Skip to content

Commit 904a997

Browse files
authored
Finally Fixing Up the Guidance Tags (canada-ca#522)
* Updated Dmarc Tags * small fix to the dmarc tags * fix isintance checks * Spf tags re-factor * Dkim tags re-factor * HTTPS tags are now actually here, again ... * Removed comment * First iteration of ssl tags * Updated ssl tags * Update dkim tags * Update dmarc, and spf tags * Created mock data for guidance tags tests * Moved all mock data into separate dicts * Fix missing checks * switched guidance tag fields to fields * Fixes to dkim tags, and testing for the majority of dkim tags * Remove print debug statement * Fixed guidance tag generation, and implemented tests * Trimmed down data for dkim, and dmarc tests * Updated dmarc and spf tags * Updated dmarc tags, and added tests for dmarc14, and dmarc15 * Updated https, ssl objects * Fix www scan objects * HTTPS guidance tags fixed, and tested * Updated error out messages * Removed unused import * Updated spf tags, and completed testing * Updated ssl tags, and completed tests for ssl * spf3 guidance tag implemented * Black ran on files * Refactored spf * Refactored dmarc * Refactored dkim * Refactored https * Refactored ssl * Black re-ran on files * Updated descriptions * typo in description(s) * Updated faker
1 parent 3d8b13a commit 904a997

31 files changed

Lines changed: 5179 additions & 558 deletions

api/Pipfile.lock

Lines changed: 15 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/schemas/domain/__init__.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ class Meta:
2525
"organization",
2626
"scans",
2727
"slug",
28+
"dmarc_reports"
2829
)
2930

3031
url = URL(description="The domain the scan was run on")

api/schemas/domain/email_scan/__init__.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,17 +23,17 @@ class Meta:
2323

2424
domain = URL(description="The domain the scan was run on")
2525
timestamp = graphene.DateTime(description="The time the scan was initiated")
26-
dmarc = graphene.List(
26+
dmarc = graphene.Field(
2727
lambda: DMARC,
2828
description="Domain-based Message Authentication, Reporting, "
2929
"and Conformance (DMARC) ",
3030
)
31-
spf = graphene.List(
31+
spf = graphene.Field(
3232
lambda: SPF,
3333
description="Sender Policy Framework (SPF) for Authorizing Use of "
3434
"Domains in Email ",
3535
)
36-
dkim = graphene.List(
36+
dkim = graphene.Field(
3737
lambda: DKIM, description="DomainKeys Identified Mail (DKIM) Signatures"
3838
)
3939

@@ -45,15 +45,15 @@ def resolve_timestamp(self: Scans, info):
4545

4646
def resolve_dmarc(self: Scans, info):
4747
query = DMARC.get_query(info)
48-
return query.filter(self.id == Dmarc_scans.id).all()
48+
return query.filter(self.id == Dmarc_scans.id).first()
4949

5050
def resolve_spf(self: Scans, info):
5151
query = SPF.get_query(info)
52-
return query.filter(self.id == Spf_scans.id).all()
52+
return query.filter(self.id == Spf_scans.id).first()
5353

5454
def resolve_dkim(self: Scans, info):
5555
query = DKIM.get_query(info)
56-
return query.filter(self.id == Dkim_scans.id).all()
56+
return query.filter(self.id == Dkim_scans.id).first()
5757

5858

5959
class EmailScanConnection(relay.Connection):
Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
import graphene
2+
from graphene_sqlalchemy import SQLAlchemyObjectType
3+
4+
from models import Dkim_scans
5+
from scalars.url import URL
6+
from functions.get_domain import get_domain
7+
from functions.get_timestamp import get_timestamp
8+
9+
10+
class DKIM(SQLAlchemyObjectType):
11+
"""
12+
DomainKeys Identified Mail (DKIM) permits a person, role, or
13+
organization that owns the signing domain to claim some
14+
responsibility for a message by associating the domain with the
15+
message. This can be an author's organization, an operational relay,
16+
or one of their agents.
17+
"""
18+
19+
class Meta:
20+
model = Dkim_scans
21+
exclude_fields = ("id", "dkim_scan")
22+
23+
id = graphene.ID(description="ID of the object")
24+
domain = URL(description="The domain the scan was run on")
25+
timestamp = graphene.DateTime(description="Time when scan was initiated")
26+
record = graphene.String(
27+
description="DKIM record retrieved during the scan of the " "given domain "
28+
)
29+
key_length = graphene.String(description="Length of DKIM public key")
30+
dkim_guidance_tags = graphene.List(
31+
lambda: graphene.String, description="Key tags found during scan"
32+
)
33+
34+
def resolve_domain(self, info):
35+
get_domain(self, info)
36+
37+
def resolve_timestamp(self, info):
38+
get_timestamp(self, info)
39+
40+
def resolve_record(self, info):
41+
return self.dkim_scan["dkim"]["txt_record"]
42+
43+
def resolve_key_length(self, info):
44+
return self.dkim_scan["dkim"]["key_size"]
45+
46+
def resolve_dkim_guidance_tags(self, info):
47+
tags = []
48+
49+
if self.dkim_scan.get("dkim", {}).get("missing", None) is not None:
50+
tags.append("dkim2")
51+
return tags
52+
53+
# Get Key Size, and Key Type
54+
key_size = self.dkim_scan.get("dkim", {}).get("key_size", None)
55+
key_type = self.dkim_scan.get("dkim", {}).get("key_type", None)
56+
57+
if key_size is None:
58+
tags.append("dkim9")
59+
elif key_type is None:
60+
tags.append("dkim9")
61+
else:
62+
if key_size >= 4096 and key_type == "rsa":
63+
tags.append("dkim8")
64+
elif key_size >= 2048 and key_type == "rsa":
65+
tags.append("dkim7")
66+
elif key_size == 1024 and key_type == "rsa":
67+
tags.append("dkim6")
68+
elif key_size < 1024 and key_type == "rsa":
69+
tags.append("dkim5")
70+
else:
71+
tags.append("dkim9")
72+
73+
# Update Recommended
74+
key_invalid = self.dkim_scan.get("dkim", {}).get("update-recommend", None)
75+
76+
if key_invalid:
77+
tags.append("dkim10")
78+
79+
# Invalid Crypto
80+
invalid_crypto = (
81+
self.dkim_scan.get("dkim", {}).get("txt_record", {}).get("k", None)
82+
)
83+
# if k != rsa
84+
if invalid_crypto != "rsa":
85+
tags.append("dkim11")
86+
87+
# Dkim value invalid
88+
# Check if v, k, and p exist in txt_record
89+
v_tag = self.dkim_scan.get("dkim", {}).get("txt_record", {}).get("v", None)
90+
k_tag = self.dkim_scan.get("dkim", {}).get("txt_record", {}).get("k", None)
91+
p_tag = self.dkim_scan.get("dkim", {}).get("txt_record", {}).get("p", None)
92+
93+
if v_tag is None and k_tag is None and p_tag is None:
94+
if "dkim12" not in tags:
95+
tags.append("dkim12")
96+
97+
# Testing Enabled
98+
t_enabled = self.dkim_scan.get("dkim", {}).get("t_value")
99+
if t_enabled is not None:
100+
tags.append("dkim13")
101+
102+
return tags

api/schemas/domain/email_scan/dkim/__init__.py

Lines changed: 0 additions & 48 deletions
This file was deleted.

api/schemas/domain/email_scan/dkim/dkim_tags.py

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)