mail_to_misp/tests/tests.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-

import unittest
import importlib
import sys
from io import BytesIO
sys.path.insert(0, ".")

from mail2misp import Mail2MISP


class TestMailToMISP(unittest.TestCase):

    def test_spamtrap(self):
        config = importlib.import_module('tests.config_spamtrap')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/simple_spamtrap.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.email_from_spamtrap()
        self.mail2misp.process_body_iocs()
        event = self.mail2misp.add_event()
        print(event)

    def test_spamtrap_attachment(self):
        config = importlib.import_module('tests.config_spamtrap')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/attachment_spamtrap.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.email_from_spamtrap()
        self.mail2misp.process_body_iocs()
        event = self.mail2misp.add_event()
        print(event)

    def test_forward(self):
        config = importlib.import_module('tests.config_forward')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/simple_forward.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.process_email_body()
        self.mail2misp.process_body_iocs()
        event = self.mail2misp.add_event()
        print(event)

    def test_forward_attachment(self):
        config = importlib.import_module('tests.config_forward')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/attachment_forward.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.process_email_body()
        self.mail2misp.process_body_iocs()
        event = self.mail2misp.add_event()
        print(event)

    def test_benign(self):
        config = importlib.import_module('tests.config_forward')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/test_benign.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.process_email_body()
        self.mail2misp.process_body_iocs()
        self.assertTrue('attachment' in [a.type for a in self.mail2misp.misp_event.attributes])
        self.assertTrue(self.mail2misp.misp_event.publish)

    def test_textfile(self):
        config = importlib.import_module('tests.config_forward')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/test_textattachment.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.process_email_body()

    def test_meta_event(self):
        config = importlib.import_module('tests.config_forward')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/test_meta.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.process_email_body()
        self.mail2misp.process_body_iocs()
        self.assertTrue(self.mail2misp.misp_event.publish)
        self.assertEqual(self.mail2misp.misp_event.distribution, '3')
        self.assertEqual(self.mail2misp.misp_event.threat_level_id, '2')
        self.assertEqual(self.mail2misp.misp_event.analysis, '0')
        self.mail2misp.add_event()

    def test_nested_mime(self):
        config = importlib.import_module('tests.config_forward')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/test_nested_mime.eml', 'rb') as f:
            self.mail2misp.load_email(BytesIO(f.read()))
        self.mail2misp.process_email_body()
        self.assertEqual(self.mail2misp.clean_email_body, 'example.org\r\nwww.example.org\r\n')

    def test_attached_emails(self):
        config = importlib.import_module('tests.config_carrier')
        self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)
        with open('tests/mails/test_7_email_attachments.eml', 'rb') as f:
            attached_emails = self.mail2misp.get_attached_emails(BytesIO(f.read()))
        self.assertEqual(len(attached_emails), 7)


if __name__ == '__main__':
    unittest.main()
new: Make it a lib, add test cases 2018-05-14 23:23:30 +02:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`

			`import unittest`
			`import importlib`
			`import sys`
			`from io import BytesIO`
			`sys.path.insert(0, ".")`

			`from mail2misp import Mail2MISP`


			`class TestMailToMISP(unittest.TestCase):`

			`def test_spamtrap(self):`
			`config = importlib.import_module('tests.config_spamtrap')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/simple_spamtrap.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.email_from_spamtrap()`
			`self.mail2misp.process_body_iocs()`
			`event = self.mail2misp.add_event()`
			`print(event)`

			`def test_spamtrap_attachment(self):`
			`config = importlib.import_module('tests.config_spamtrap')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/attachment_spamtrap.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.email_from_spamtrap()`
			`self.mail2misp.process_body_iocs()`
			`event = self.mail2misp.add_event()`
			`print(event)`

			`def test_forward(self):`
			`config = importlib.import_module('tests.config_forward')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/simple_forward.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.process_email_body()`
			`self.mail2misp.process_body_iocs()`
			`event = self.mail2misp.add_event()`
			`print(event)`

			`def test_forward_attachment(self):`
			`config = importlib.import_module('tests.config_forward')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/attachment_forward.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.process_email_body()`
			`self.mail2misp.process_body_iocs()`
			`event = self.mail2misp.add_event()`
			`print(event)`

fix: benign attachment in FW email Fix #25 2018-08-02 11:51:11 +02:00			`def test_benign(self):`
			`config = importlib.import_module('tests.config_forward')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/test_benign.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.process_email_body()`
			`self.mail2misp.process_body_iocs()`
			`self.assertTrue('attachment' in [a.type for a in self.mail2misp.misp_event.attributes])`
fix: Avoid failure if dns key is not in the config file. 2018-08-02 12:02:18 +02:00			`self.assertTrue(self.mail2misp.misp_event.publish)`
new: Make it a lib, add test cases 2018-05-14 23:23:30 +02:00
fix: Properly handle plain text attachments 2018-08-02 17:02:17 +02:00			`def test_textfile(self):`
			`config = importlib.import_module('tests.config_forward')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/test_textattachment.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.process_email_body()`

fix: Allow passing 0 to distribution, threat_level and analysis 2018-08-03 10:52:35 +02:00			`def test_meta_event(self):`
			`config = importlib.import_module('tests.config_forward')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/test_meta.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.process_email_body()`
			`self.mail2misp.process_body_iocs()`
			`self.assertTrue(self.mail2misp.misp_event.publish)`
fix: Properly add sightings, meta event attributes 2018-08-03 11:26:11 +02:00			`self.assertEqual(self.mail2misp.misp_event.distribution, '3')`
			`self.assertEqual(self.mail2misp.misp_event.threat_level_id, '2')`
			`self.assertEqual(self.mail2misp.misp_event.analysis, '0')`
			`self.mail2misp.add_event()`

multipart messages can be nested within each other An example of something that does this is GPG, when operating in PGP/MIME mode. The Python documentation remarks that an attachment is anything that isn't a body - meaning that if there are multipart messages nested within each other, the containers will be flagged as an attachment. When get_content() is called on the attachment, it fails with an unhandled KeyError as there is no attachment handler for multipart. This change wraps the get_content() call in a try...catch, and returns if an attachment type unsupported by the runtime is present. ``` Traceback (most recent call last): File "/Users/adamb/mail_to_misp/tests/tests.py", line 89, in test_nested_mime self.mail2misp.process_email_body() File "./mail2misp/mail2misp.py", line 188, in process_email_body self._find_attached_forward() File "./mail2misp/mail2misp.py", line 88, in _find_attached_forward attachment_content = attachment.get_content() File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/message.py", line 1096, in get_content return content_manager.get_content(self, args, *kw) File "/usr/local/Cellar/python/3.7.7/Frameworks/Python.framework/Versions/3.7/lib/python3.7/email/contentmanager.py", line 25, in get_content raise KeyError(content_type) KeyError: 'multipart/mixed' ``` 2020-06-07 01:16:17 +02:00			`def test_nested_mime(self):`
			`config = importlib.import_module('tests.config_forward')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/test_nested_mime.eml', 'rb') as f:`
			`self.mail2misp.load_email(BytesIO(f.read()))`
			`self.mail2misp.process_email_body()`
			`self.assertEqual(self.mail2misp.clean_email_body, 'example.org\r\nwww.example.org\r\n')`
fix: Properly handle plain text attachments 2018-08-02 17:02:17 +02:00
added unit test for carrier 2019-11-17 09:45:30 +01:00			`def test_attached_emails(self):`
			`config = importlib.import_module('tests.config_carrier')`
			`self.mail2misp = Mail2MISP('', '', '', config=config, offline=True)`
			`with open('tests/mails/test_7_email_attachments.eml', 'rb') as f:`
			`attached_emails = self.mail2misp.get_attached_emails(BytesIO(f.read()))`
			`self.assertEqual(len(attached_emails), 7)`
fix: Properly handle plain text attachments 2018-08-02 17:02:17 +02:00
Merge branch 'master' into master 2020-06-07 20:41:47 +02:00
new: Make it a lib, add test cases 2018-05-14 23:23:30 +02:00			`if __name__ == '__main__':`
			`unittest.main()`