def test_aggregated_reputation(self): with patch('mongo.mongo.Mongo') as mock: instance = mock.return_value enter = instance.__enter__.return_value enter.find_all_events_for_ip.return_value = [ {'weight': 3, 'timestamp': 4, 'filename': 'ZZZ', 'source': 'SpamCop', 'data': 'AAA'}, {'weight': 5, 'timestamp': 5, 'filename': 'YYY', 'source': 'SpamCop', 'data': 'BBB'}, {'weight': 7, 'timestamp': 6, 'filename': 'XXX', 'source': 'AOL', 'data': 'CCC'} ] result = reputation.aggregate_reputation_per_source('5.5.5.5', 3) enter.find_all_events_for_ip.assert_called_with('5.5.5.5', 3, True) # Build expected values that should be all parser shortened names = 0, except SpamCop (SCOP) = 8 and AOL = 7. expected = [] for parser in parsers.keys(): weight = 0 if parser == 'AOL': weight = 7 elif parser == 'SpamCop': weight = 8 expected.append({ 'short_name': shortened_names[parser], 'full_name': parser, 'result': weight, }) # Assertions self.assertEquals(len(expected), len(result)) self.assertEqual(expected, result)
def get_parser_class(name): """ From a parser name, return the class to instantiate :param str name: Name of the parser to instantiate :rtype: class """ if name == 'mails': # Put AOL but it could be SignalSpam / SpamCop since it's the same parser. return parsers['AOL'] for k in parsers.keys(): if k.lower() == name: return parsers[k] return None
def aggregate_reputation_per_source(addr, start_date): """ Aggregate ip reputation per source returning for each source the sum of the weights. :param str addr: Ip the reputation must be computed with :param int start_date: Timestamp the events must be retrieved from :rtype: dict :return: dictionary that gives for each source, the aggregated weight """ with mongo.Mongo() as database: events = database.find_all_events_for_ip(addr, start_date, True) # Reduce by source scores_by_source = _compute_score_by_source(events) # Append sources which are missing in scores_by_source (no attached events) for parser in parsers.keys(): if parser not in scores_by_source.keys(): scores_by_source[parser] = 0 # Format final dto result = [] for source in scores_by_source.keys(): if source not in shortened_names.keys(): short_name = source else: short_name = shortened_names[source] result.append({ 'short_name': short_name, 'full_name': source, 'result': scores_by_source[source], }) return result
def aggregate_reputation_per_source(addr, start_date): """ Aggregate ip reputation per source returning for each source the sum of the weights. :param str addr: Ip the reputation must be computed with :param int start_date: Timestamp the events must be retrieved from :rtype: dict :return: Dictionnary that gives for each source, the aggregated weight """ with mongo.Mongo() as database: events = database.find_all_events_for_ip(addr, start_date, True) # Reduce by source scores_by_source = _compute_score_by_source(events) # Append sources which are missing in scores_by_source (no attached events) for parser in parsers.keys(): if parser not in scores_by_source.keys(): scores_by_source[parser] = 0 # Format final dto result = [] for source in scores_by_source.keys(): if source not in shortened_names.keys(): short_name = source else: short_name = shortened_names[source] result.append({ 'short_name': short_name, 'full_name': source, 'result': scores_by_source[source], }) return result