def test_rating_100_2(self, f_sender, f_recipient, f_mail_fields_dict): """Test email which already in test_emails table in db""" test_email = TestMail(self.mail_fields1) push_email_into_db(self.mail_fields1, test_email, [self.recipient1], self.sender1) self.mail_fields_dict5 = { "text": " ".join([self.body_plain1]), "html": "", "subject": self.subject1, "from": self.email1, "from_name": "", "to": [(self.email1, self.name1)], "date": 1587298372.484211, "attachmentFileName": [], "links": [], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) rating = conclude(self.mail_fields_dict5, self.fake_eml_file, self.fake_mail_request) assert rating == 100
def test_similar_email_in_db(self, f_sender, f_recipient, f_mail_fields_dict): """Similar test email is already in the database""" test_email = TestMail(self.mail_fields1) push_email_into_db(self.mail_fields1, test_email, [self.recipient1], self.sender1) self.mail_fields_dict5 = { "text": " ".join([self.body_plain1]), "html": "", "subject": self.subject1, "from": self.email1, "from_name": "", "to": [(self.email1, self.name1)], "date": 1587298372.484211, "attachmentFileName": [], "links": [], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) spam = Spam( subject=str(self.mail_fields_dict5["subject"]), email_date=str(self.mail_fields_dict5["date"]), body_plain=self.mail_fields_dict5["text"], body_html=self.mail_fields_dict5["html"], ssdeep=self.mail_fields_dict5["ssdeep"], length=self.mail_fields_dict5["len"], attachment=False, ) similar_emails_ids = spam.get_ids_for_similarity_check() assert similar_emails_ids[0] == 1
def test_rating_100_3(self, f_mail_fields_dict): """Match against the rule file""" utils.settings.data["relay"]["use_rule_file"] = True with open("./testing_rules.json") as json_file: utils.settings.rules = json.load(json_file) self.mail_fields_dict5 = { "text": "example body_plain", "html": "", "subject": self.subject1, "from": self.email1, "from_name": "", "to": [(self.email2, "")], "date": 1587298372.484211, "attachmentFileName": [], "links": [], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) rating = conclude(self.mail_fields_dict5, self.fake_eml_file, self.fake_mail_request) assert rating == 100
def test_rating_50(self, f_links, f_settings, f_mail_fields_dict): """Test email with link (which is already in db three times) and username in body_plain""" push_into_db(self.settings1) self.f_link4 = Link(self.link2, 3, 60) push_into_db(self.f_link4) self.mail_fields_dict5 = { "text": " ".join([self.body_plain1, self.username1, self.link2]), "html": "", "subject": self.subject1, "from": self.email1, "from_name": "", "to": [(self.email2, "")], "date": 1587322973.484211, "attachmentFileName": [], "links": [self.link2], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) rating = conclude(self.mail_fields_dict5, self.fake_eml_file, self.fake_mail_request) assert rating == 50
def test_rating_30(self, f_settings, f_mail_fields_dict): """Test email with the username in body_plain, body_plain is very long""" push_into_db(self.settings1) self.body_plain5 = (self.generator.paragraph() + "\n" + self.generator.paragraph()) self.mail_fields_dict5 = { "text": " ".join([self.body_plain5, self.username1]), "html": "", "subject": self.subject1, "from": self.email1, "from_name": "", "to": [(self.email2, "")], "date": 1587322973.484211, "attachmentFileName": [], "links": [], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) rating = conclude(self.mail_fields_dict5, self.fake_eml_file, self.fake_mail_request) assert rating == 30
def f_mail_fields(self, f_mail_fields_dict): self.mail_fields1 = MailFields( subject=self.subject1, email_date=datetime.timestamp(datetime.today()), body_html=self.body_html1, ssdeep=get_fuzzy_hash(self.mail_fields_dict1), length=self.length(self.mail_fields_dict1), attachment=False, ) self.mail_fields2 = MailFields( subject=self.subject2, email_date=datetime.timestamp(datetime.today()), body_plain=self.body_plain2, ssdeep=get_fuzzy_hash(self.mail_fields_dict2), length=self.length(self.mail_fields_dict2), attachment=False, ) self.mail_fields3 = MailFields( subject=self.subject3, email_date=datetime.timestamp(datetime.today()), body_plain=self.body_plain3, body_html=self.body_html3, ssdeep=get_fuzzy_hash(self.mail_fields_dict3), length=self.length(self.mail_fields_dict3), attachment=True, ) self.mail_fields4 = MailFields( subject=self.subject4, email_date=datetime.timestamp(datetime.today()), body_plain=self.body_plain4, body_html=self.body_html4, ssdeep=get_fuzzy_hash(self.mail_fields_dict4), length=self.length(self.mail_fields_dict4), attachment=False, ) self.mail_fields_list = [ self.mail_fields1, self.mail_fields2, self.mail_fields3, self.mail_fields4, ] for mf in self.mail_fields_list: push_into_db(mf)
def test_rating_70(self, f_mail_fields_dict): """Test email with honeypot IP address in subject""" self.mail_fields_dict5 = { "text": " ".join([self.body_plain2]), "html": "", "subject": self.ip, "from": self.email1, "from_name": "", "to": [(self.email2, "")], "date": 1587322973.484211, "attachmentFileName": [], "links": [], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) rating = conclude(self.mail_fields_dict5, self.fake_eml_file, self.fake_mail_request) assert rating == 70
def test_rating_55(self, f_settings, f_mail_fields_dict): """Test email with the username in body_plain and test time""" push_into_db(self.settings1) self.mail_fields_dict5 = { "text": " ".join([self.body_plain1, self.username1]), "html": "", "subject": self.subject1, "from": self.email1, "from_name": "", "to": [(self.email2, "")], "date": 1587298372.484211, "attachmentFileName": [], "links": [], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) rating = conclude(self.mail_fields_dict5, self.fake_eml_file, self.fake_mail_request) assert rating == 55
def test_rating_0(self, f_settings, f_mail_fields_dict): """Test email with attachment and word test in subject""" push_into_db(self.settings1) self.mail_fields_dict5 = { "text": " ".join([self.body_plain2]), "html": "", "subject": " ".join(["test"]), "from": self.email1, "from_name": "", "to": [(self.email2, "")], "date": 1587322973.484211, "attachmentFileName": ["test.doc"], "links": [], } self.mail_fields_dict5["len"] = ( len(self.mail_fields_dict5["html"]) + len(self.mail_fields_dict5["subject"]) + len(self.mail_fields_dict5["text"])) self.mail_fields_dict5["ssdeep"] = get_fuzzy_hash( self.mail_fields_dict5) rating = conclude(self.mail_fields_dict5, self.fake_eml_file, self.fake_mail_request) assert rating == 0
def test_db_mail_fields_create(self, f_mail_fields): assert self.mail_fields1.subject == self.subject1 compare = ssdeep.compare(get_fuzzy_hash(self.mail_fields_dict1), self.mail_fields1.ssdeep) assert compare == 100 assert self.mail_fields3.attachment