def test_check_specific_domains(self):
"""Test if only domains from the config file get checked"""
shouldcheck = [
'evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org'
]
shouldnotcheck = [
'evil11.unittests.fuglu.org', 'evil22.unittests.fuglu.org'
]
config = self._make_config(checkdomains=shouldcheck,
virusaction='REJECT',
rejectmessage='spearphish')
candidate = SpearPhishPlugin(None)
candidate.config = config
for domain in shouldcheck:
suspect = self._make_dummy_suspect(
envelope_sender_domain='example.com',
recipient_domain=domain,
header_from_domain=domain)
self.assertEqual(candidate.examine(suspect),
(REJECT, 'spearphish'),
' spearphish should have been detected')
for domain in shouldnotcheck:
suspect = self._make_dummy_suspect(
envelope_sender_domain='example.com',
recipient_domain=domain,
header_from_domain=domain)
self.assertEqual(
candidate.examine(suspect), DUNNO,
'spearphish should have been ignored - not in config file')
def test_check_all_domains(self):
"""Test if all domains are checked if an empty file is configured"""
shouldcheck = ['evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org']
config = self._make_config(checkdomains=[], virusaction='REJECT', rejectmessage='spearphish')
candidate = SpearPhishPlugin(None)
candidate.config = config
for domain in shouldcheck:
suspect = self._make_dummy_suspect(envelope_sender_domain='example.com', recipient_domain=domain,
header_from_domain=domain)
self.assertEqual(candidate.examine(suspect), (REJECT, 'spearphish'),
' spearphish should have been detected')
def test_check_specific_domains(self):
"""Test if only domains from the config file get checked"""
shouldcheck = ['evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org']
shouldnotcheck = ['evil11.unittests.fuglu.org', 'evil22.unittests.fuglu.org']
config = self._make_config(checkdomains=shouldcheck, virusaction='REJECT', rejectmessage='spearphish')
candidate = SpearPhishPlugin(None)
candidate.config = config
for domain in shouldcheck:
suspect = self._make_dummy_suspect(envelope_sender_domain='example.com', recipient_domain=domain, header_from_domain=domain)
self.assertEqual(candidate.examine(suspect), (REJECT, 'spearphish'), ' spearphish should have been detected')
for domain in shouldnotcheck:
suspect = self._make_dummy_suspect(envelope_sender_domain='example.com', recipient_domain=domain,
header_from_domain=domain)
self.assertEqual(candidate.examine(suspect), DUNNO, 'spearphish should have been ignored - not in config file' )
def test_specification(self):
"""Check if the plugin works as intended:
Only hit if header_from_domain = recipient domain but different envelope sender domain
"""
config = self._make_config(checkdomains=[], virusaction='REJECT', rejectmessage='spearphish')
candidate = SpearPhishPlugin(None)
candidate.config = config
# the spearphish case, header from = recipient, but different env sender
self.assertEqual(candidate.examine(
self._make_dummy_suspect(
envelope_sender_domain='a.example.com',
recipient_domain='b.example.com',
header_from_domain='b.example.com')),
(REJECT, 'spearphish'),
'spearphish should have been detected')
# don't hit if env sender matches as well
self.assertEqual(candidate.examine(
self._make_dummy_suspect(
envelope_sender_domain='c.example.com',
recipient_domain='c.example.com',
header_from_domain='c.example.com')),
DUNNO,
'env sender domain = recipient domain should NOT be flagged as spearphish (1)')
# don't hit if all different
self.assertEqual(candidate.examine(
self._make_dummy_suspect(
envelope_sender_domain='d.example.com',
recipient_domain='e.example.com',
header_from_domain='f.example.com')),
(DUNNO, None),
'env sender domain = recipient domain should NOT be flagged as spearphish (2)')
def test_emptyfrom(self):
"""Check with empty mail but address in display part"""
shouldcheck = [
'evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org'
]
config = self._make_config(checkdomains=shouldcheck,
virusaction='REJECT',
rejectmessage='spearphish',
check_display_part='True')
candidate = SpearPhishPlugin(None)
candidate.config = config
domain = 'evil1.unittests.fuglu.org'
envelope_sender_domain = 'example.com'
recipient_domain = domain
file = os.path.join(unittestsetup.TESTDATADIR, "empty_from_to.eml")
suspect = Suspect('sender@%s' % envelope_sender_domain,
'recipient@%s' % recipient_domain, file)
response = candidate.examine(suspect)
self.assertEqual(response, (REJECT, 'spearphish'),
' spearphish should have been detected')
def test_multiline(self):
"""Check a multiline from header"""
shouldcheck = [
'evil1.unittests.fuglu.org', 'evil2.unittests.fuglu.org'
]
config = self._make_config(checkdomains=shouldcheck,
virusaction='REJECT',
rejectmessage='spearphish')
candidate = SpearPhishPlugin(None)
candidate.config = config
domain = 'evil1.unittests.fuglu.org'
envelope_sender_domain = 'example.com'
recipient_domain = domain
file = os.path.join(unittestsetup.TESTDATADIR,
"from_subject_2lines.eml")
suspect = Suspect('sender@%s' % envelope_sender_domain,
'recipient@%s' % recipient_domain, file)
response = candidate.examine(suspect)
self.assertEqual(response, (REJECT, 'spearphish'),
' spearphish should have been detected')