def _prepare_raw(self, database, addr):
"""
Retrieve raw data that triggered new event to be attached to this ip addr
(it can take the form of a csv line or an email).
:param database: The DB instance
:param str addr: Related IP address
:rtype array:
:return: Array of raw data for each event entry
"""
results = []
for entry in database.find_all_event_data_for_ip(addr):
line = "Raised by {} with a weight of {}.".format(
entry['source'], str(entry['weight']))
# Emails are encoded as b64 to avoid any side effects.
if not utils.is_base64_encoded(entry['data']):
line = "{} Raw data:\n{}".format(line, entry['data'])
else:
line = "{} This is an e-mail and it won't be displayed in this report.".format(
line)
results.append(line)
return results
def get_reputation_events_for_source(addr, source, start_date):
"""
Get reputation events with full data (raw data included) for
a given ip and a given source.
:param str addr: Ip the reputation must be computed with
:param str source: Source short name to get events of
:param int start_date: Timestamp the events must be retrieved from
:rtype: array
:return: Array of events
"""
with mongo.Mongo() as database:
events = database.find_all_event_data_for_ip(addr, start_date, True)
result = [event for event in events if event['source'] == _map_source_from_shortname(source)]
# Find the first data to determine whether data are b64 encoded or not.
is_encoded = False
for event in result:
if event['data']:
is_encoded = utils.is_base64_encoded(event['data'])
break
# If data are encoded, then decode all
if is_encoded:
for event in result:
event['data'] = base64.b64decode(event['data']).decode() if event['data'] else event['data']
return result
def get_reputation_events_for_source(addr, source, start_date):
"""
Get reputation events with full data (raw data included) for
a given ip and a given source.
:param str addr: Ip the reputation must be computed with
:param str source: Source short name to get events of
:param int start_date: Timestamp the events must be retrieved from
:rtype: array
:return: Array of events
"""
with mongo.Mongo() as database:
events = database.find_all_event_data_for_ip(addr, start_date, True)
result = [event for event in events if event['source'] == _map_source_from_shortname(source)]
# Find the first data to determine whether data are b64 encoded or not.
is_encoded = False
for event in result:
if event['data']:
is_encoded = utils.is_base64_encoded(event['data'])
break
# If data are encoded, then decode all
if is_encoded:
for event in result:
event['data'] = event['data'].decode('base64') if event['data'] else event['data']
return result
def _prepare_raw(self, database, addr):
"""
Retrieve raw data that triggered new event to be attached to this ip addr
(it can take the form of a csv line or an email).
:param Mongo database: `Mongo` instance
:param str addr: Related IP address
:rtype array:
:return: Array of raw data for each event entry
"""
results = []
for entry in database.find_all_event_data_for_ip(addr):
line = "Raised by {} with a weight of {}.".format(entry['source'], str(entry['weight']))
# Emails are encoded as b64 to avoid any side effects.
if not utils.is_base64_encoded(entry['data']):
line = "{} Raw data:\n{}".format(line, entry['data'])
else:
line = "{} This is an e-mail and it won't be displayed in this report.".format(line)
results.append(line)
return results
def test_is_base64_encoded(self):
str1 = "Hello world !!"
str2 = base64.b64encode(b"Hello\nWorld !!!").decode()
self.assertFalse(utils.is_base64_encoded(str1))
self.assertTrue(utils.is_base64_encoded(str2))
def test_is_base64_encoded(self):
str1 = "Hello world !!"
str2 = base64.b64encode("Hello\nWorld !!!")
self.assertFalse(utils.is_base64_encoded(str1))
self.assertTrue(utils.is_base64_encoded(str2))
