Skip to content

lukateras/python-fraudrecord

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
fraudrecord
fraudrecord
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

FraudRecord API client for Python

Install from PyPI:

$ pip install fraudrecord

If you will use the non-blocking API, include aio extra:

$ pip install fraudrecord[aio]

This package is maintained, stable, and perpetually tested. There will never be any breaking changes.

Example

Using the blocking API:

from fraudrecord.query import query as fraudrecord_query

if __name__ == "__main__":
    api_code = "a51ff508c331b7e9" # XXX: use your own
    print(fraudrecord_query(api_code, email="example@example.org"))

Using the non-blocking API:

import asyncio

from fraudrecord.query_aio import query as fraudrecord_query


async def main():
    api_code = "a51ff508c331b7e9" # XXX: use your own
    response = await fraudrecord_query(api_code, email="example@example.org")
    print(response)


if __name__ == "__main__":
    asyncio.run(main())

Using the CLI:

$ FRAUDRECORD_API_CODE=a51ff508c331b7e9 fraudrecord-query --email=example@example.org

Documentation

fraudrecord.hash

FraudRecord hashing scheme as described on https://fraudrecord.com/security/.

32,000 iterations of SHA-1. Case- and whitespace- insensitive: the input is lowercased and stripped of all whitespace. The hexadecimal digest of each iteration is fed into the next iteration. The input of each iteration is prefixed with fraudrecord-.

  • function hexdigest(s: str) -> str

    Returns the hexadecimal digest of the input string.

fraudrecord.model

Concepts of FraudRecord API.

  • type APICode

    API code. Lowercase alphanumeric string, 16 characters. Get one by signing up with FraudRecord and creating a reporter profile.

  • type Reliability

    Result reliability measurement. Decimal; either 0.0 (if there are no submitted reports) or between 1.0 and 10.0 with one digit after the decimal point.

  • type ReportCode

    Report code. Lowercase alphanumeric string, 16 characters. Used in order to fetch a human-readable report.

  • constant ENDPOINT: HttpUrl

    API endpoint URL.

  • function query_url(api_code: APICode, **data_vars: str) -> HttpUrl

    Given an API code and non-hashed data variables, returns the corresponding query API URL.

    Data variables are arbitrary bits of information about someone as described on https://fraudrecord.com/developers/ under "Data variables". Well-known data variable names are:

    • name: full name
    • company: company name
    • email: email address
    • address: postal address
    • phone: phone number
    • ip: registration IP address
    • hostname: server hostname
    • accountuser: hosting account username
    • accountpass: hosting account password
    • domain: domain name without www.
    • paypalemail: PayPal email address
    • ccname: name on the credit card
    • ccnumber: credit card number

  • function report_url(report_code: ReportCode) -> HttpUrl

    Given a report code, returns the corresponding human-readable report URL.

  • class QueryResponse

    Query API response.

    • field value: NonNegativeInt

      Total sum of points (severity scores) across all submitted reports.

    • field total_reports: NonNegativeInt

      Total number of the submitted reports.

    • field reliability: Reliability

      Result reliability measurement, out of possible 10.

    • field report_url: HttpUrl

      Human-readable report URL.

      Example: https://www.fraudrecord.com/api/?showreport=0f5dac5aab7762e6

    • class method parse(s: str) -> QueryResponse

      Parses the input string containing the query API HTTP response body into a QueryResponse object.

fraudrecord.query

Blocking FraudRecord query API client.

  • function query(api_code: APICode, **data_vars: str) -> QueryResponse

    Makes a query request to the API and returns a QueryResponse.

fraudrecord.query.cli

FraudRecord query API command-line interface.

Usage: fraudrecord-query --DATA_VARIABLE=VALUE ...

FRAUDRECORD_API_CODE environment variable must be set to a valid FraudRecord API code. Get one by signing up with FraudRecord and creating a reporter profile.

fraudrecord.query_aio

Non-blocking FraudRecord query API client.

Requires aio extra to be installed.

  • async function query(api_code: APICode, **data_vars: str) -> QueryResponse

    Makes a query request to the API and returns a QueryResponse.

Note that the report submission functionality isn't and won't be implemented. I believe that users of FraudRecord violate their clients' privacy, and I don't want to be a part of that.

While it's true that FraudRecord only stores hashes of (arbitrary, sensitive) data, if you do end up in the database, it lets anyone on the internet easily check if their guess of your personal email address, physical address, legal name, credit card number, IP address, and such is correct or not as long as they know any single one of these bits of information in advance. There is no defined limit to the number of guesses they could make.

Moreover, reports themselves are presented in cleartext and frequently contain some sensitive data anyway. Here you can see various FraudRecord users posting their (ostensibly fraudulent) clients' full names, addresses, and even, in one case, a photo of the driver's license: [1], [2], [3]. I wish I was making it up.

This API client is intended for privacy research only.

About

FraudRecord API client for Python

pypi.org/project/fraudrecord/

Topics

python cli python-library api-client asyncio fraudrecord pypi-package pydantic python-poetry privacy-research status-release

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Version 2022.10.22 Latest
Oct 22, 2022

Languages