class PhisherPhinder::MailParser::ReceivedHeaders::ByParser

Public Class Methods

new(ip_factory:, starttls_parser:) click to toggle source
# File lib/phisher_phinder/mail_parser/received_headers/by_parser.rb, line 7
def initialize(ip_factory:, starttls_parser:)
  @extended_ip_factory = ip_factory
  @starttls_parser = starttls_parser
end

Public Instance Methods

parse(component) click to toggle source
# File lib/phisher_phinder/mail_parser/received_headers/by_parser.rb, line 12
def parse(component)
  unless component
    return {
      recipient: nil,
      protocol: nil,
      id: nil,
      recipient_additional: nil,
      authenticated_as: nil
    }.merge(@starttls_parser.parse(nil))
  end

  patterns = [
    %r{by\s(?<recipient>\S+)\s
     \((?<additional>[^)]+)\)\s
     with\sMicrosoft\sSMTP\sServer\s(?<starttls>\([^\)]+\))\s
     id\s(?<id>\S+)\s
     via\s(?<protocol>Frontend\sTransport)
    }x,
    %r{by\s(?<recipient>\S+)\s
     \((?<additional>[^)]+)\)\s
     with\sMicrosoft\sSMTP\sServer\s(?<starttls>\([^\)]+\))\s
     id\s(?<id>\S+)
    }x,
    /by\s(?<recipient>\S+)\swith\s(?<protocol>\S+)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\s\((?<additional>[^)]+)\)\swith\s(?<protocol>\S+)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\s(?<additional>.+)\swith\s(?<protocol>\S+)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\s\((?<additional>[^)]+)\)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\s\((?<additional>[^)]+)\)\swith\s(?<protocol>.+)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\s\((?<additional>[^)]+)\)\swith\s(?<protocol>\S+)\sID\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\swith\s(?<protocol>.+)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\swith\s(?<protocol>.+)/,
    /by\s(?<recipient>\S+)\s\((?<additional>[^)]+)\)\s\(authenticated as (?<authenticated_as>[^\)]+)\)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)\sid\s(?<id>\S+)/,
    /by\s(?<recipient>\S+)/
  ]

  matches = patterns.inject(nil) do |memo, pattern|
    memo || component.match(pattern)
  end

  {
    recipient: enrich_recipient(matches[:recipient]),
    protocol: matches.names.include?('protocol') ? matches[:protocol]: nil,
    id: matches.names.include?('id') ? matches[:id]: nil,
    recipient_additional: matches.names.include?('additional') ? matches[:additional] : nil,
    authenticated_as: matches.names.include?('authenticated_as') ? matches[:authenticated_as] : nil,
  }.merge(
    if matches.names.include?('starttls')
      @starttls_parser.parse(matches[:starttls])
    else
      @starttls_parser.parse(nil)
    end
  )
end

Private Instance Methods

enrich_recipient(recipient) click to toggle source
# File lib/phisher_phinder/mail_parser/received_headers/by_parser.rb, line 69
def enrich_recipient(recipient)
  @extended_ip_factory.build(recipient) || recipient
end