Diff of /phish/build_phish.py [000000] .. [edbb89]  Maximize  Restore

Switch to side-by-side view

--- a
+++ b/phish/build_phish.py
@@ -0,0 +1,128 @@
+# build_phish:
+#
+# pcain - 10/2012.
+#
+# This routine does the compilation of stuff to create a PhraudReport and
+# an EventData structure. The pieces of an EventData are different enough for
+# different event types that it's easier to let each have their own.
+#
+
+import iodef.base
+import iodef.phish
+
+def build_eventData( config, stuff, impactStr, methodStr, descriptionStr, detectTimeStr ):
+  eventData = iodef.base.EventData()
+
+  # This is the non-iodef extra stuff.
+  eventAdditionalData = iodef.base.ExtensionType(dtype='xml')
+  eventAdditionalData.content_ = []
+  eventAdditionalData.content_.append(stuff )
+  eventAdditionalData.anytypeobjs_ = []
+  eventAdditionalData.add_anytypeobjs_( type( stuff)) 
+  eventData.add_AdditionalData( eventAdditionalData)
+
+  # This is the boring, eventData, used in all APWG reports.
+  eventData.Description = [iodef.base.MLStringType( 
+    lang=config.get('iodef','Language'),
+    valueOf_= descriptionStr )]
+  eventData.DetectTime = detectTimeStr
+
+  eventAssessment = iodef.base.Assessment()
+  impact = iodef.base.Impact()
+  impact.lang = config.get('iodef','Language')
+  impact.setValueOf_ = impactStr
+  '''confidence = iodef.Confidence.factory()
+  confidence.rating = config.get('iodef-Event','Confidence-rating')
+  confidence.setValueOf_( config.get('iodef-Event','Confidence-value'))
+  impact.add_Confidence( confidence)'''
+  eventAssessment.add_Impact( impact)
+  eventData.Assessment = eventAssessment
+
+  method = iodef.base.Method()
+  method.Description = [iodef.base.MLStringType(lang='po-MI', valueOf_=methodStr)]
+  eventData.add_Method(method)
+
+  return (eventData)
+
+
+def build_phraudReport( config, phishStruct, message):
+
+  dCSite = iodef.phish.DCSite_type(DCType=phishStruct['collector']['type'], Node=None, DomainData=None, Assessment=None)
+  # Use the default if one was not included.
+  confidence=phishStruct['confidence'] or config.get('phish','DcSiteConfidence')
+  if phishStruct['collector']['type'] == 'web':
+    siteURL = iodef.phish.SiteURLType( 
+    	confidence=confidence, 
+	valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], 
+	lang=phishStruct['lang']))
+    dCSite.set_SiteURL( siteURL)
+  if phishStruct['collector']['type'] == 'email':
+    siteEmail = iodef.phish.EmailSiteType( 
+	confidence=confidence,
+       	valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], 
+	lang=phishStruct['lang']))
+    dCSite.set_EmailSite( siteEmail)
+
+  if phishStruct['collector']['type'] == 'unspecified':
+    siteUnknown = iodef.phish.UnknownType( 
+	confidence=confidence,
+        valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], lang=phishStruct['lang']))
+    dCSite.set_Unknown( siteUnknown)
+
+  if phishStruct['collector']['type'] == 'automation':
+    siteAddress = iodef.phish.SystemType() 
+    siteAddress.set_confidence(confidence)
+    siteAddr = iodef.base.Address( valueOf_=phishStruct['collector']['uri'])
+    siteAddress.set_Address(siteAddr)
+    dCSite.set_System( siteAddress)
+
+  if phishStruct['collector']['type'] == 'domain':
+    siteDomain = iodef.phish.DomainType( 
+	confidence=confidence,
+        valueOf_= iodef.base.MLStringType( valueOf_=phishStruct['collector']['uri'], lang=phishStruct['lang']))
+    dCSite.set_Domain( siteDomain)
+
+#  if phishStruct['collector']['type'] == 'phonenumber':
+#    siteEmail = iodef.phish.EmailSiteType( 
+#	confidence=confidence,
+#        valueOf_= phishStruct['collector']['url'])
+#    dCSite.set_SiteEmail( siteEmail)
+
+  eMail = iodef.phish.EmailRecord_type(EmailCount=phishStruct['count'], EmailComments=None)
+  eMail.set_EmailMessage( iodef.base.MLStringType( valueOf_=message, 
+	lang=phishStruct['collector']['lang']))
+
+  ''' Make up a lure source if one not found '''
+  lureSystem = iodef.base.System()
+  lureSystem.set_Node( iodef.base.Node(NodeName=[ iodef.base.MLStringType( valueOf_='unknown')]))
+  lure = iodef.phish.LureSource_type()
+  lure.add_System( lureSystem)
+
+  OrigSens = iodef.phish.OriginatingSensor_type()
+  OrigSens.OriginatingSensorType = config.get('phish','SensorType')
+  OrigSens.DateFirstSeen = phishStruct['datetime'] or (datetime.utcnow().replace(microsecond=0).isoformat()+config.get('iodef-Contact','Timezone'))
+  OrigSens.add_System( lureSystem) 
+
+  brand = iodef.base.MLStringType( lang='en-US', valueOf_=phishStruct['brand'])
+  brands = []
+  brands.append( brand)
+
+  phraudReport = iodef.phish.PhraudReport.factory(
+      ext_value = None, Version='1.0',
+      FraudType = 'phishing',
+      PhishNameRef = None, 
+      PhishNameLocalRef = None,
+      FraudParameter = iodef.base.MLStringType( valueOf_=phishStruct['subject']),
+      FraudedBrandName = brands,
+      LureSource = [lure],
+      OriginatingSensor = [OrigSens],
+      EmailRecord = eMail,
+      DCSite = [dCSite],
+      TakeDownInfo = None,
+      ArchivedData = None,
+      RelatedData = None,
+      CorrelationData = None,
+      PRComments = None)
+
+  return (phraudReport)
+