def test_input_email(): """ Given: - Nothing When: - Processing email reputation from API Then: - Raises Value error for missing email field """ from EmailRepIO import email_command client = emailrep_client() with pytest.raises(ValueError) as error_info: email_command(client, {}) assert 'Email(s) not specified' in str(error_info.value)
def test_email_score_bad_malicious_activity_and_credentials_leaked_recent(requests_mock): """ Given: - email_address When: - processing suspicious email reputation from API - email malicious_activity_recent is True - email credentials_leaked_recent is True Then: - Returns BAD DBot score and malicious_description accordingly """ from EmailRepIO import email_command mock_response = util_load_json('test_data/reputation_get_results.json') requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response) client = emailrep_client() args = { 'email': f'{TEST_EMAIL_ADDRESS}' } mock_response["suspicious"] = True mock_response["details.malicious_activity_recent"] = True mock_response["details.credentials_leaked_recent"] = True requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response) response = email_command(client, args) assert response.indicator.dbot_score.score == Common.DBotScore.BAD assert response.indicator.dbot_score.malicious_description == \ 'EmailRepIO returned malicious_activity_recent credentials_leaked_recent'
def test_email(requests_mock): """ Given: - email_address When: - processing email reputation from API Then: - Returns DBot score and API outputs """ from EmailRepIO import INTEGRATION_NAME, email_command mock_response = util_load_json('test_data/reputation_get_results.json') requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response) client = emailrep_client() args = {'email': f'{TEST_EMAIL_ADDRESS}'} response = email_command(client, args) assert response.outputs_prefix == f'{INTEGRATION_NAME}.Email' assert response.outputs_key_field == 'id' assert response.outputs == { "details": { "blacklisted": True, "malicious_activity": True, "malicious_activity_recent": True, "credentials_leaked": True, "credentials_leaked_recent": False, "data_breach": True, "first_seen": "07/01/2008", "last_seen": "10/18/2020", "domain_exists": True, "domain_reputation": "n/a", "new_domain": False, "days_since_domain_creation": 9197, "suspicious_tld": False, "spam": True, "free_provider": True, "disposable": False, "deliverable": False, "accept_all": False, "valid_mx": True, "spoofable": True, "spf_strict": True, "dmarc_enforced": False, "profiles": ["twitter"] }, "email": "*****@*****.**", "reputation": "none", "suspicious": True, "references": 143 } # Assert SUSPICIOUS dbot score assert response.indicator.email_address == TEST_EMAIL_ADDRESS assert response.indicator.dbot_score.indicator == TEST_EMAIL_ADDRESS assert response.indicator.dbot_score.indicator_type == DBotScoreType.ACCOUNT assert response.indicator.dbot_score.integration_name == INTEGRATION_NAME assert response.indicator.dbot_score.score == Common.DBotScore.SUSPICIOUS
def test_email_score_good(requests_mock): """ Given: - email_address When: - processing not suspicious email reputation from API Then: - Returns GOOD DBot score """ from EmailRepIO import email_command mock_response = util_load_json('test_data/reputation_get_results.json') requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response) client = emailrep_client() args = { 'email': f'{TEST_EMAIL_ADDRESS}' } mock_response["suspicious"] = False requests_mock.get(f'https://emailrep.io/{TEST_EMAIL_ADDRESS}', json=mock_response) response = email_command(client, args) assert response.indicator.dbot_score.score == Common.DBotScore.GOOD