dmarcer 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b38f09817cdcfe4184c0f24ab25501664282c3e9
+  data.tar.gz: fef58c42d88eb1171d374356bb82100e87830d51
+SHA512:
+  metadata.gz: 7ca376c1fd9b111fb2adaf88f1c6124a41d14e9afd7a3456163a154c6d989e930ec436d23260b585331c5493cf2b0433ce84a3c29ccb0a4a79ce5dee0396a3b9
+  data.tar.gz: d18a31b4f9fd087ee7c33de750513d69572c640ec287ecdd2487ac1705dec4b72038b6f7d2e1895763f4fb26736ba7e45f055be538e6427ff4afdbb8c9f9fc2c

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.2.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in dmarcer.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Eric Herot
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Dmarcer
+
+A tool for parsing out DMARC XML reports and printing useful data about where non-compliant emails came from and what "from" headers they included.
+
+## Installation
+
+Install it using:
+
+    $ gem install dmarcer
+
+## Usage
+
+Run it with your XML DMARC report as the argument:
+
+    $ dmarcer /path/to/report.xml
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+1. Fork it ( https://github.com/evertrue/dmarcer/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "dmarcer"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/dmarcer.gemspec

@@ -0,0 +1,34 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'dmarcer/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "dmarcer"
+  spec.version       = Dmarcer::VERSION
+  spec.authors       = ["Eric Herot"]
+  spec.email         = ["eric.github@herot.com"]
+
+  spec.summary       = %q{Parse an XML DMARC summary}
+  spec.description   = spec.summary
+  spec.homepage      = "http://blog.evertrue.com"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
+  # delete this section to allow pushing this gem to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'nokogiri'
+
+  spec.add_development_dependency "bundler", "~> 1.9"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/exe/dmarcer

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+
+require 'rubygems'
+require 'dmarcer'
+
+Dmarcer::Parser.new(ARGV[0]).print_report

data/lib/dmarcer.rb

@@ -0,0 +1,172 @@
+require 'dmarcer/version'
+require 'nokogiri'
+require 'resolv'
+
+module Dmarcer
+  class Parser
+    def initialize(input_file)
+      @input_file = input_file
+    end
+
+    def record_by_identifier(identifier)
+      data.record.select { |r| r.identifiers.header_from.content == identifier }
+    end
+
+    def identifiers
+      data.record.map { |r| r.identifiers.header_from.content }.uniq.sort
+    end
+
+    def org_name
+      data.report_metadata.org_name.content
+    end
+
+    def date_range
+      t_begin = Time.at(data.report_metadata.date_range.begin.content.to_i)
+      t_end = Time.at(data.report_metadata.date_range.end.content.to_i)
+      t_begin..t_end
+    end
+
+    def id
+      data.report_metadata.report_id.content
+    end
+
+    def records
+      @records ||= @data.record.map { |r| Record.new r }
+    end
+
+    def dkim_auth_failure_records
+      records.select { |r| r.auth_failed_dkim_domains.any? }
+    end
+
+    def spf_auth_failure_records
+      records.select { |r| r.auth_failed_spf_domains.any? }
+    end
+
+    def spf_domain_ip_hash
+      spf_auth_failure_records.each_with_object({}) do |r, m|
+        r.auth_failed_spf_domains.each do |d|
+          if m[d]
+            m[d] << r.source_ip
+          else
+            m[d] = [r.source_ip]
+          end
+        end
+      end
+    end
+
+    def print_report
+      puts "Report Organization: #{org_name}"
+      puts "Report ID: #{id}"
+      puts "Date Range: #{date_range}"
+      puts ''
+      puts '------------------ SPF Failures ------------------'
+      # spf_auth_failure_records.each do |r|
+      #   puts "Source IP: #{r.source_ip} (#{lookup(r.source_ip)})"
+      #   puts "Auth failed SPF domains: #{r.auth_failed_spf_domains.join(', ')}"
+      #   puts ''
+      # end
+      spf_domain_ip_hash.each do |domain, ips|
+        puts domain
+        ips.each { |ip| puts "  #{lookup(ip)} [#{ip}]" }
+        puts ''
+      end
+      puts '------------------ DKIM Failures ------------------'
+      dkim_auth_failure_records.each do |r|
+        puts "Source IP: #{r.source_ip} (#{lookup(r.source_ip)})"
+        unless r.auth_failed_dkim_domains == ['evertrue.com']
+          puts "Auth failed DKIM domains: #{r.auth_failed_dkim_domains.join(', ')}"
+          puts ''
+        end
+      end
+    end
+
+    private
+
+    def lookup(ip)
+      return Resolv.getname(ip) if ip !~ Resolv::IPv6::Regex
+      'err IPv6 address'
+    rescue Resolv::ResolvError
+      nil
+    end
+
+    def data
+      @data ||= Nokogiri::Slop(File.read(@input_file)).feedback
+    end
+  end
+
+  class Record
+    attr_accessor :data
+
+    def initialize(data)
+      @data = data
+    end
+
+    def spf?
+      @data.auth_results.respond_to?('spf')
+    end
+
+    def dkim?
+      @data.auth_results.respond_to?('dkim')
+    end
+
+    def source_ip
+      @data.row.source_ip.content
+    end
+
+    def header_from
+      @data.identifiers.header_from.content
+    end
+
+    def count
+      @data.row.count
+    end
+
+    def dkim_domains
+      domains_by_record_type(:dkim)
+    end
+
+    def spf_domains
+      domains_by_record_type(:spf)
+    end
+
+    def auth_failed_dkim_domains
+      auth_failure_domains_by_record_type(:dkim)
+    end
+
+    def auth_failed_spf_domains
+      auth_failure_domains_by_record_type(:spf)
+    end
+
+    def policy_eval
+      p = @data.row.policy_evaluated
+      {
+        disposition: p.disposition.content,
+        dkim: p.dkim.content,
+        spf: p.spf.content
+      }
+    end
+
+    private
+
+    def domains_by_record_type(type)
+      # rubocop:disable Metrics/LineLength
+      return [] unless @data.auth_results.respond_to?(type)
+      return [@data.auth_results.send(type).domain.content] if @data.auth_results.send(type).respond_to?('domain')
+      @data.auth_results.send(type).map { |r| r.domain.content }.uniq.sort
+      # rubocop:enable Metrics/LineLength
+    end
+
+    def auth_failure_domains_by_record_type(type)
+      # rubocop:disable Metrics/LineLength
+      return [] unless @data.auth_results.respond_to?(type)
+      if @data.auth_results.send(type).respond_to?('result') &&
+         @data.auth_results.send(type).result.content != 'pass'
+        return [@data.auth_results.send(type).domain.content]
+      end
+      @data.auth_results.send(type)
+        .select { |r| r.respond_to?(type) && r.send(type).result.content != 'pass' }
+        .map { |r| r.domain.content }.uniq.sort
+      # rubocop:enable Metrics/LineLength
+    end
+  end
+end

data/lib/dmarcer/version.rb

@@ -0,0 +1,3 @@
+module Dmarcer
+  VERSION = '1.0.1'
+end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: dmarcer
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- Eric Herot
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-08-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Parse an XML DMARC summary
+email:
+- eric.github@herot.com
+executables:
+- dmarcer
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- dmarcer.gemspec
+- exe/dmarcer
+- lib/dmarcer.rb
+- lib/dmarcer/version.rb
+homepage: http://blog.evertrue.com
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Parse an XML DMARC summary
+test_files: []