class PhisherPhinder::TracingReport
Public Class Methods
new(mail:, host_information_finder:, link_explorer:)
click to toggle source
# File lib/phisher_phinder/tracing_report.rb, line 5 def initialize(mail:, host_information_finder:, link_explorer:) @mail = mail @host_information_finder = host_information_finder @link_explorer = link_explorer end
Public Instance Methods
report()
click to toggle source
# File lib/phisher_phinder/tracing_report.rb, line 11 def report { authentication: { mechanisms: [:spf], spf: { success: latest_spf_entry[:result] == :pass, ip: latest_spf_entry[:ip], from_address: latest_spf_entry[:mailfrom], client_ip: latest_spf_entry[:client_ip], } }, origin: extract_origin_headers(@mail.headers), tracing: extract_tracing_headers(@mail.tracing_headers, latest_spf_entry), content: explore_hyperlinks(@mail.hypertext_links) } end
Private Instance Methods
explore_hyperlinks(hyperlinks)
click to toggle source
# File lib/phisher_phinder/tracing_report.rb, line 65 def explore_hyperlinks(hyperlinks) url_hyperlinks = (hyperlinks.select{ |link| link.type == :url }).uniq { |link| link.href } email_hyperlinks = hyperlinks.select { |link| link.type == :email_address } { linked_urls: url_hyperlinks.map { |hyperlink| @link_explorer.explore(hyperlink) }, linked_email_addresses: (email_hyperlinks.map { |hyperlink| @link_explorer.explore(hyperlink) }).flatten.uniq } end
extract_origin_headers(headers)
click to toggle source
# File lib/phisher_phinder/tracing_report.rb, line 58 def extract_origin_headers(headers) [:from, :return_path, :message_id].inject({}) do |output, header_type| entries = headers[header_type] || [] output.merge(header_type => entries.map { |h| h[:data] }) end end
extract_tracing_headers(received_headers, latest_spf_entry)
click to toggle source
# File lib/phisher_phinder/tracing_report.rb, line 38 def extract_tracing_headers(received_headers, latest_spf_entry) start = received_headers[:received].find_index { |h| h[:sender][:ip] == ip_address(latest_spf_entry) } received_headers[:received][start..-1].map do |h| h.merge( sender_contact_details: { host: { email: @host_information_finder.information_for( h[:sender][:host] )[:abuse_contacts] }, ip: { email: @host_information_finder.information_for( h[:sender][:ip] )[:abuse_contacts] }, } ) end end
ip_address(spf_entry)
click to toggle source
# File lib/phisher_phinder/tracing_report.rb, line 34 def ip_address(spf_entry) spf_entry[:ip] || spf_entry[:client_ip] end
latest_spf_entry()
click to toggle source
# File lib/phisher_phinder/tracing_report.rb, line 30 def latest_spf_entry @mail.authentication_headers[:received_spf].first end