-
Notifications
You must be signed in to change notification settings - Fork 143
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(integration): Emailrep check reputation (#98)
- Loading branch information
Showing
4 changed files
with
98 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
{ | ||
"email": "john@google.com", | ||
"reputation": "high", | ||
"suspicious": false, | ||
"references": 83, | ||
"details": { | ||
"blacklisted": false, | ||
"malicious_activity": false, | ||
"malicious_activity_recent": false, | ||
"credentials_leaked": true, | ||
"credentials_leaked_recent": false, | ||
"data_breach": true, | ||
"first_seen": "07/01/2008", | ||
"last_seen": "01/16/2024", | ||
"domain_exists": true, | ||
"domain_reputation": "high", | ||
"new_domain": false, | ||
"days_since_domain_creation": 9719, | ||
"suspicious_tld": false, | ||
"spam": false, | ||
"free_provider": false, | ||
"disposable": false, | ||
"deliverable": true, | ||
"accept_all": false, | ||
"valid_mx": true, | ||
"primary_mx": "smtp.google.com", | ||
"spoofable": true, | ||
"spf_strict": false, | ||
"dmarc_enforced": false, | ||
"profiles": ["linkedin"] | ||
}, | ||
"summary": "Not suspicious. This email address has been seen in 83 reputable sources on the internet, including Linkedin. It has been seen in data breaches or credential leaks dating back to 07/01/2008, but not since 01/16/2024. The sender domain is highly reputable. We've observed no malicious or suspicious activity from this address. " | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
import os | ||
|
||
import pytest | ||
from httpx import Response | ||
|
||
from tracecat.integrations.emailrep import check_email_reputation | ||
|
||
|
||
@pytest.fixture | ||
def emailrep_secret(create_mock_secret) -> dict[str, str | bytes]: | ||
mock_secret = create_mock_secret( | ||
"emailrep", {"EMAILREP_API_KEY": os.environ["EMAILREP_API_KEY"]} | ||
) | ||
mock_secret_obj = mock_secret.model_dump_json() | ||
return mock_secret_obj | ||
|
||
|
||
@pytest.mark.respx(assert_all_mocked=False) | ||
def test_check_email_reputation(emailrep_secret, respx_mock): | ||
test_email = "john@google.com" | ||
|
||
# Mock secrets manager | ||
respx_mock.base_url = os.environ["TRACECAT__API_URL"] | ||
route = respx_mock.get("/secrets/emailrep").mock( | ||
return_value=Response(status_code=200, content=emailrep_secret) | ||
) | ||
|
||
result = check_email_reputation(email=test_email, app_name="test") | ||
assert route.called | ||
assert result["email"] == test_email | ||
assert "reputation" in result | ||
assert "suspicious" in result | ||
assert "summary" in result |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
"""Integrations with Emailrep API. | ||
Required credentials: `emailrep` secret with `EMAILREP_API_KEY` key. | ||
API reference: https://docs.sublimesecurity.com/reference/get_-email | ||
""" | ||
|
||
import os | ||
|
||
import httpx | ||
|
||
from tracecat.integrations._registry import registry | ||
|
||
EMAILREP_BASE_URL = "https://emailrep.io" | ||
|
||
|
||
def create_emailrep_client(app_name: str): | ||
emailrep_api_key = os.environ["EMAILREP_API_KEY"] | ||
headers = {"User-Agent": f"tracecat/{app_name}", "Key": emailrep_api_key} | ||
return httpx.Client(base_url=EMAILREP_BASE_URL, headers=headers) | ||
|
||
|
||
@registry.register( | ||
description="Check email reputation", | ||
secrets=["emailrep"], | ||
) | ||
def check_email_reputation(email: str, app_name: str) -> dict[str, str] | str: | ||
client = create_emailrep_client(app_name) | ||
response = client.get(f"/{email}") | ||
response.raise_for_status() | ||
return response.json() |