_3(self, f_mail_fields_dict):
"""Match against the rule file"""
utils.settings.data["relay"]["use_rule_file"] = True
with open("./testing_rules.json") as json_file:
utils.settings.rules = json.load(json_file)
self.mail_fields_dict5 = {
"text": "example body_plain",
"html": "",
"subject": self.subject1,
"from": self.email1,
"from_name": "",
"to": [(self.email2, "")],
"date": 1587298372.484211,
"attachmentFileName": [],
"links": [],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
rating = conclude(self.mail_fields_dict5, self.fake_eml_file,
self.fake_mail_request)
assert rating == 100
def test_rating_50(self, f_links, f_settings, f_mail_fields_dict):
"""Test email with link (which is already in db three times)
and username in body_plain"""
push_into_db(self.settings1)
self.f_link4 = Link(self.link2, 3, 60)
push_into_db(self.f_link4)
self.mail_fields_dict5 = {
"text": " ".join([self.body_plain1, self.username1, self.link2]),
"html": "",
"subject": self.subject1,
"from": self.email1,
"from_name": "",
"to": [(self.email2, "")],
"date": 1587322973.484211,
"attachmentFileName": [],
"links": [self.link2],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
rating = conclude(self.mail_fields_dict5, self.fake_eml_file,
self.fake_mail_request)
assert rating == 50
def test_rating_30(self, f_settings, f_mail_fields_dict):
"""Test email with the username in body_plain, body_plain is very long"""
push_into_db(self.settings1)
self.body_plain5 = (self.generator.paragraph() + "\n" +
self.generator.paragraph())
self.mail_fields_dict5 = {
"text": " ".join([self.body_plain5, self.username1]),
"html": "",
"subject": self.subject1,
"from": self.email1,
"from_name": "",
"to": [(self.email2, "")],
"date": 1587322973.484211,
"attachmentFileName": [],
"links": [],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
rating = conclude(self.mail_fields_dict5, self.fake_eml_file,
self.fake_mail_request)
assert rating == 30
def f_mail_fields(self, f_mail_fields_dict):
self.mail_fields1 = MailFields(
subject=self.subject1,
email_date=datetime.timestamp(datetime.today()),
body_html=self.body_html1,
ssdeep=get_fuzzy_hash(self.mail_fields_dict1),
length=self.length(self.mail_fields_dict1),
attachment=False,
)
self.mail_fields2 = MailFields(
subject=self.subject2,
email_date=datetime.timestamp(datetime.today()),
body_plain=self.body_plain2,
ssdeep=get_fuzzy_hash(self.mail_fields_dict2),
length=self.length(self.mail_fields_dict2),
attachment=False,
)
self.mail_fields3 = MailFields(
subject=self.subject3,
email_date=datetime.timestamp(datetime.today()),
body_plain=self.body_plain3,
body_html=self.body_html3,
ssdeep=get_fuzzy_hash(self.mail_fields_dict3),
length=self.length(self.mail_fields_dict3),
attachment=True,
)
self.mail_fields4 = MailFields(
subject=self.subject4,
email_date=datetime.timestamp(datetime.today()),
body_plain=self.body_plain4,
body_html=self.body_html4,
ssdeep=get_fuzzy_hash(self.mail_fields_dict4),
length=self.length(self.mail_fields_dict4),
attachment=False,
)
self.mail_fields_list = [
self.mail_fields1,
self.mail_fields2,
self.mail_fields3,
self.mail_fields4,
]
for mf in self.mail_fields_list:
push_into_db(mf)
def test_rating_70(self, f_mail_fields_dict):
"""Test email with honeypot IP address in subject"""
self.mail_fields_dict5 = {
"text": " ".join([self.body_plain2]),
"html": "",
"subject": self.ip,
"from": self.email1,
"from_name": "",
"to": [(self.email2, "")],
"date": 1587322973.484211,
"attachmentFileName": [],
"links": [],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
rating = conclude(self.mail_fields_dict5, self.fake_eml_file,
self.fake_mail_request)
assert rating == 70
def test_rating_55(self, f_settings, f_mail_fields_dict):
"""Test email with the username in body_plain and test time"""
push_into_db(self.settings1)
self.mail_fields_dict5 = {
"text": " ".join([self.body_plain1, self.username1]),
"html": "",
"subject": self.subject1,
"from": self.email1,
"from_name": "",
"to": [(self.email2, "")],
"date": 1587298372.484211,
"attachmentFileName": [],
"links": [],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
rating = conclude(self.mail_fields_dict5, self.fake_eml_file,
self.fake_mail_request)
assert rating == 55
def test_rating_0(self, f_settings, f_mail_fields_dict):
"""Test email with attachment and word test in subject"""
push_into_db(self.settings1)
self.mail_fields_dict5 = {
"text": " ".join([self.body_plain2]),
"html": "",
"subject": " ".join(["test"]),
"from": self.email1,
"from_name": "",
"to": [(self.email2, "")],
"date": 1587322973.484211,
"attachmentFileName": ["test.doc"],
"links": [],
}
self.mail_fields_dict5["len"] = (
len(self.mail_fields_dict5["html"]) +
len(self.mail_fields_dict5["subject"]) +
len(self.mail_fields_dict5["text"]))
self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash(
self.mail_fields_dict5)
rating = conclude(self.mail_fields_dict5, self.fake_eml_file,
self.fake_mail_request)
assert rating == 0
def test_db_mail_fields_create(self, f_mail_fields):
assert self.mail_fields1.subject == self.subject1
compare = ssdeep.compare(get_fuzzy_hash(self.mail_fields_dict1),
self.mail_fields1.ssdeep)
assert compare == 100
assert self.mail_fields3.attachment